nanog mailing list archives

RE: reliably detecting the presence of a bridge?

From: "Chuck Church" <chuckchurch () gmail com>
Date: Wed, 16 Dec 2015 08:40:48 -0500

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Dave Taht
Sent: Wednesday, December 16, 2015 4:37 AM
To: William Herrin <bill () herrin us>
Cc: NANOG <nanog () nanog org>
Subject: Re: reliably detecting the presence of a bridge?

The latter.

In this case a routing optimization that works well on wired links was enabled when there were wireless bridges on that 
segment, leading to some chaos in the originally referenced thread.

The "right", slower, inefficient on wired, routing metric is the ETX metric in that case, but knowing when to turn that 
on, automatically, would be nice... which means somehow detecting there was a wireless bridge on that network. So as no 
announcements of BPDUs are seen, I was hoping there was some sort of active query that could be made asking if there 
was anything weird and wireless nearby.....

https://nodes.wlan-si.net/topology/

----------------------------------------------------------------------------

Seems there are two possible ways to attach wireless clients to a wired network (at least 2 common ways).  A 
consumer-grade wireless router doing NAT, or a true layer 2 AP.  Assuming neither are sending BPDUs, there are a few 
ways to detect them I can think of, assuming you've got control of the switch they're attached to:

Wireless AP (L2 only) - port security limiting number of learnable MAC address per port is pretty easy.  In the case of 
UBNT you mentioned, it's even easier.  They use a discovery protocol (multicast I believe) and have CDP, both on by 
default.

NATing router - a little tougher to do.  Scanning your DCHP database or ARP/MAC tables for OUI that shouldn't be on the 
network - Linksys, D-Link, Netgear etc.  Or perhaps occasionally port-scan your network looking for open TCP/8080, I 
think that's the most common port for  managing these.  They may not respond on the WAN side if configured right, but 
the old default was on.  NMAP and its fingerprinting might come in handy too, if they're turned off access from the WAN 
side.

Chuck

Current thread:

reliably detecting the presence of a bridge? Dave Taht (Dec 15)
- Re: reliably detecting the presence of a bridge? Jared Mauch (Dec 15)
- Re: reliably detecting the presence of a bridge? Matthew Kaufman (Dec 15)
- Re: reliably detecting the presence of a bridge? William Herrin (Dec 15)
  - Re: reliably detecting the presence of a bridge? Dave Taht (Dec 16)
    - Re: reliably detecting the presence of a bridge? Masataka Ohta (Dec 16)
    - Message not available
    - Re: reliably detecting the presence of a bridge? Carsten Bormann (Dec 16)
    - RE: reliably detecting the presence of a bridge? Chuck Church (Dec 16)
    - Re: reliably detecting the presence of a bridge? Anoop Ghanwani (Dec 16)
    - Re: reliably detecting the presence of a bridge? Dave Taht (Dec 19)
    - Re: reliably detecting the presence of a bridge? William Herrin (Dec 19)
    - Re: reliably detecting the presence of a bridge? Larry Sheldon (Dec 19)
    - Re: reliably detecting the presence of a bridge? John Levine (Dec 19)
    - Re: reliably detecting the presence of a bridge? James R Cutler (Dec 19)
    - Re: reliably detecting the presence of a bridge? Larry Sheldon (Dec 19)
    - Re: reliably detecting the presence of a bridge? Larry Sheldon (Dec 19)
- Re: reliably detecting the presence of a bridge? Andrew McConachie (Dec 15)
- Re: reliably detecting the presence of a bridge? Mikael Abrahamsson (Dec 16)