[186398] in North American Network Operators' Group
RE: reliably detecting the presence of a bridge?
daemon@ATHENA.MIT.EDU (Chuck Church)
Wed Dec 16 08:41:00 2015
X-Original-To: nanog@nanog.org
From: "Chuck Church" <chuckchurch@gmail.com>
To: "'Dave Taht'" <dave.taht@gmail.com>,
"'William Herrin'" <bill@herrin.us>
In-Reply-To: <CAA93jw67+_AO+ia+Fd561s6C0f6XnxC-SjVY7cnM9W8yV0XU-Q@mail.gmail.com>
Date: Wed, 16 Dec 2015 08:40:48 -0500
Cc: 'NANOG' <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Dave Taht
Sent: Wednesday, December 16, 2015 4:37 AM
To: William Herrin <bill@herrin.us>
Cc: NANOG <nanog@nanog.org>
Subject: Re: reliably detecting the presence of a bridge?
The latter.
In this case a routing optimization that works well on wired links was =
enabled when there were wireless bridges on that segment, leading to =
some chaos in the originally referenced thread.
The "right", slower, inefficient on wired, routing metric is the ETX =
metric in that case, but knowing when to turn that on, automatically, =
would be nice... which means somehow detecting there was a wireless =
bridge on that network. So as no announcements of BPDUs are seen, I was =
hoping there was some sort of active query that could be made asking if =
there was anything weird and wireless nearby.....
https://nodes.wlan-si.net/topology/
-------------------------------------------------------------------------=
---
Seems there are two possible ways to attach wireless clients to a wired =
network (at least 2 common ways). A consumer-grade wireless router =
doing NAT, or a true layer 2 AP. Assuming neither are sending BPDUs, =
there are a few ways to detect them I can think of, assuming you've got =
control of the switch they're attached to:
Wireless AP (L2 only) - port security limiting number of learnable MAC =
address per port is pretty easy. In the case of UBNT you mentioned, =
it's even easier. They use a discovery protocol (multicast I believe) =
and have CDP, both on by default.
NATing router - a little tougher to do. Scanning your DCHP database or =
ARP/MAC tables for OUI that shouldn't be on the network - Linksys, =
D-Link, Netgear etc. Or perhaps occasionally port-scan your network =
looking for open TCP/8080, I think that's the most common port for =
managing these. They may not respond on the WAN side if configured =
right, but the old default was on. NMAP and its fingerprinting might =
come in handy too, if they're turned off access from the WAN side.
Chuck
