[765] in resnet
Fwd: FW: XP and bridged miniports
daemon@ATHENA.MIT.EDU (Rob See)
Mon Feb 4 14:41:37 2002
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <1012848967.3c5ed94798920@koala.rsee.net>
Date: Mon, 4 Feb 2002 13:56:07 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Rob See <rob@RSEE.NET>
To: RESNET-L@listserv.nd.edu
Here is a description of the bridging problem that we were having and the
solution:
Problem:
Last semester someone called our help desk to report some sort of connection
problem. We looked them up in our tracking software and found that the MAC
address that they were using was registered to someone else who lived in a
different quad (each quad is on a separate IP subnet). We also saw that there
was an IP address assigned on each quad (6 of them) for that mac address. This
could mean that the person moved around a lot, but that isn't very likely. This
was a problem for us because we use the ip/mac address combination to find a
user to deal with abuse reports. We now only had a record of the first person
to register that mac. We had no way to find out who the user was other than
going to the hardware and finding the port. We discovered that the problem is
caused by Microsoft's new bridging feature under XP. Instead of using the MAC
address of one of the cards, it generates a new mac address. That mac address
is only unique on a subnet. We were seeing users on different quads with
bridiging turned on who had the same generated MAC addresses. On all of the
computers that I have seen bridging being used, the AOL adapter was one of the
cards. I have not been able to reproduce the problem from a fresh install of
AOL on a test machine.
Solution:
I added a mac address prefix check to our registration system. If someone tries
to register with a non-IEEE registered MAC address (the bridge MACs are
currently in this category) they get a message saying that the have an invalid
mac address and that they need to call the help desk. When they call we walk
them through going into the Network control panel and right clicking on the
bridge and selecting delete. There are however a bunch of cards with the
RealTek chipset that aren't registered either. These cards have a 00-48-54 MAC
prefix.
The OUI (MAC Address) listing is available from
http://standards.ieee.org/regauth/oui/oui.txt . Once I get the file, I run it
through the following perl script to give me a printout of MAC prefix and
company name with out the extra data. From there I import the data into the
database.
#!/usr/local/bin/perl
sub converttolower {
my ($str) = @_;
$str=~tr/A-Z/a-z/;
return ($str);
}
while ($line=<>) {
#($a,$b,$c) = split([\t],$line);
$l1=chop ($line);
if ($line=~ /(^[\w]{6})[\s]*\(base 16\)[\s]*(.*)\Z/g) {
$prefix=$1;
$company=$2;
$company=~s/^,//;
$company=~s/[\n]*([A-Z])([A-Z]+)[\n]*/$1 . eval(converttolower($2))/eg;
print "$prefix,$company\n";
}
}
-Rob
-----Original Message-----
From: Eric Rosenberry [mailto:eric@ROSENBERRY.ORG]
Sent: Thursday, January 31, 2002 9:14 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: XP and bridged miniports
Where do you get the list of registered prefix's?
Do you implement this with your DHCP server software or with your
registration system?
-Eric
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@listserv.nd.edu] On Behalf Of Martin
Manjak
Sent: Thursday, January 31, 2002 1:56 PM
To: RESNET-L@listserv.nd.edu
Subject: Re: XP and bridged miniports
We've overcome the miniport issue by only allowing
MAC addresses of NICs registered with the IEEE to
register (i.e., receive IPs from the DHCP server).
This has caused some fall-out with students using
cheap cards, but for the most part we've managed to
convince them that it's worth the extra $20-30 to have
a card that satisfies the IEEE's Ethernet standards.
(Interestingly enough, some Dell systems were caught with
cheap chip sets that weren't registered with the IEEE.)
Students get a message advising them of the problem
and how to correct it when they try to register their
systems with us. If its an XP system, they call the Help
Desk and we make an appointment to send an RNC
to their room to disable the bridging.
Martin Manjak
Director, Residential Network
University at Albany
> -----Original Message-----
> From: Patrick Aland [mailto:paland@STETSON.EDU]
> Sent: Thursday, January 31, 2002 4:40 PM
> To: RESNET-L@LISTSERV.ND.EDU
> Subject: Re: [resnet-l] Re: XP users not renewin IP's
>
>
> We are seeing a ton of machines with MACPort mini bridges
> installed that
> are causing us havoc. Mostly new Dell laptops but we've seen a few
> desktops. If you remove the mini bridge (from the network
> control panel) it starts working fine.
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
----- End forwarded message -----
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________