[ednog] wireless bridging problem

Kevin Miller kcmiller at duke.edu
Wed May 18 15:12:06 EDT 2005

>We believe that this problem will only increase in frequency in the fall
>semester as wireless routers and laptops will become more popular. We
>believe there are several options in trying to solve this problem. We
>could start a user education program on what not to do. We could ban
>wireless in resnet so this problem does not happen. We could try to
>automatically detect this problem and disable the port when it does
>happen. We could move to a mac locking design to try and prevent this
>problem from happening.
A good solution that has worked for me (on switches that support it), is
to enable port security with a maximum MAC count of 32 MAC addresses.
Since enabling bridging generally involves the wired port seeing the MAC
address of several hundred wireless users, this causes the switch port
to be quickly disabled, cutting off the bridge.

This is a Cisco feature; not sure if this something supported on other
equipment. On a per-interface basis, it looks something like:

int faX/Y
  switchport mode access
  switchport port-security
  switchport port-security maximum 32

You'll also want to enable errdisable recovery for psecure violations:

errdisable recovery cause psecure-violation


Kevin C. Miller
Network Architect
Office of Information Technology
Duke University

More information about the ednog mailing list