[ednog] wireless bridging problem
jtk at northwestern.edu
Thu May 19 07:18:04 EDT 2005
On Wed, 18 May 2005 14:11:08 -0400
Jeff Murphy <jcmurphy at oss.buffalo.edu> wrote:
> the following is a forwarded message of a problem we're having here at
> UB. the last paragraph has some possible solutions. i'm wondering if
> anyone has any other solutions?
Kevin's suggestion of port security is a good one. I've used that
before and it has caught exactly this type of scenario and other weird
configurations. Interestingly, it was setup with the intention as
being a mitigation against certain 2 threats, but I never saw any.
Instead, it ended up being helpful to mitigation more common than I
realized misconfiguration problems.
There may be some operational concerns with port security however.
For example, if you have to legitimately move a station from one port
to another, perhaps for wiring testing or troubleshooting, you may
run into problems. Here is a more detailed description of my past
experience and comments from others:
One thing I've been thinking about is to build a layer 2 spanning tree
monitor. This involves putting a host on every segment, but in our case
we could possibly do that by spanning all the aggregated VLANs that come
back to a area router node on a monitor port. It may not be an entirely
proactive solution, but perhaps a good trending tool and insightful into
finding layer 2 issues you never knew you had. The idea is based on a
similar concept of monitoring OSPF messages from this paper:
More information about the ednog