We've had the same issue here. Wired classrooms that also have wireless access have spawned situations where a (ever-so-helpful) XP machine with a bridged connection will bridge those 2 VLANs together. We solved the same problem you mention in the same way: separate HSRP passwords for each VLAN interface. But yes, as you mention, the basic problem still exists. The VLANs are still bridged.
There are a couple of further things you can watch for. In certain instances, the XP bridging adapter will advertise a MAC address in which the first two octets have been changed to 02. So, a MAC that begins 00022D will become 02022D. Also, in a layer 3 bridging mode (which XP will use when it is unable to place one of the interfaces in promiscuous mode), all IP traffic passing through the bridge will have the MAC address equal to that of the machine itself. So, if you have lots of ARP entries tying back to a single MAC (especially one of the 02... MACs), you can be fairly certain that those are being bridged across a link and the MAC address in the ARP entry is the offending bridger. --Mike ---------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas On Tue, 2004-06-22 at 16:43, John J. Brassil wrote: > Has anyone else had to deal with HSRP Hellos flooding from one VLAN to > another in a system bridging a wireless connection in one VLAN to a > wired port in another? We stopped it melting down our networks by > putting HSRP passwords on every VLAN interface, but that doesn't help > the bridging itself... > > This is going to be a larger problem as we move to cover more common > spaces that border several buildings, so we're really curious to hear > about other experiences. > > Thanks, > > John > > John J. Brassil | Network Engineer, Vanderbilt Data/Video Engineering > voice 615.322.2496 | ICQ 9660375 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
