I've never known a NAT gateway to send BPDUs out of its WAN port, and so I've never seen BPDU guard work in this scenario.
When these home gateways first came out, the cable ISPs only allowed one computer to be used on their service. So, the gateways are very good at emulating a single computer. The detection is going to be very iffy, and require a lot of human interaction. Largely speaking, the devices don't look any different than some Linux box... if you can even tell the OS. Such is my experience, anyhow. -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Mon, Oct 20, 2014 at 6:52 AM, Osborne, Bruce W (Network Services) < bosbo...@liberty.edu> wrote: > That will not work with the gateway providing the address & NATing it. > On Cisco, bpdu-guard will block this, though. > > > > *Bruce Osborne* > > *Network Engineer – Wireless Team* > > *IT Network Services* > > > > *(434) 592-4229 <%28434%29%20592-4229>* > > > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* Ian McDonald [mailto:i...@st-andrews.ac.uk] > *Sent:* Thursday, October 16, 2014 12:00 PM > *Subject:* Re: Wireless in Dorms > > > > Dhcp snooping? > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Benedick, Jason > *Sent:* 16 October 2014 16:45 > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms > > > > That would work if the student plugs into one of the LAN switch ports on > the wireless router (when they do a lot of times that causes problems with > rogue DHCP servers), but we more often see them plugging it into the > internet port so we only see 1 MAC/IP address. > > > > This also wouldn’t solve the slew of broadcasting WiFi devices we’re > seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. > > > > Thanks, > > Jason R. Benedick > > IT Generalist > > Thaddeus Stevens College of Technology > > Office: (717) 391-6957 Cell: (717) 587-9065 > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Justin Pederson > *Sent:* Thursday, October 16, 2014 11:27 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms > > > > From a technical standpoint, why not just use port security on you wired > networks to only allow 1 MAC address at a time. There should be no rouge > APs and the students could still use the wireless and wired networks. I > have been rolling this around in my head for a little while now. The only > thing you should have to cover is cellular tethering, but from my > experience, most of these devices don't have much power behind the radio. > > > > On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald <i...@st-andrews.ac.uk> > wrote: > > Breach of your written policy prohibiting such things isn’t a > disciplinary matter? And can’t be fixed with your disciplinary system? > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere > *Sent:* 16 October 2014 16:11 > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Wireless in Dorms > > > > Good morning. > > > > Let me say first off, we’re nearly a complete Cisco shop other than our > Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan > Controllers and Cisco WCS. > > > > The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been > spaced accordingly by Cisco and by us during the introduction of wireless > in the Dorms, Greeks and Single housing. > > > > We are having a heck of a time with all the interference that the students > bring with them making our wireless nearly unusable. I know this topic has > come up in the past, but this year is one of the worst we’ve seen, and the > students are getting restless. > > > > We have the ability to quarantine rogue Wireless clients, however > according to a recent Court case against a large Hotel Chain, it was > decided that on an open free wireless spectrum, we would be breaking the > law in jamming it. > > > > How have you addressed this issue? I’m about ready to ask upper > management to remove the AP’s in all the Dorm buildings and let the > students bring their own AP’s if they want wireless. Has anyone resorted > to this? > > > > Thanks for your input > > Shayne > > > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > > > > > -- > > Thanks, > Justin Pederson > IT Network Coordinator > Casper College > (307)268-2481 > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > *********This electronic communication from TSCT is confidential and > intended solely for use by the individual to whom it is addressed. If you > are not the named recipient do not forward, propagate or replicate this > e-mail. Please notify the sender immediately by e-mail if you have received > this message by mistake and remove from your system. If you are not the > intended recipient you are notified that disclosing, copying, distributing > or taking any action dependent upon the contents of this email or > attachment is strictly prohibited.********* > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
