[Rack] [Noisebridge-discuss] network down this afternoon, an interesting guide for people who want to help when the network goes down

Jonathan Lassoff jof at thejof.com
Tue Jun 5 11:30:01 PDT 2012


On Tue, Jun 5, 2012 at 10:19 AM, Ben Kochie <superq at gmail.com> wrote:
> To me it sounds like there was a rouge dhcp server or some kind of
> dhcp problem going on and nothing to do with the links.

EIther that or some legitimate breakage or resource constraint on the Soekris.
It's really hard to tell what "dhcp is broken" means without doing a
packet capture or heavy logging from a DHCP client. And I'd much
rather not setup something to just log packets to look back on when
things are "broken", that wouldn't be very nice.

It's certainly possible that another host attached to the
Ethernet/802.11 network(s) was responding to DHCP requests and
poisoning people's configuration.

This is indeed blockable, but only up to the point where managed
switches end. The Juniper, and some of the Cisco switches can perform
this filtering, but the 48-port Linksys or the scattering of dumb
switches and hubs out and about will not be able to single-out
offenders.

Not sure about the 802.11 case. I suppose it's possible with client
isolation on the AP. The Ubiquiti AP probably can't, but upstream from
it we can pick off those ports.

> One good way we can fix this is to put dhcp server controls at the
> switch and wifi network level.  I don't know if the equipment we have
> is capable of doing this. :/

I'll see if I can pick out what will and wont do it.

--j


More information about the Rack mailing list