[Rack] [Noisebridge-discuss] network down this afternoon, an interesting guide for people who want to help when the network goes down

Danny O'Brien danny at spesh.com
Tue Jun 5 13:19:03 PDT 2012

On Tue, Jun 5, 2012 at 11:30 AM, Jonathan Lassoff <jof at thejof.com> wrote:
> On Tue, Jun 5, 2012 at 10:19 AM, Ben Kochie <superq at gmail.com> wrote:
>> To me it sounds like there was a rouge dhcp server or some kind of
>> dhcp problem going on and nothing to do with the links.
> EIther that or some legitimate breakage or resource constraint on the Soekris.
> It's really hard to tell what "dhcp is broken" means without doing a
> packet capture or heavy logging from a DHCP client. And I'd much
> rather not setup something to just log packets to look back on when
> things are "broken", that wouldn't be very nice.
> It's certainly possible that another host attached to the
> Ethernet/802.11 network(s) was responding to DHCP requests and
> poisoning people's configuration.

This *is* possible, but I think the fact that no-one was getting any
good DHCP values argues slightly against it.

Just to be clear: do we still have r00ter and bikeshed? Or have these
been smershed into just bikeshed?

If so, could someone update

with the new details, cheers.


> This is indeed blockable, but only up to the point where managed
> switches end. The Juniper, and some of the Cisco switches can perform
> this filtering, but the 48-port Linksys or the scattering of dumb
> switches and hubs out and about will not be able to single-out
> offenders.
> Not sure about the 802.11 case. I suppose it's possible with client
> isolation on the AP. The Ubiquiti AP probably can't, but upstream from
> it we can pick off those ports.
>> One good way we can fix this is to put dhcp server controls at the
>> switch and wifi network level.  I don't know if the equipment we have
>> is capable of doing this. :/
> I'll see if I can pick out what will and wont do it.
> --j

More information about the Rack mailing list