Product and Software: This article applies to all Aruba controllers and ArubaOS 2.5 and later.
Windows Bridge
A new networking feature in Windows XP (Home and Professional) and Vista is called a software bridge. It is the ability to bridge together any two adapters, most commonly the wired Ethernet adapter and the 802.11a/bg adapter to pass any Layer 2 and Layer 3 packets between the two adapters.
Impact on Wireless Network
Most laptops ship with wired and wireless adapters. Although a Windows bridge is useful in home networking, such an easily enabled feature has the potential to create problems in large enterprise networks that do see the coexistence of wired and wireless segments.
It has the potential to flood sections of the network with errant packets rendering portions of it unusable.
Aruba Windows Bridge Detection
Starting with ArubaOS 3.x, Aruba added the capability of its APs to listen in the air for Spanning Tree packets (BPDU Destination MAC 01:80:c2:00:00:00).
Such multicast packets are expected from the AP toward the wifi client, but not the other way around.
Aruba APs detect a Windows bridge as soon as they see a BPDU packet from a wifi client to its associated AP.
The option is enabled by default in the IDS profile:
(MM800) #show ids unauthorized-device-profile default
IDS Unauthorized Device Profile "default"
Parameter Value
Detect Adhoc Networks true
Protect from Adhoc Networks false
Detect Windows Bridge true
Detect Wireless Bridge true
Detect Devices with an Invalid MAC OUI false
MAC OUI detection Quiet Time 900 sec
Adhoc Network detection Quiet Time 900 sec
Wireless Bridge detection Quiet Time 900 sec
Rogue AP Classification true
Overlay Rogue AP Classification true
Valid Wired MACs N/A
Rogue Containment false
Protect Valid Stations false
Detect Bad WEP false
Detect Misconfigured AP false
Protect Misconfigured AP false
Protect SSID false
Privacy false
Require WPA false
Valid 802.11g channel for policy enforcement N/A
Valid 802.11a channel for policy enforcement N/A
Valid MAC OUIs N/A
Valid and Protected SSIDs N/A