[Bridge] Bridging EAPOL

[Stephen Hemminger]

On Wed, 9 Nov 2005 09:35:54 -0600 
"Andre Beliveau (QB/EMC)" <andre.beliveau at ericsson.com> wrote:

> Hi, 
> 
> I'm trying to bridge a WLAN interface to a Wired interface on a WRTG54GS.
> I'm using openwrt package.

What kernel are they using? are they doing any filtering with ebtables?


> I want to let EAPol messages go through the bridge but it does not work.
> 
> EAPOL start message uses as destination mac 01:80:c2:00:00:03.  If I run
> tcpdump on the
> Wireless interface I can see the packet come in.  But it never gets out on
> the network interface.

That is a spanning tree multicast message, so the bridge will consume it
itself (since it is a member of the spanning tree). The bridge generates
its own STP hello messages as well. 

See
	http://www.iana.org/assignments/ethernet-numbers

Multicast Addresses:
01-80-C2-00-00-00       -802-   Spanning tree (for bridges)

> I wrote a program to listen in promisc. mode and send back the packet toward
> the outgoing interface
> (vlan0) and I can see the packet in tcpdump on vlan0 interface now.
> 
> The problem is that even if I see the packet in tcpdump on vlan0 (and I even
> tried to send it to eth0 with
> the same results) I don't see the packet transmitted on the wire.
> 
> I am running ethereal on a client pc connected to a lan port and nothing
> shows up on ethereal.
> 
> If I change the destination address to another multicast address
> (01:80:c3:00:00:03) instead, the 
> Packet goes through and reaches my client PC and I can see the packet in
> Ethereal.
> 
> Question:  What do I have to do to let packets with d-mac 01:80:c2:00:00:03
> through the switch/bridge/firewall/

you would be better off turning STP on on the bridge and have it
generate it's own STP messages.

-- 
Stephen Hemminger <shemminger at osdl.org>
OSDL http://developer.osdl.org/~shemminger