Re: [DNA] Re: RS/RA Exchange

[Greg Daley <greg.daley@eng.monash.edu.au>]

Hi Alper,

Alper Yegin wrote:
>>What's important is that there's either topological
>>separation, or authenticated/authorized message exchange.
>>I'd guess that if the first isn't available, a mechanism
>>for the second would be useful, since it could be used
>>to prevent impersonation attacks.
> 
> 
> Another simple approach, which seems to be present in many AP products,
> is protocol filtering. AP can filter IP packets that are not meant to be
> consumed or generated by the hosts connected to the wireless segment.

I think that this is workable, but the router
either has to know that it is transmitting on a link
where this is implemented, or will risk the hosts
receiving/responding to the packets.

With the VLAN case, the routers may need to be involved
in a special VLAN which is not on the wireless link
(the default VLAN may be a good candidate).

With a set of AP's the Router may not know.

Is it sufficient to say:

If the routers know that router-to-router
signalling may be exchanged without uncontrolled
hosts receiving the frames, then router response
election, vrrp, link id negotiation, etc may be
done....?


Greg