Hi everyone,
I have some questions about bridging interfaces.. I can’t seem to find the answer or am still unsure of the answers.
1a) I have 3 wireless interfaces bridged, and I want them set to arp=reply-only, do I: set this on all three interfaces and / or the bridge?
1b) If I make a bridge, should I deal with those interfaces only thru the bridge interface from then on out?
2) For firewall filtering these interfaces, should I do this under bridge filtering or the normal ip filtering? (So obvious, I figure, but could you use either one for bridges?)
3) If I enable STP on a bridge, and there happens to be a loop as a result of one of our customers, wouldn’t STP disable the port that the loop is coming from? Or would it fix the problem somehow?
4) Would the wireless clients on this bridge see the MAC address of the bridge, or the MAC of the wireless card - if say, I had one IP address per wireless interface. (Probably the MAC of the wireless card if I placed an IP on a wireless interface, and otherwise, the MAC of the bridge if I placed an IP on the bridge?)
1a) I have 3 wireless interfaces bridged, and I want them set to arp=reply-only, do I: set this on all three interfaces and / or the bridge?
ARP is only relevant for interfaces that have one or more IP addresses assigned. In a bridged setup the IP address should always be set on the bridge interface, never on the physical member port interfaces, therefore you need to set arp=reply-only on the bridge interface.
1b) If I make a bridge, should I deal with those interfaces only thru the bridge interface from then on out?
Not sure what you mean…
- For firewall filtering these interfaces, should I do this under bridge filtering or the normal ip filtering? (So obvious, I figure, but could you use either one for bridges?)
Use ip filtering firewall for traffic that flows through/between IP networks and bridge filtering to control the flow of packets on layer 2 within a particular bridge only.
- If I enable STP on a bridge, and there happens to be a loop as a result of one of our customers, wouldn’t STP disable the port that the loop is coming from? Or would it fix the problem somehow?
It will fix the problem by blocking the port that causes the loop 
- Would the wireless clients on this bridge see the MAC address of the bridge, or the MAC of the wireless card - if say, I had one IP address per wireless interface. (Probably the MAC of the wireless card if I placed an IP on a wireless interface, and otherwise, the MAC of the bridge if I placed an IP on the bridge?)
See question 1a - the IP address should be on the bridge interface, therefore the MAC address that the clients will learn (as far as ARP is concerned) will be that of the bridge interface. However, on the wireless (802.11 a/b/g) layer the MAC addresses of the individual radios will still be relevant (BSSID, wireless associations, stuff like that) so the answer depends on the network layer we’re talking about.
–Tom
Thanks for the answers! This clears things up. 
That’ll be it for now, but if I have any other questions, you’ll probably hear from me again. Thanks!