I have 2 separate networks that I manage. They have a router between and layer 3 connection is working fine. Last week my DHCP servers started handing out IPs across the networks, looking around I figured that I have a layer 2 bridge somewhere, that I imagine a user plugged in.
How do I figure out what port this is connected to?
Look at the MAC address table on the switch(es) for ports that have multiple MAC addresses registered. If you find any, go investigate those ports and see what's connected to them.
If you have multiple switches interconnected then you're going to have ports with multiple MAC addresses registered (on the ports linking the switches together). You can discount those but verify them to make sure.
The other thing I would suggest is to check the router config and make sure it's not configured as a DHCP relay.
Aah, been there, done that :-)
First check that router to make sure it is not accidentally configured to act as dhcp relay (this feature is also known as ip-helper).
But the most likely cause is a user that (intentionally or not) connected a hub or unmanaged switch between ports of both LAN's.
If possible configure port-security on all access-ports (not on the up-links or on ports to which access-points connect!) of your switches for a relatively low number of allowed mac-addresses (5 or so). This will cause the offending port to go into error/disabled almost immediately. So you can easily tell which port has the offender and it will prevent any further re-occurrences in the future.
Then go hunting :-) I have found that walking into the offenders office with a baseball bat really gets their attention.
