Ok just some info on this that I ran into today that I figured i would pass on.
Noticed in email that my device went frozen yesterday. Seemed odd to me, internet connection was fine the whole time, but I had setup nchronos yesterday (looks pretty slick sofar and FREE )
http://www.colasoft.com/nchronos/nchronos-free.php I don't know of any other FREE product that does 24x7x365 packet capturing to storage for past application and network forensics analysis, they are normally way out of the price range of home budgets for sure and even most small businesses normally do not have the money or tech skills to set it up and ran across this the other day and just had to set it up to check it out.
Which to do I had to create a mirror port on my smart switch (gs108t, nice home <$100 8 port gig switch) so I could watch all between my lan and the internet, every thing was working fine - I moved my routers lan port to the smart switch, setup another nic in my server and mirrored the routers interface on the switch to the port nchronos was logging.
Everything looked fine, was seeing all my traffic from my lan to the internet.. Had to go out later that day, didn't get back to playing with network til this morning when noticed my bridge was frozen. WTF!! Internet is working fine, logs show never went down, well took a look at my new toy and noticed over the last 24 hours there seemed to be quite a bit of dhcp traffic -- like 1.8MB to broadcast, WTF..
Well seemed my bridge just kept sending dhcp discover, he would get an ip - then like 12 seconds later he would do it again, over and over and over. So looking at real time traffic noticed he would get his IP, then he would arp for the gateway, not get a response.. Then try to get a new IP, then arp again, over and over and over.
Well I saw that my gateway was seeing the arp, and did reply to it -- but my bridge was not seeing the reply to his arp. HMMM that made no sense. Well looking on the smart switch, hmm no mac for my bridge listed in the table?? Odd, now I had setup igmp snooping and was blocking pretty much all multicast.. But arp is not multicast so why should it be blocking?
So figured I would just setup a static arp entry for my bridge on the switch, but when put in the weird mac that the bridges use, mine 7f-bf-a9-aa-29-5b I got an error "Multicast MAC address can't be added!" Then it clicked, 7f well what is the least significant bit of that octet, 7f = 0111 1111, so that means 1 which means multicast MAC.
So why does my bridge have a multicast mac is the question???
Before my bridge and gateway where both connected to just a dumb gig switch, so no igmp snooping - it could care less if the mac was multicast or not, etc.
So if your having issues with your bridges, make sure they can arp the gateway. Make sure that your switches are blocking their traffic because of it being a multicast mac.
So I got everything working again by turning off igmp snooping on the switch, but switch is still not listing the bridges mac in its table. How can we change the bridges MAC to something that is actually a legit mac address?? Or could someone tell me why the bridge should be using a multicast mac??? I don't get it??
I have seen multiple threads before where users were having issues due to these weird macs and dhcp servers not like, etc. etc.