[c-nsp] Blocking a Mac address at a router interface
Gert Doering
gert at greenie.muc.de
Thu Sep 23 11:48:34 EDT 2004
Hi,
On Thu, Sep 23, 2004 at 05:12:27PM +0200, Koen Peetermans wrote:
> What about adding a static arp entry on the router for his mac address
> pointing to an ip address that he is not going to be using ?
As the ARP cache works IP->MAC, not MAC->IP, this isn't going to help.
Something that might work is to monitor the ARP cache, and as soon as
his MAC address shows up, null-route the corresponding IP address. But
that needs scripting, and can't be done locally on the router.
gert
--
Gert Doering
Mobile communications ... right now writing from * RIPE49 @ Manchester *
More information about the cisco-nsp
mailing list