[c-nsp] Blocking a Mac address at a router interface
Baek, Steven A (US SSA)
steven.baek at baesystems.com
Thu Sep 23 12:06:36 EDT 2004
If you know the MAC-ADDR for the node you want to block, just use access
list in the 1100-1199 range and deny that mac address from traversing
the default gateway.
steve
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
Sent: Thursday, September 23, 2004 8:49 AM
To: Koen Peetermans
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Blocking a Mac address at a router interface
Hi,
On Thu, Sep 23, 2004 at 05:12:27PM +0200, Koen Peetermans wrote:
> What about adding a static arp entry on the router for his mac address
> pointing to an ip address that he is not going to be using ?
As the ARP cache works IP->MAC, not MAC->IP, this isn't going to help.
Something that might work is to monitor the ARP cache, and as soon as
his MAC address shows up, null-route the corresponding IP address. But
that needs scripting, and can't be done locally on the router.
gert
--
Gert Doering
Mobile communications ... right now writing from * RIPE49 @ Manchester *
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list