Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco disconnect command

Posted on 2004-08-24
14
Medium Priority
?
1,057 Views
Last Modified: 2012-05-05
We are using a Cisco 1700 router. I'm just wondering if there is a way to use something like the "disconnect" command to get rid of (for example) 192.168.254.92 out of the ARP table?

Sho Arp gives me the following table:

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.254.151        10   0002.e311.df5a  ARPA   FastEthernet0
Internet  192.168.254.132        66   000b.db8b.ff7e  ARPA   FastEthernet0
Internet  192.168.254.133        46   000d.567e.e4ec  ARPA   FastEthernet0
Internet  192.168.254.130        11   0010.1809.e408  ARPA   FastEthernet0
Internet  192.168.254.128        31   0010.1809.c40c  ARPA   FastEthernet0
Internet  192.168.254.2           4   0002.a543.3207  ARPA   FastEthernet0
Internet  192.168.254.3           8   000f.20cf.9a73  ARPA   FastEthernet0
Internet  192.168.254.1           0   0002.a543.4fab  ARPA   FastEthernet0
Internet  192.168.254.10          -   0008.2196.6793  ARPA   FastEthernet0
Internet  192.168.254.85         75   0007.e9b1.4fe9  ARPA   FastEthernet0
Internet  192.168.254.92        136   0030.bd6d.d799  ARPA   FastEthernet0
Internet  192.168.254.93         38   0030.bd6d.d799  ARPA   FastEthernet0
Internet  192.168.254.126        13   000d.5699.7669  ARPA   FastEthernet0
Internet  192.168.254.124       100   0010.1809.e404  ARPA   FastEthernet0
Internet  192.168.254.122       207   0010.1809.441f  ARPA   FastEthernet0
Internet  192.168.254.120         9   000c.f19b.f913  ARPA   FastEthernet0
Internet  192.168.254.121        23   0010.1807.23a2  ARPA   FastEthernet0
Internet  192.168.254.98          0   0002.b3aa.3236  ARPA   FastEthernet0
Internet  192.168.254.108        20   0040.3393.fb8e  ARPA   FastEthernet0

I want to get rid of 192.168.254.92 out of that table because I don't want any traffic (at least for the moment) to go to or from that IP address. Is this possible? It can be a temporary fix because I really don't want to put a deny statement in my access list. I don't care if this IP tries establishing a connection again. I just want to be able to shut it off right now.
0
Comment
Question by:mckeough
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11887842
You can type "clear arp" and that will remove that entry- but the first thing the router will do is arp for everything it knew about to try and rebuild the table. So if 192.168.254.92 is still there, the router will pick it up again. The only way to stop traffic from that host is to either disconnect it from the net or create an access-list. You could also just disable the switch port it connects to, if it's on a switch.
0
 
LVL 8

Assisted Solution

by:MarkDozier
MarkDozier earned 200 total points
ID: 11887994
Simple
use an extended access
Access-list 110  deny ip 192.168.254.02 0.255.255.255 any

then appy it to the interface that 192.168.254.02 is connected to
0
 
LVL 11

Assisted Solution

by:PennGwyn
PennGwyn earned 800 total points
ID: 11888264
> Access-list 110  deny ip 192.168.254.02 0.255.255.255 any

The address is wrong, the mask is wrong, and if you don't add a second line

access-list 110 permit ip any any

then applying this access list ("in") will block *all* traffic into that interface.
----

A technique I've use on occasion has been to add a hard ARP table entry with a different MAC address.  This will prevent replies to this IP address via this router from reaching the host, making it impossible to establish or maintain an Internet connection.  But the access list is a simpler and much more obvious approach, making it a better temporary measure -- MAC games are good for users who try to "fix" administrative blockages by moving to a different port....


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 8

Expert Comment

by:MarkDozier
ID: 11888351
my bad I should have done the complete example for him.
You are right i misread the address.
I usaually try to be sure my dope is right before I post it.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11893924
mckeough said he didn't want to use an access list if he didn't have to. I suspect he already knows how to do it :-) But the static ARP entry might work for him... I guess we need some feedback.
0
 

Author Comment

by:mckeough
ID: 11895471
Yes, feedback coming soon. As soon as I get a spare minute I'll get back to you guys on this.
0
 

Author Comment

by:mckeough
ID: 11897366
Yes, I know how to add another deny entry on our access list. I just thought there might be a different way to immediately disconnect that IP address. I have a lot to learn about Ciscos (I'm an MCSA), so I don't mind adding an entry to our access list if that's the best way to handle this situation. I am actually very interested in that static ARP, PennGwyn. Can you either explain how to do it, or send me a link to a page that explains it. Like I said, I've got a lot to learn about Ciscos. Points increased to 400.
0
 

Author Comment

by:mckeough
ID: 11912736
Not enough points to explain static arp? Just don't want to because it would take too long? That's fine. I'll close this out in a day or two if nobody has any more comments.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 1000 total points
ID: 11914759
I was waiting for PennGwyn since he suggested it...

The way to do it is:

router(config)# arp 192.168.7.19 0800.0900.1834 arpa

There's a good explanation here:
http://www.cisco.com/en/US/products/ps5845/products_command_reference_chapter09186a008027e848.html
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11914770
And dude, we've all got lives and jobs... have some patience.
0
 

Author Comment

by:mckeough
ID: 11914893
Dude, relax. I wasn't upset. I just didn't know if you guys didn't want to post anything more. That's totally your choice and I respect that. After reading my last post I realize I didn't "say" that quite right. Sorry about the confusion. I REALLY appreciate the help you guys have given me. :-)
0
 

Author Comment

by:mckeough
ID: 11914908
In other words, I apologize.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11914950
Apology accepted.
0
 

Author Comment

by:mckeough
ID: 11915317
Thanks for all the help everyone!
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question