mckeough
asked on
Cisco disconnect command
We are using a Cisco 1700 router. I'm just wondering if there is a way to use something like the "disconnect" command to get rid of (for example) 192.168.254.92 out of the ARP table?
Sho Arp gives me the following table:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.254.151 10 0002.e311.df5a ARPA FastEthernet0
Internet 192.168.254.132 66 000b.db8b.ff7e ARPA FastEthernet0
Internet 192.168.254.133 46 000d.567e.e4ec ARPA FastEthernet0
Internet 192.168.254.130 11 0010.1809.e408 ARPA FastEthernet0
Internet 192.168.254.128 31 0010.1809.c40c ARPA FastEthernet0
Internet 192.168.254.2 4 0002.a543.3207 ARPA FastEthernet0
Internet 192.168.254.3 8 000f.20cf.9a73 ARPA FastEthernet0
Internet 192.168.254.1 0 0002.a543.4fab ARPA FastEthernet0
Internet 192.168.254.10 - 0008.2196.6793 ARPA FastEthernet0
Internet 192.168.254.85 75 0007.e9b1.4fe9 ARPA FastEthernet0
Internet 192.168.254.92 136 0030.bd6d.d799 ARPA FastEthernet0
Internet 192.168.254.93 38 0030.bd6d.d799 ARPA FastEthernet0
Internet 192.168.254.126 13 000d.5699.7669 ARPA FastEthernet0
Internet 192.168.254.124 100 0010.1809.e404 ARPA FastEthernet0
Internet 192.168.254.122 207 0010.1809.441f ARPA FastEthernet0
Internet 192.168.254.120 9 000c.f19b.f913 ARPA FastEthernet0
Internet 192.168.254.121 23 0010.1807.23a2 ARPA FastEthernet0
Internet 192.168.254.98 0 0002.b3aa.3236 ARPA FastEthernet0
Internet 192.168.254.108 20 0040.3393.fb8e ARPA FastEthernet0
I want to get rid of 192.168.254.92 out of that table because I don't want any traffic (at least for the moment) to go to or from that IP address. Is this possible? It can be a temporary fix because I really don't want to put a deny statement in my access list. I don't care if this IP tries establishing a connection again. I just want to be able to shut it off right now.
Sho Arp gives me the following table:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.254.151 10 0002.e311.df5a ARPA FastEthernet0
Internet 192.168.254.132 66 000b.db8b.ff7e ARPA FastEthernet0
Internet 192.168.254.133 46 000d.567e.e4ec ARPA FastEthernet0
Internet 192.168.254.130 11 0010.1809.e408 ARPA FastEthernet0
Internet 192.168.254.128 31 0010.1809.c40c ARPA FastEthernet0
Internet 192.168.254.2 4 0002.a543.3207 ARPA FastEthernet0
Internet 192.168.254.3 8 000f.20cf.9a73 ARPA FastEthernet0
Internet 192.168.254.1 0 0002.a543.4fab ARPA FastEthernet0
Internet 192.168.254.10 - 0008.2196.6793 ARPA FastEthernet0
Internet 192.168.254.85 75 0007.e9b1.4fe9 ARPA FastEthernet0
Internet 192.168.254.92 136 0030.bd6d.d799 ARPA FastEthernet0
Internet 192.168.254.93 38 0030.bd6d.d799 ARPA FastEthernet0
Internet 192.168.254.126 13 000d.5699.7669 ARPA FastEthernet0
Internet 192.168.254.124 100 0010.1809.e404 ARPA FastEthernet0
Internet 192.168.254.122 207 0010.1809.441f ARPA FastEthernet0
Internet 192.168.254.120 9 000c.f19b.f913 ARPA FastEthernet0
Internet 192.168.254.121 23 0010.1807.23a2 ARPA FastEthernet0
Internet 192.168.254.98 0 0002.b3aa.3236 ARPA FastEthernet0
Internet 192.168.254.108 20 0040.3393.fb8e ARPA FastEthernet0
I want to get rid of 192.168.254.92 out of that table because I don't want any traffic (at least for the moment) to go to or from that IP address. Is this possible? It can be a temporary fix because I really don't want to put a deny statement in my access list. I don't care if this IP tries establishing a connection again. I just want to be able to shut it off right now.
You can type "clear arp" and that will remove that entry- but the first thing the router will do is arp for everything it knew about to try and rebuild the table. So if 192.168.254.92 is still there, the router will pick it up again. The only way to stop traffic from that host is to either disconnect it from the net or create an access-list. You could also just disable the switch port it connects to, if it's on a switch.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
my bad I should have done the complete example for him.
You are right i misread the address.
I usaually try to be sure my dope is right before I post it.
You are right i misread the address.
I usaually try to be sure my dope is right before I post it.
mckeough said he didn't want to use an access list if he didn't have to. I suspect he already knows how to do it :-) But the static ARP entry might work for him... I guess we need some feedback.
ASKER
Yes, feedback coming soon. As soon as I get a spare minute I'll get back to you guys on this.
ASKER
Yes, I know how to add another deny entry on our access list. I just thought there might be a different way to immediately disconnect that IP address. I have a lot to learn about Ciscos (I'm an MCSA), so I don't mind adding an entry to our access list if that's the best way to handle this situation. I am actually very interested in that static ARP, PennGwyn. Can you either explain how to do it, or send me a link to a page that explains it. Like I said, I've got a lot to learn about Ciscos. Points increased to 400.
ASKER
Not enough points to explain static arp? Just don't want to because it would take too long? That's fine. I'll close this out in a day or two if nobody has any more comments.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And dude, we've all got lives and jobs... have some patience.
ASKER
Dude, relax. I wasn't upset. I just didn't know if you guys didn't want to post anything more. That's totally your choice and I respect that. After reading my last post I realize I didn't "say" that quite right. Sorry about the confusion. I REALLY appreciate the help you guys have given me. :-)
ASKER
In other words, I apologize.
Apology accepted.
ASKER
Thanks for all the help everyone!