Solved

Cisco disconnect command

Posted on 2004-08-24
14
1,034 Views
Last Modified: 2012-05-05
We are using a Cisco 1700 router. I'm just wondering if there is a way to use something like the "disconnect" command to get rid of (for example) 192.168.254.92 out of the ARP table?

Sho Arp gives me the following table:

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.254.151        10   0002.e311.df5a  ARPA   FastEthernet0
Internet  192.168.254.132        66   000b.db8b.ff7e  ARPA   FastEthernet0
Internet  192.168.254.133        46   000d.567e.e4ec  ARPA   FastEthernet0
Internet  192.168.254.130        11   0010.1809.e408  ARPA   FastEthernet0
Internet  192.168.254.128        31   0010.1809.c40c  ARPA   FastEthernet0
Internet  192.168.254.2           4   0002.a543.3207  ARPA   FastEthernet0
Internet  192.168.254.3           8   000f.20cf.9a73  ARPA   FastEthernet0
Internet  192.168.254.1           0   0002.a543.4fab  ARPA   FastEthernet0
Internet  192.168.254.10          -   0008.2196.6793  ARPA   FastEthernet0
Internet  192.168.254.85         75   0007.e9b1.4fe9  ARPA   FastEthernet0
Internet  192.168.254.92        136   0030.bd6d.d799  ARPA   FastEthernet0
Internet  192.168.254.93         38   0030.bd6d.d799  ARPA   FastEthernet0
Internet  192.168.254.126        13   000d.5699.7669  ARPA   FastEthernet0
Internet  192.168.254.124       100   0010.1809.e404  ARPA   FastEthernet0
Internet  192.168.254.122       207   0010.1809.441f  ARPA   FastEthernet0
Internet  192.168.254.120         9   000c.f19b.f913  ARPA   FastEthernet0
Internet  192.168.254.121        23   0010.1807.23a2  ARPA   FastEthernet0
Internet  192.168.254.98          0   0002.b3aa.3236  ARPA   FastEthernet0
Internet  192.168.254.108        20   0040.3393.fb8e  ARPA   FastEthernet0

I want to get rid of 192.168.254.92 out of that table because I don't want any traffic (at least for the moment) to go to or from that IP address. Is this possible? It can be a temporary fix because I really don't want to put a deny statement in my access list. I don't care if this IP tries establishing a connection again. I just want to be able to shut it off right now.
0
Comment
Question by:mckeough
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
You can type "clear arp" and that will remove that entry- but the first thing the router will do is arp for everything it knew about to try and rebuild the table. So if 192.168.254.92 is still there, the router will pick it up again. The only way to stop traffic from that host is to either disconnect it from the net or create an access-list. You could also just disable the switch port it connects to, if it's on a switch.
0
 
LVL 8

Assisted Solution

by:MarkDozier
MarkDozier earned 50 total points
Comment Utility
Simple
use an extended access
Access-list 110  deny ip 192.168.254.02 0.255.255.255 any

then appy it to the interface that 192.168.254.02 is connected to
0
 
LVL 11

Assisted Solution

by:PennGwyn
PennGwyn earned 200 total points
Comment Utility
> Access-list 110  deny ip 192.168.254.02 0.255.255.255 any

The address is wrong, the mask is wrong, and if you don't add a second line

access-list 110 permit ip any any

then applying this access list ("in") will block *all* traffic into that interface.
----

A technique I've use on occasion has been to add a hard ARP table entry with a different MAC address.  This will prevent replies to this IP address via this router from reaching the host, making it impossible to establish or maintain an Internet connection.  But the access list is a simpler and much more obvious approach, making it a better temporary measure -- MAC games are good for users who try to "fix" administrative blockages by moving to a different port....


0
 
LVL 8

Expert Comment

by:MarkDozier
Comment Utility
my bad I should have done the complete example for him.
You are right i misread the address.
I usaually try to be sure my dope is right before I post it.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
mckeough said he didn't want to use an access list if he didn't have to. I suspect he already knows how to do it :-) But the static ARP entry might work for him... I guess we need some feedback.
0
 

Author Comment

by:mckeough
Comment Utility
Yes, feedback coming soon. As soon as I get a spare minute I'll get back to you guys on this.
0
 

Author Comment

by:mckeough
Comment Utility
Yes, I know how to add another deny entry on our access list. I just thought there might be a different way to immediately disconnect that IP address. I have a lot to learn about Ciscos (I'm an MCSA), so I don't mind adding an entry to our access list if that's the best way to handle this situation. I am actually very interested in that static ARP, PennGwyn. Can you either explain how to do it, or send me a link to a page that explains it. Like I said, I've got a lot to learn about Ciscos. Points increased to 400.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:mckeough
Comment Utility
Not enough points to explain static arp? Just don't want to because it would take too long? That's fine. I'll close this out in a day or two if nobody has any more comments.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 250 total points
Comment Utility
I was waiting for PennGwyn since he suggested it...

The way to do it is:

router(config)# arp 192.168.7.19 0800.0900.1834 arpa

There's a good explanation here:
http://www.cisco.com/en/US/products/ps5845/products_command_reference_chapter09186a008027e848.html
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
And dude, we've all got lives and jobs... have some patience.
0
 

Author Comment

by:mckeough
Comment Utility
Dude, relax. I wasn't upset. I just didn't know if you guys didn't want to post anything more. That's totally your choice and I respect that. After reading my last post I realize I didn't "say" that quite right. Sorry about the confusion. I REALLY appreciate the help you guys have given me. :-)
0
 

Author Comment

by:mckeough
Comment Utility
In other words, I apologize.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
Apology accepted.
0
 

Author Comment

by:mckeough
Comment Utility
Thanks for all the help everyone!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now