djhath
asked on
How to deny TCP traffic by IP Address on ASA 5510
I'm trying to hunt down a device on my network with an IP address of 192.168.1.75, not showing up in DHCP leases. The method I want to use in finding out what it is / who it belongs to is to deny all traffic to it at the firewall level, in hopes someone will speak up. Is there a command that can do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Solarwinds Engineers toolset has a neat tool called switchport mapper. Download the free 30 day trial and run the application. It will compare the mac-address table with the arp cache of gateway router, use wins, netbios, dns lookups, use manufacturer table to tell you the brand of NIC. All of this together in a nice table for each port on the switch. It might help you.
http://www.solarwinds.com
http://www.solarwinds.com
ASKER
I identified the MAC address of the offending IP by ARP cache. Moreover, I attempted to identify the MAC address by listing the address table on my Enterasys switching stack and there are no matching ones. It could be a wireless device, I suppose.
I believe I'm going to attempt the ACL on the firewall.