Block all .1 IPs

Posted on 2011-04-29
Last Modified: 2012-05-11
Our network is broken out into several VLANs.  I would like to disable all traffic for the .1 network (192.168.1.x)

Can I add something at my default gateway (cisco 3560) or at the firewall (cisco ASA).  All of our switches are 3560s, so maybe I could add some sort of rule at each switch??
Question by:dougp23
    LVL 26

    Expert Comment

    When you say disable do you mean you want to prevent the 192.168.1.x network from talking to the other networks/vlans, or do you want to get rid of it all together?
    LVL 17

    Expert Comment

    You want to disable all traffic of 192.168.1.x? Fine.

    It would be under a particular vlan then.

    Take out that vlan.

    ACL/Rules are for filtering i.e  if you want restricted/filtered access for someone to someone. But your question is to disable entirely. So remove the vlan.

    LVL 4

    Expert Comment

    show your asa config
    LVL 1

    Author Comment

    I want to prohibit any .1 traffic on my network.
    Currently there is no VLAN for .1 traffic.  This morning I was trying to setup a new wireless device, and I plugged it into a switch (that unbeknownst to me was plugged into the corporate LAN).  The def IP of the WAP was supposed to be 1.123, so I set my PC to 1.144.  I couldn't find the WAP, so I did an IP sweep and there was a 1.57 which asked for me a login and password (it was a NetGear wireless, not the WAP I was trying to get going).  So it seems there is a renegade WAP on my network somewhere.  I would like all switches when they see .1 traffic to either drop it, or route it somewhere impossible.

    there is no mention of .1 in my ASA.

    LVL 26

    Accepted Solution

    You can put an acl on your vlan interfaces to deny any source address from

    ip access-list extended Rogue
    deny ip any
    permit ip any any

    or something similar.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
    This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now