[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 273
  • Last Modified:

Block all .1 IPs

Our network is broken out into several VLANs.  I would like to disable all traffic for the .1 network (192.168.1.x)

Can I add something at my default gateway (cisco 3560) or at the firewall (cisco ASA).  All of our switches are 3560s, so maybe I could add some sort of rule at each switch??
1 Solution
When you say disable do you mean you want to prevent the 192.168.1.x network from talking to the other networks/vlans, or do you want to get rid of it all together?
You want to disable all traffic of 192.168.1.x? Fine.

It would be under a particular vlan then.

Take out that vlan.

ACL/Rules are for filtering i.e  if you want restricted/filtered access for someone to someone. But your question is to disable entirely. So remove the vlan.

show your asa config
dougp23Author Commented:
I want to prohibit any .1 traffic on my network.
Currently there is no VLAN for .1 traffic.  This morning I was trying to setup a new wireless device, and I plugged it into a switch (that unbeknownst to me was plugged into the corporate LAN).  The def IP of the WAP was supposed to be 1.123, so I set my PC to 1.144.  I couldn't find the WAP, so I did an IP sweep and there was a 1.57 which asked for me a login and password (it was a NetGear wireless, not the WAP I was trying to get going).  So it seems there is a renegade WAP on my network somewhere.  I would like all switches when they see .1 traffic to either drop it, or route it somewhere impossible.

there is no mention of .1 in my ASA.

You can put an acl on your vlan interfaces to deny any source address from

ip access-list extended Rogue
deny ip any
permit ip any any

or something similar.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now