3 Replies Latest reply on Sep 17, 2014 12:45 PM by gladeeaytur

    Blocking an IP address

    84mike New Member

      I don't have too much experience with access lists and such, and I'm not even sure that is the answer for my issue. Any help here would be greatly appreciated.

       

      Router: Adtran 924e

      Version: A2.07.00.E

       

      Eth 0/1 is using 10.124.10.0/24

       

      Someone has a device plugged into the network that is hard-coded to 10.124.10.2 (it's a wireless access point)

       

      I simply want to stop this wireless access point from accessing the internet through the 924e.

       

      There is currently no IP filtering/firewall enabled on this router.

       

      Again, I appreciate any advice offered.

        • Re: Blocking an IP address
          jayh Hall_of_Fame

          Numerous ways to do this.

           

          1. Hunt it down and kill it.  Look up its MAC address from the ARP table.  "show ip arp" on the TA900 will give you its MAC address.   Then "show mac address-table" on your switch(es) will identify the port to which it is connected.  Use wire cutters or hammer as appropriate, or shut down the switch port.
          2. Null-route it.  Easiest because it takes one command and you don't need to enable the firewall.  Enter the command "ip route 10.124.10.2 255.255.255.255 null 0" from the command line or static route tab on GUI.  If it's malicious rather than accidental the culprit may change IP, and you wind up playing whack-a-mole. Escalate to method 1 above.
          3. Filter it. Enable the firewall, create an access-list allowing just that IP, and apply it as a discard policy.  This is more work but is the most scalable.
          4. Rick-roll it. Create a small web server with a home page of a video of Rick Astley singing "Never Gonna give You Up" as a default page. A Raspberry Pi should be sufficient. Put it on your network. Create a route-map and policy-route anything sourced from that IP to the IP of the web server.  Wait.  This is the most work, but ultimately the most fun. (Yes, I have actually done this in an extreme case.)