This content has been marked as final. Show 3 replies
Numerous ways to do this.
- Hunt it down and kill it. Look up its MAC address from the ARP table. "show ip arp" on the TA900 will give you its MAC address. Then "show mac address-table" on your switch(es) will identify the port to which it is connected. Use wire cutters or hammer as appropriate, or shut down the switch port.
- Null-route it. Easiest because it takes one command and you don't need to enable the firewall. Enter the command "ip route 10.124.10.2 255.255.255.255 null 0" from the command line or static route tab on GUI. If it's malicious rather than accidental the culprit may change IP, and you wind up playing whack-a-mole. Escalate to method 1 above.
- Filter it. Enable the firewall, create an access-list allowing just that IP, and apply it as a discard policy. This is more work but is the most scalable.
- Rick-roll it. Create a small web server with a home page of a video of Rick Astley singing "Never Gonna give You Up" as a default page. A Raspberry Pi should be sufficient. Put it on your network. Create a route-map and policy-route anything sourced from that IP to the IP of the web server. Wait. This is the most work, but ultimately the most fun. (Yes, I have actually done this in an extreme case.)
Thanks! I found you response quite entertaining. Think I will try option 2.
Sent from my Moto X on Verizon Wireless
Option 4 have an example of what the route-map for the offending IP to the server would look like?