Access list to log invalid/rogue IP on my LAN

Unanswered Question
Mar 2nd, 2007

My PIX log notes that an address on my LAN is trying to access the internet. This address is not valid on my LAN (it is 192.168.1.3, which is not used on my LAN). Since it's not part of the NAT list on the PIX, the PIX doesn't translate it and rejects the packet.

I'd like to set up an access list on my edge switches to log where the host is.

Please help with the command string for this access list.

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Thu, 03/08/2007 - 06:38

Hostname(config)#conf t

Hostname(config)#access-list 111 permit ip any any log-input

Hostname(config)# interface

hostname(config-if)# ip access-group 111 in

you can configure the switch to log direcrly into the console or to a logging server

Actions

This Discussion