Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Access list to log invalid/rogue IP on my LAN

My PIX log notes that an address on my LAN is trying to access the internet. This address is not valid on my LAN (it is 192.168.1.3, which is not used on my LAN). Since it's not part of the NAT list on the PIX, the PIX doesn't translate it and rejects the packet.

I'd like to set up an access list on my edge switches to log where the host is.

Please help with the command string for this access list.

Thanks in advance!

1 REPLY
Bronze

Re: Access list to log invalid/rogue IP on my LAN

Hostname(config)#conf t

Hostname(config)#access-list 111 permit ip any any log-input

Hostname(config)# interface

hostname(config-if)# ip access-group 111 in

you can configure the switch to log direcrly into the console or to a logging server

109
Views
0
Helpful
1
Replies
CreatePlease to create content