track ip address

Ibrahim Jamil · ‎04-17-2012

Hi Experts

how can i monitor and track an ip address coming to my router and going to another destination,i need to block it in such a way

thanks

jamil

John Blakley · ‎04-17-2012

Jamil,

Are you wanting to drop traffic from it completely? You could use an acl to do this...

access-list 101 deny ip host 5.5.5.5 host 192.168.1.5

access-list 101 permit ip any any

int fa0/0 (WAN)

ip access-group 101 in

If this isn't what you need, please let us know...

John

HTH, John *** Please rate all useful posts ***

Vasileios Bouloukos MSc, ITIL, CCIE · ‎04-17-2012

Hi ibrahim,

Since you also want to track/monitor the traffic from specific Source/Destinatiion IP you could use the log option at the end of the AList. For instance the example (based on the j.blakley post) could be as follows

access-list 101 deny ip host 5.5.5.5 host 192.168.1.5 log

access-list 101 permit ip any any

Then, all these logs can be stored either locally to the buffer of the router or sent to a Syslog server.

Newer versions of IOS also provide the log-input keyword, which adds information about the interface from which the packet was received, and the MAC address of the host that sent it.

Either option causes an informational logging message about the matching packet to be sent to console/Syslog.

Hope that helps,

Vasilis

johnlloyd_13 · ‎04-18-2012

Hi Jamil,

You can enable IP accounting and then create an ACL once you know the IP addresses you want to filter.

Sent from Cisco Technical Support iPhone App