Access list to log invalid/rogue IP on my LAN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2007 08:29 AM - edited 03-05-2019 02:40 PM
My PIX log notes that an address on my LAN is trying to access the internet. This address is not valid on my LAN (it is 192.168.1.3, which is not used on my LAN). Since it's not part of the NAT list on the PIX, the PIX doesn't translate it and rejects the packet.
I'd like to set up an access list on my edge switches to log where the host is.
Please help with the command string for this access list.
Thanks in advance!
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2007 06:38 AM
Hostname(config)#conf t
Hostname(config)#access-list 111 permit ip any any log-input
Hostname(config)# interface
hostname(config-if)# ip access-group 111 in
you can configure the switch to log direcrly into the console or to a logging server
