- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 10:13 PM - edited 03-05-2019 11:35 AM
Hi,
The problem is regarding virus infected machine in network. The machine is not in city, is in distant region. We have IP address, Mac-address for the machine. Even could find out which machine it is, and able to disconnected it from the network for a while. The cleaning of virus (It is Windows LSASS RPC Overflow virus) is not possible from this much distance. To make sure that particular user will not connect to the network again till we clean his machine, I want to block his mac-address on switch. I am not sure which particular port he is connected with. Using "switchport port-security", we can just allow the mac-address, can not block them. Is there any solution to do so?
I would appreciate your suggestions.
thanks
Solved! Go to Solution.
- Labels:
-
LAN Switching
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 10:29 PM
Hello,
if you know the MAC address, you should be able to find the port where that MAC address is connected to, with the command 'show mac-address-table', or something similar. Once you have found the port, I guess it would be easiest to just shut down the port.
As an alternative, if you have an unused port on your switch, you could blackhole traffic for that MAC address:
mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2
Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped.
Can you try and see if that works for you ?
Regards,
GP

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 10:29 PM
Hello,
if you know the MAC address, you should be able to find the port where that MAC address is connected to, with the command 'show mac-address-table', or something similar. Once you have found the port, I guess it would be easiest to just shut down the port.
As an alternative, if you have an unused port on your switch, you could blackhole traffic for that MAC address:
mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2
Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped.
Can you try and see if that works for you ?
Regards,
GP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 10:52 PM
Great help GP!
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 10:59 PM
Hi,
Thank you very much for your promt and helpful reply. It solved my problem. I appreciate.
Thanks again
Regards
Kanupriya
