Cisco ACL deny icmp
Home > IT Answers > Networking > Cisco ACL deny icmp
Ekansh
140 pts.
0
Q:
Cisco ACL deny icmp
Cisco 4506, Cisco Catalyst, Cisco Switche, VLAN, ICMP
I have three cisco core 4506 and working with 20 different vlans. i am trying to create deny icmp for vlan 67 subnet 192.168.40.0 255.255.255.224. i tried in many way but i am fail. any host can ping to this subnet and this subnet can ping to any host. but i want to deny for both.

 



Software/Hardware used:
cisco catalyst 4506 switches
ASKED: Sep 4 2009  2:17 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
BlankReg
11280 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
You need to implement this on the switch that has the VLAN67 interface, which is also the default-gateway for the subnet. If you have this running HSRP or VRRP, then implement it on all the switches with a VLAN67 interface.

Try the following which only denies PING, but allows other ICMP messages. If you want to deny all ICMP then leave out the second line, and remove the 'echo' from the first line. Change the number from '100' if you already have an access list with this number.

access-list 100 deny icmp any any echo
access-list 100 deny icmp any any echo-reply
access-list 100 permit ip any any

On the Interface VLAN67

ip access-group 100 in
ip access-group 100 out

Hope this helps.
Last Answered: Sep 4 2009  9:41 PM GMT by BlankReg   11280 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



0