해결됨: Block ICMP without ACL or Firewall

cnsa · ‎06-01-2024

I need to configure my router so that no PCs in the 192.168.0.0/24 range can send pings (ICMP) to any device, and no devices can send pings (ICMP) to the 192.168.0.0/24 range, but I want to do this without using ACLs or firewalls.
Does anyone know how to do this?

MHM Cisco World · ‎06-01-2024

I want to do this without using ACLs or firewalls <<- this not usual but it can be done
first do
ip access-list extended ICMP

permit icmp any any

!
route-map ICMP permit 10

match ip address ICMP
set ip next-hop null0

!
interface x
policy route-map ICMP

this make any traffic match icmp send to null0 i.e. drop

MHM

원본 게시물의 솔루션 보기

MHM Cisco World · ‎06-01-2024

I want to do this without using ACLs or firewalls <<- this not usual but it can be done
first do
ip access-list extended ICMP

permit icmp any any

!
route-map ICMP permit 10

match ip address ICMP
set ip next-hop null0

!
interface x
policy route-map ICMP

this make any traffic match icmp send to null0 i.e. drop

MHM

cnsa · ‎06-02-2024

I don't think it works on 2911, maybe there's another way? I'm testing it in packet tracer right now.

MHM Cisco World · ‎06-02-2024

Sure it work in 2911 real device

But for PKT I don't think it support PBR

MHM

Leo Laohoo · ‎06-01-2024

Do not route the 192.168.0.0/24 network.

cnsa · ‎06-02-2024

Only ICMP needs to be blocked.