Specific ICMP Packets in ACI

Jayashanker warrier · ‎02-26-2020

Hi Team,

Sorry if this is a question is already asked, if so please guide me to that place...

EPA is in EPG1

EPB is in EPG2

i need to have a contract which can permit only ping initiated from EPA and not EPB.....

so if EPA ping EPB it should work

if EPB pings EPA it should not work...

We can control this via type of icmp msg from EPA to EPB (type 8 -- echo) and allowing type 0 vice versa right?

If so i cannot see a way to do this since when i select ip/icmp in the filter no other options i get to select the type ..

Please let me know if i am missing something

RedNectar · ‎02-27-2020

Hi @Jayashanker warrier ,

Try this

conf
  tenant tenant_name 
   access-list ICMP.Echo
      match raw ICMP.Echo icmpv4T echo
      exit
    access-list ICMP.EchoReply
      match raw ICMP.Echo icmpv4T echo-rep
      exit

I have created it, but not tested it. Let me know if it works. And it can't be editted in the GUI!!!!!!

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.