ACL "Administratively prohibited"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2003 09:39 AM - edited 03-02-2019 04:28 AM
I'm studying for my CCNA and I thought it'd be a good exercise to go tru my router's running config line by line and find out what each one does. I've gotten to the part where the access lists are, and there are a few that came on default on the router's config that i can't find out what they do:
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
Do these come by default on all/most running configs? I can't seem to find what the "administratively prohibited" stands for...I know this set probably has to do with how the router handles icmp, udp, or ip packets, but like I said, for practice purposes I want to be able to know what each line accomplishes. I guess if i can get past the "administratively-prohibited" part I should be able to look up the rest
Thanx
Louis
- Labels:
-
Other Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2003 10:53 AM
Louis,
It is an icmp type 3 code 13 message.
http://www.spirit.com/Resources/icmp.html
One entry further down in the list permits all of code 3,
access-list 111 permit icmp any any unreachable
You could remove the entry with no negative impact.
But typically Cisco routers do not come with a default config. From your CCNA, you should know that when you first boot a cisco router it runs the configuration menu.
Kevin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2003 07:36 PM
Thanx!
By the way it was a bad choice of words in my part regarding the "default" config..... I meant the config that is created by running the web setup. When I first got the router (806 SOHO) I ran the web setup to get it up and running quick so thats what I meant by "default."..since I pretty much just had to enter my provider's account username and password, the enable secret, but all the access lists and remaining configs were created by the util automatically so I had no say in it.