Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
5
Replies

ISDN interesting traffic

fujin.huang
Level 1
Level 1

‎01-15-2002 09:28 PM - edited ‎03-01-2019 08:04 PM

Hi,

When I define the isdn interesting traffic:

interface bri0

dialer-group 1

dialer-list 1 permit ip

This configuration should only allow ip traffic, it should deny other traffic like icmp, because icmp is not part of ip traffic. But I found that using this configuration, I can use "ping x.x.x.x" to bring up the ISDN circuit, while ping is using icmp, not ip. Am I right to say these?

Why is that so?

Thank you / Fujin

Labels:
0 Helpful
5 Replies 5

s.l
Level 1
Level 1

‎01-15-2002 09:38 PM

Hi Fujin

ICMP is closely related to IP.

maybe you could try using an explicit ICMP Deny

Regards,

Subramanian

0 Helpful

fujin.huang
Level 1
Level 1
In response to s.l

‎01-15-2002 10:42 PM

Hi, Subramanian,

I don't think so, because icmp and ip are using different SNAP/DNAP. As I know, ip is using 0x0800 and icmp is using something else.

Anybody has any other opinion?

0 Helpful

jevansau99
Level 1
Level 1
In response to fujin.huang

‎01-15-2002 11:48 PM

i could be mistaken, but whenever you use IP in Cisco IOS it includes ICMP. i believe Sub is right in a sense, you do have to explicitly deny ICMP. and you are right as well, ip and icmp are not the same thing, but icmp is encompassed in the "IP" command on Cisco devices in access lists, dialer lists, etc.

0 Helpful

benjamingarcia
Level 1
Level 1
In response to s.l

‎01-21-2002 05:51 PM

The solution is....

create an extended access-list denying all traffic that you don't want, then apply it on the dialer-list

you can try the sample config below or just modify it that will suit your requirements.

"access-list 1xx deny icmp any any"

"access-list 1xx permit tcp any any"

"access-list 1xx permit udp any any"

"dialer-list 1 protocol ip list 1XX"

0 Helpful

xavierchang
Level 7
Level 7

‎01-22-2002 01:59 AM

Fujin.Huang, I'm afraid you got yourself confused. ICMP is in fact a part of IP. For example, consider this quote from RFC 792:

"ICMP messages are sent using the basic IP header"

In particular, IP has a header field for protocol type, and a value of "1" indicates ICMP (other values indicates other kinds of protocols like TCP,UDP, etc).

So that basically answers your question. When IP is interesting, then so is ICMP, because ICMP traffic is a type of IP traffic.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card