- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023
04:48 AM
- last edited on
01-19-2023
01:11 AM
by
Translator
I'm a total newbie so sorry this
I'm using Cisco Packet Tracer I'm simply trying to stop ICMP ping from a PC (192.168.3.4) to the Router 2811 (192.168.4.1)
access-list 101 deny icmp 192.168.4.3 0.0.0.0
I get Incomplete
access-list 101 deny icmp 192.168.4.3 0.0.0.0
echo if I add echo I get Invalid Input
Any help welcome
Solved! Go to Solution.
- Labels:
-
Other Routers
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023
05:15 AM
- last edited on
01-19-2023
01:13 AM
by
Translator
If you are looking only host to host
try below :
access-list 101 deny icmp host 192.168.4.3 host 192.168.4.1 echo
Note : make sure you attached to interface to deny
example :
interface x/x
ip access-group 101 in
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023
12:39 PM
- last edited on
01-24-2023
09:38 PM
by
Translator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023
05:15 AM
- last edited on
01-19-2023
01:13 AM
by
Translator
If you are looking only host to host
try below :
access-list 101 deny icmp host 192.168.4.3 host 192.168.4.1 echo
Note : make sure you attached to interface to deny
example :
interface x/x
ip access-group 101 in
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023 05:21 AM
Balaji thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023
05:21 AM
- last edited on
01-24-2023
10:16 PM
by
Translator
if you use standard then you can
<source IP> <source mask>
if you use extended acl then you need
<source IP><source mask><destination IP><destination mask>
here in your ACL you use extended and use only souece IP & mask, you need destination IP & mask
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023 08:30 AM
To add a point to @MHM Cisco World 's info, when using numbered access lists, under 100 are standard (just source), 100 and over are extended (source and destination). As you were using ACL number 101, this is why you keep getting an "incomplete" error.
Also, similar requirement if using named ACLs, i.e. standard named ACLs only have source, extended named ACLs have source and destination.
BTW, are you familiar with "?" when entering IOS commands?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2023 11:02 AM
How very helpful, Joseph thank you very much
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023
11:49 AM
- last edited on
01-24-2023
09:37 PM
by
Translator
sorry for being so lame
access-list 101 deny icmp host 192.168.4.3 host 192.168.4.1 echo
Then what I read if I don't add a permit I can't ping from other devices because of an explicit deny Cisco ISO added at the end of the ACL.
I've tried
access-list 101 permit ip 192.168.4.1 0.0.0.255 any ............................
no joy, sorry guy where I'm I going wrong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 12:07 PM
what the direction you apply this ACL ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 12:15 PM
I want to block ICMP from 192.168.4.3 (PC) in to the Router on f0/0 which works
I have another network 192.168.2.x and when I ping the router it also fails... I hope that makes sense
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023
12:24 PM
- last edited on
01-24-2023
09:38 PM
by
Translator
access-list 101 permit ip 192.168.4.1 0.0.0.255 any
<<- but I see 192.168.4.1 instead of 192.168.2.x
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 12:33 PM
it works sir! thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 12:34 PM
That should read "is there a global
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023
12:39 PM
- last edited on
01-24-2023
09:38 PM
by
Translator
access-list 101 permit ip 192.168.2.x 0.0.0.255 any
