Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1529
Views
10
Helpful
7
Replies

Blocking a specific IP in traceroute on IOS-XR

network_geek
Level 1
Level 1

‎01-26-2021 01:03 AM

Hi All,

I am faced with a very strange problem. My internal network contains IPs from 172.16.X.X subnet. I want to block a certain IP from appearing in traceroute(this IP belongs to an uplink hosted in my own AS) and I can easily do things anyone suggests. Any leads to achieve this task will be highly appreciated.

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2021 02:52 AM

we are not sure how your environment - there is 2 ways you can do depends on your environement :

 

you configure an ACL blocking ICMP, (all or certain message types), you will achieve that.

 

MPLS cloud, then this can be accomplished via disabling the TTL propagation:

 

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008020a42a.shtml#no_mpls

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sergey Lisitsin
VIP Alumni
VIP Alumni

‎01-26-2021 02:54 AM

Hello,


I think you can do that by applying an ACL which would block ICMP reply packets from that particular IP address back out of your AS.

 

0 Helpful

network_geek
Level 1
Level 1
In response to Sergey Lisitsin

‎01-26-2021 03:52 AM

Hi All,

 

Can you kindly brief what type of messages to block? I have applied ACL to block it but it is of no use.

0 Helpful

Sergey Lisitsin
VIP Alumni
VIP Alumni
In response to network_geek

‎01-26-2021 04:51 AM

Can you please show your topology and indicate at which point and in which direction you have applied the ACL and I'll let you know what is wrong with it.

 

balaji.bandi
Hall of Fame
Hall of Fame
In response to Sergey Lisitsin

‎01-26-2021 04:48 AM

Look at ICMP TTL config :

 

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sergey Lisitsin
VIP Alumni
VIP Alumni
In response to balaji.bandi

‎01-26-2021 06:37 AM

Thanks @balaji.bandi ,

 

But would that not be very much dependent on how far the device is from the network edge? Some routers may be closer and some further. 

 

network_geek
Level 1
Level 1

‎02-06-2021 05:41 AM

Hi All,

 

I found a solution by taking assistance from TAC. The solution that came up is very simple. You only need to deny ttl-exceeded in ACL for both incoming and outgoing traffic and apparently nothing else. This would easily do the trick.

 

Hope this helps any fellow out there wishing to achieve the same.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card