cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1532
Views
10
Helpful
7
Replies

Blocking a specific IP in traceroute on IOS-XR

network_geek
Level 1
Level 1

Hi All,

I am faced with a very strange problem. My internal network contains IPs from 172.16.X.X subnet. I want to block a certain IP from appearing in traceroute(this IP belongs to an uplink hosted in my own AS) and I can easily do things anyone suggests. Any leads to achieve this task will be highly appreciated.

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

we are not sure how your environment - there is 2 ways you can do depends on your environement :

 

you configure an ACL blocking ICMP, (all or certain message types), you will achieve that.

 

MPLS cloud, then this can be accomplished via disabling the TTL propagation:

 

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008020a42a.shtml#no_mpls

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sergey Lisitsin
VIP Alumni
VIP Alumni

Hello,


I think you can do that by applying an ACL which would block ICMP reply packets from that particular IP address back out of your AS.

 

Hi All,

 

Can you kindly brief what type of messages to block? I have applied ACL to block it but it is of no use.

Can you please show your topology and indicate at which point and in which direction you have applied the ACL and I'll let you know what is wrong with it.

 

Thanks @balaji.bandi ,

 

But would that not be very much dependent on how far the device is from the network edge? Some routers may be closer and some further. 

 

network_geek
Level 1
Level 1

Hi All,

 

I found a solution by taking assistance from TAC. The solution that came up is very simple. You only need to deny ttl-exceeded in ACL for both incoming and outgoing traffic and apparently nothing else. This would easily do the trick.

 

Hope this helps any fellow out there wishing to achieve the same.

Review Cisco Networking for a $25 gift card