Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
5
Helpful
4
Replies

deny icmp on adsl interface

rpalacio
Level 1
Level 1

‎06-28-2005 03:06 AM - edited ‎03-03-2019 09:54 AM

hi,

how can i deny icmp on my adsl interface?

thanks a lot.

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎06-28-2005 03:32 AM

First let me say that denying ICMP is pretty extreme and may have some detrimental effect on your network. Things like ICMP Fragmentation Required but DF Set, which is necessary for Path MTU Discovery to work, or ICMP TTL exceeded, ICMP Network Unreachable, ICMP Port unreachable, and many other ICMP messages are good. Why would you want to deny them?

But your question was how to deny them and I will give an answer. Create an extended access list which at a minimum includes these lines:

deny icmp any any

permite ip any any

and apply that access list to the interface with the access-group command.

HTH

Rick

HTH

Rick

rpalacio
Level 1
Level 1
In response to Richard Burts

‎06-28-2005 05:23 AM

i did that but it did not work. pls see the below command and tell me where did i go wrong

access-list 110 deny icmp any any

access-list 110 permit icmp any any

interface atm 0/0/0

ip access-group 110 in

0 Helpful

ovieira
Level 1
Level 1
In response to rpalacio

‎06-28-2005 05:28 AM

Hi!

Is your ADSL configuration on the physical ATM? I think you must also have a Dialer Profile created on wich you must apply tha 110 ACL.

Regards.

0 Helpful

rpalacio
Level 1
Level 1
In response to ovieira

‎06-28-2005 05:43 AM

hi

i just did that on the dialer and it works

thanks a lot

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card