06-28-2005 03:06 AM - edited 03-03-2019 09:54 AM
hi,
how can i deny icmp on my adsl interface?
thanks a lot.
06-28-2005 03:32 AM
First let me say that denying ICMP is pretty extreme and may have some detrimental effect on your network. Things like ICMP Fragmentation Required but DF Set, which is necessary for Path MTU Discovery to work, or ICMP TTL exceeded, ICMP Network Unreachable, ICMP Port unreachable, and many other ICMP messages are good. Why would you want to deny them?
But your question was how to deny them and I will give an answer. Create an extended access list which at a minimum includes these lines:
deny icmp any any
permite ip any any
and apply that access list to the interface with the access-group command.
HTH
Rick
06-28-2005 05:23 AM
i did that but it did not work. pls see the below command and tell me where did i go wrong
access-list 110 deny icmp any any
access-list 110 permit icmp any any
interface atm 0/0/0
ip access-group 110 in
06-28-2005 05:28 AM
Hi!
Is your ADSL configuration on the physical ATM? I think you must also have a Dialer Profile created on wich you must apply tha 110 ACL.
Regards.
06-28-2005 05:43 AM
hi
i just did that on the dialer and it works
thanks a lot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide