i'm newbie... i wanna block incoming ping requests on Cisco 2500 Router... on my network... i applied blocking (incoming packets on Serial 0) of ICMP... but i all web surffer and messeger service went to sudden death... thx
Full Version: Blocking Icmp On Router 2500
First we are going to need some more information. Post with your access list so we can see where you misconfigured it.
be sure to xxx out any sensitive information. I don't want your external IP information.
be sure to xxx out any sensitive information. I don't want your external IP information.
there no... access list currently... but i want to block incoming... ping... which are increase and increase day by day... before this... i apply a access list on Serial 0 for incoming packets... as given below...
access-list 100 deny any 140.254.200.0 0.0.0.31 3 0
access-list 100 deny any 140.254.200.0 0.0.0.31 3 1
access-list 100 deny any 140.254.200.0 0.0.0.31 3 3
access-list 100 deny any 140.254.200.0 0.0.0.31 3 4
access-list 100 deny any 140.254.200.0 0.0.0.31 3 13
access-list 100 deny any 140.254.200.0 0.0.0.31 4
access-list 100 deny any 140.254.200.0 0.0.0.31 11 0
by applying this access-list on serial 0 for incoming packets... stop all web surfing and internet service on network... plz help...
access-list 100 deny any 140.254.200.0 0.0.0.31 3 0
access-list 100 deny any 140.254.200.0 0.0.0.31 3 1
access-list 100 deny any 140.254.200.0 0.0.0.31 3 3
access-list 100 deny any 140.254.200.0 0.0.0.31 3 4
access-list 100 deny any 140.254.200.0 0.0.0.31 3 13
access-list 100 deny any 140.254.200.0 0.0.0.31 4
access-list 100 deny any 140.254.200.0 0.0.0.31 11 0
by applying this access-list on serial 0 for incoming packets... stop all web surfing and internet service on network... plz help...
Not entirely sure what your access list is supposed to be blocking but it would seem as if you want to block ICMP type 3 code 0 1 3 4 and 13, type 4, and type 11 code 0? I'm not certain where you got those specific types of ICMP but I believe you simply need to put ICMP in your access list like so:
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 0
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 1
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 3
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 4
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 13
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 4
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 11 0
access-list 100 permit IP any any (if you want to allow everything else, remember that there is a default deny ip any any at the end of any access list)
Here is a quote from our good friends over at Cisco (for version 12.3, if you are running an older version this may or may not apply):
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 0
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 1
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 3
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 4
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 3 13
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 4
access-list 100 deny ICMP any 140.254.200.0 0.0.0.31 11 0
access-list 100 permit IP any any (if you want to allow everything else, remember that there is a default deny ip any any at the end of any access list)
Here is a quote from our good friends over at Cisco (for version 12.3, if you are running an older version this may or may not apply):
| CODE |
| Internet Control Message Protocol (ICMP) access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments] |
Hope that helps...
--P.G>
thx... million of billion thx... could u guide where can i get interactive guide regarding Cisco Router / Switches... thx
Cisco's website is actually great for finding all the information you may want on router management, I'm not entirely sure how much of it is available without an account but I'm pretty sure you can get all the info you need.
This is a great place to start for looking at IOS software:
http://www.cisco.com/pcgi-bin/Support/brow...:Cisco_IOS_Test
--P.G>
This is a great place to start for looking at IOS software:
http://www.cisco.com/pcgi-bin/Support/brow...:Cisco_IOS_Test
--P.G>
thx... again for link... but as far as my research 
on Cisco Website is concern... i learn a lot from past few months... that anything which i good... not available to everyone... u need CCIE or means... which currently i don't have... anyway thx dear 
on Cisco Website is concern... i learn a lot from past few months... that anything which i good... not available to everyone... u need CCIE or means... which currently i don't have... anyway thx dear
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
