06-24-2002 02:38 PM - edited 03-01-2019 10:31 PM
06-24-2002 02:38 PM
Creat an access-list to block out icmp packets
( echo & other coresponding messages)on input interfaces to your network..
That should stop the ping storms.
what you might want to consider blocking are
echo Echo (ping)
echo-reply Echo reply
host-unreachable Host unreachable
administratively-prohibited
Administratively prohibited
net-unreachable
Net unreachable
unreachable
All unreachables
06-25-2002 12:50 AM
Create an IP extended access-list to block ICMP packets. Only allow pings from well-known addresses from your network.
06-25-2002 03:41 AM
creating ACL and blocking icmp will solve the issue, but also block legitimate icmp pings, which you might want to allow from random sources.
Best way to approach to control EXCESSIVE icmp flood is using Committed Access Rate (CAR). CAR allows you to enforce a bandwidth policy against network traffic that matches an access list.
URLs for CAR;
http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html#first
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt1/qcdcar.htm
HTH
R/Yusuf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide