When you permit IP that also includes ICMP. However if you want to actually match on specific ICMP types/codes then you can as well ie. from the same doc you linked to -
Some protocols also have specific parameters and keywords that apply to that protocol. These IP protocols are supported (protocol keywords are in parentheses in bold):
Authentication Header Protocol (ahp), Enhanced Interior Gateway Routing Protocol (eigrp), Encapsulation Security Payload (esp), generic routing encapsulation (gre), Internet Control Message Protocol (icmp), Internet Group Management Protocol (igmp), any Interior Protocol (ip), IP in IP tunneling (ipinip), KA9Q NOS-compatible IP over IP tunneling (nos), Open Shortest Path First routing (ospf), Payload Compression Protocol (pcp), Protocol Independent Multicast (pim), Transmission Control Protocol (tcp), or User Datagram Protocol (udp).
Note ICMP echo-reply cannot be filtered. All other ICMP codes or types can be filtered.
So with an extended acl you can match any ICMP type/code except for an echo-reply as per above the note.
** Edit - i should have clarified. ICMP is a part of the IP protocol. When the doc says non-IP protocols are not supported it is referring to things like IPX, Appletalk etc.
Hello - basically I'm trying to apply a QoS class which matches an extended access-list to set mpls exp value - I have a bunch of management protocols I want to assure bandwidth to, its a bit of service provider scenario. So our access-list entry would look like:
access-list extended 100 permit icmp any any
But it doesnt work. Definitely access 100 permit ip any any will set the correct exp value, however it also marks everything so defeats the point..
ISIS is another problem for us - we cant apply a service policy with protocol 124 (i think it is) in access-list, it rejects as a layer4 protocol. I think the idea of applying QoS to management protocols must be common enough that I must be doing something obviously wrong!!
++edit - cant seem to filter the icmp, any idea the syntax...?
Both - the router generates bgp/ISIS/icmp we want to ensure bandwidth outbound to and we have stuff passing through, however it is mostly mpls and can be ignored. And this works fine, (except ISIS) BGP gets its correct exp value. Its just the ICMP...nothing.
If I set the exp value in the policy-map default-class it marks it up, so its definitely an access-list thing. Will give the above a good shot later, im surely doing something obvously wrong!
Any ideas on how to apply the same qos to ISIS? It rejects with a layer4 error.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.