09-02-2003 12:56 AM - edited 03-02-2019 10:01 AM
hi,
I'm currently trying to come up with an ACL to prevent the nachi virus killing the network (as I'm sure many administrators are) and was looking for help with a particular access permission.
I work in the IT dept at the main office and I'm creating an ACL that will prevent most nodes on the network from sending ping packets to each other, only I have to create a permission that will allow all members of the IT dept, who are on a specific subnet, to be able to ping any node one of the remote LAN's, which will confirm connectivity in the event of a problem.
The subnet uses the class A private address 10.2.6.0, although there is only six nodes on this subnet. I want them all to have ping permission to the remote LAN. So I have created permission on the local router so that it will allow ping packets from these addresses to be able to ping anywhere, but the remote router won't allow a reply. I'm sure I will have to place the ACL on the ethernet interface (inbound) on the remote router and may have to include 'echo-reply', only I'm just not completely sure what the permit statement will be.
Any help is much appreciated.
09-02-2003 04:09 AM
Try:
access-list
Thanks -
09-02-2003 07:02 AM
so in my example, for the remote router to allow my local segment to ping all hosts on the remote LAN, I would use the following statement -
access-list 101 permit icmp 10.2.6.0 0.0.0.255 any echo-reply
Would this be correct?
09-03-2003 09:09 AM
Try the ACLs and the Route Map config listed on these links:
> http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
> http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide