Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL "Administratively prohibited"?

I'm studying for my CCNA and I thought it'd be a good exercise to go tru my router's running config line by line and find out what each one does. I've gotten to the part where the access lists are, and there are a few that came on default on the router's config that i can't find out what they do:

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 deny ip any any

dialer-list 1 protocol ip permit

Do these come by default on all/most running configs? I can't seem to find what the "administratively prohibited" stands for...I know this set probably has to do with how the router handles icmp, udp, or ip packets, but like I said, for practice purposes I want to be able to know what each line accomplishes. I guess if i can get past the "administratively-prohibited" part I should be able to look up the rest

Thanx

Louis

2 REPLIES
New Member

Re: ACL "Administratively prohibited"?

Louis,

It is an icmp type 3 code 13 message.

http://www.spirit.com/Resources/icmp.html

One entry further down in the list permits all of code 3,

access-list 111 permit icmp any any unreachable

You could remove the entry with no negative impact.

But typically Cisco routers do not come with a default config. From your CCNA, you should know that when you first boot a cisco router it runs the configuration menu.

Kevin

New Member

Re: ACL "Administratively prohibited"?

Thanx!

By the way it was a bad choice of words in my part regarding the "default" config..... I meant the config that is created by running the web setup. When I first got the router (806 SOHO) I ran the web setup to get it up and running quick so thats what I meant by "default."..since I pretty much just had to enter my provider's account username and password, the enable secret, but all the access lists and remaining configs were created by the util automatically so I had no say in it.

785
Views
0
Helpful
2
Replies