09-16-2006 07:40 AM - edited 03-03-2019 05:04 AM
I have an HSRP router plugged into port g1/0/15 on a 3750G switch
I want to deny all ICMP traffic, can I use this ACL on this int?
The HSRP Router address is 210.233.44.130
ip access-list extended deny-icmp
permit icmp host 210.233.44.0 any
remark Do not allow ICMP Traffic
deny icmp any any
permit ip any any
Will this work on
int g1/0/15
ip access-list deny-icmp in
09-16-2006 08:23 AM
The only issues I see is that you have the network address 210.233.44.0 identified as a host address. Also, if your goal is to block all ICMP...why are you allowing this host?
This will block all ICMP per your request:
ip access-list extended deny-icmp
deny icmp any any
permit ip any any
Please rate if this helps
Thanks,
Chris
09-16-2006 09:48 AM
Because the HSRP router is tracking this port, i'm not sure if HSRP uses ICMP to track interfaces.
Since the router 210.233.44.130 is on the same subnet, I thought it should be permitted.
09-16-2006 10:55 AM
Perhaps you should use the .130 address in the ACL instead of .0.
09-17-2006 03:17 AM
Unless you are configure object tracking to use ICMP, HSRP is not using ICMP.
"standby 1 track interface s0/0" does not use ICMP.
HTH
09-17-2006 06:55 AM
Cool thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: