Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACL to block ICMP

I have an HSRP router plugged into port g1/0/15 on a 3750G switch

I want to deny all ICMP traffic, can I use this ACL on this int?

The HSRP Router address is 210.233.44.130

ip access-list extended deny-icmp

permit icmp host 210.233.44.0 any

remark Do not allow ICMP Traffic

deny icmp any any

permit ip any any

Will this work on

int g1/0/15

ip access-list deny-icmp in

5 REPLIES
Community Member

Re: ACL to block ICMP

The only issues I see is that you have the network address 210.233.44.0 identified as a host address. Also, if your goal is to block all ICMP...why are you allowing this host?

This will block all ICMP per your request:

ip access-list extended deny-icmp

deny icmp any any

permit ip any any

Please rate if this helps

Thanks,

Chris

Community Member

Re: ACL to block ICMP

Because the HSRP router is tracking this port, i'm not sure if HSRP uses ICMP to track interfaces.

Since the router 210.233.44.130 is on the same subnet, I thought it should be permitted.

Community Member

Re: ACL to block ICMP

Perhaps you should use the .130 address in the ACL instead of .0.

Community Member

Re: ACL to block ICMP

Unless you are configure object tracking to use ICMP, HSRP is not using ICMP.

"standby 1 track interface s0/0" does not use ICMP.

HTH

Community Member

Re: ACL to block ICMP

Cool thanks.

521
Views
0
Helpful
5
Replies
CreatePlease to create content