Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISDN interesting traffic

Hi,

When I define the isdn interesting traffic:

interface bri0

dialer-group 1

dialer-list 1 permit ip

This configuration should only allow ip traffic, it should deny other traffic like icmp, because icmp is not part of ip traffic. But I found that using this configuration, I can use "ping x.x.x.x" to bring up the ISDN circuit, while ping is using icmp, not ip. Am I right to say these?

Why is that so?

Thank you / Fujin

5 REPLIES
s.l
New Member

Re: ISDN interesting traffic

Hi Fujin

ICMP is closely related to IP.

maybe you could try using an explicit ICMP Deny

Regards,

Subramanian

New Member

Re: ISDN interesting traffic

Hi, Subramanian,

I don't think so, because icmp and ip are using different SNAP/DNAP. As I know, ip is using 0x0800 and icmp is using something else.

Anybody has any other opinion?

New Member

Re: ISDN interesting traffic

i could be mistaken, but whenever you use IP in Cisco IOS it includes ICMP. i believe Sub is right in a sense, you do have to explicitly deny ICMP. and you are right as well, ip and icmp are not the same thing, but icmp is encompassed in the "IP" command on Cisco devices in access lists, dialer lists, etc.

New Member

Re: ISDN interesting traffic

The solution is....

create an extended access-list denying all traffic that you don't want, then apply it on the dialer-list

you can try the sample config below or just modify it that will suit your requirements.

"access-list 1xx deny icmp any any"

"access-list 1xx permit tcp any any"

"access-list 1xx permit udp any any"

"dialer-list 1 protocol ip list 1XX"

Re: ISDN interesting traffic

Fujin.Huang, I'm afraid you got yourself confused. ICMP is in fact a part of IP. For example, consider this quote from RFC 792:

"ICMP messages are sent using the basic IP header"

In particular, IP has a header field for protocol type, and a value of "1" indicates ICMP (other values indicates other kinds of protocols like TCP,UDP, etc).

So that basically answers your question. When IP is interesting, then so is ICMP, because ICMP traffic is a type of IP traffic.

158
Views
0
Helpful
5
Replies