Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ping filter problem trying to contain virus

i have a very simple hub and spoke frame network.

On a 'remote' router i added:

access-list 100 deny icmp any any ehco

and then on the subinterface that connects back the to hub (here at HQ) i put

ip access-group 100 out

my intention is to stop pings from coming from computers on the network that are currently infected with a virus.

well, it didn't work.

so, on the 'host' router i put

same access-list entry

and then applied it on the subinterface for that location, obviously for 'in'.

that worked.

but i now have all this crap coming across the frame.

comments?

1 REPLY
Bronze

Re: ping filter problem trying to contain virus

ja1064-

I would recommend applying your ICMP access-list inbound on the LAN interface of the remote router. This will prevent ICMP echo traffic from entering the router, which saves you from fast-caching issues, etc.

~Zach

74
Views
0
Helpful
1
Replies
CreatePlease to create content