Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2437
Views
3
Helpful
3
Replies

Ping but not traceroute

suryakant.chavan
Level 1
Level 1

‎09-20-2009 06:52 PM - edited ‎03-04-2019 06:06 AM

Hi Experts,

Is it possible to configure that we should get ping but not traceroute. If yes,then how to configure.

Labels:
0 Helpful
3 Replies 3

sourabh1000_2
Level 1
Level 1

‎09-20-2009 09:57 PM

hi,

pls try below commands on incomming interface of router, hope this will work!

ip access-list extended TRACE

deny icmp any any traceroute

permit ip any any

0 Helpful

suryakant.chavan
Level 1
Level 1
In response to sourabh1000_2

‎09-20-2009 10:29 PM

Hi sourabh,

Thanks for your reply , but it's not working. If you have any other solution ,please share.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to suryakant.chavan

‎09-21-2009 08:40 AM

suryakant

While there is an ICMP message type for traceroute (ICMP message type 30) it is not what is commonly used in traceroute and so the suggestion from sourabh would not work well.

Whether you can implement a filter that will permit ping and not permit traceroute depends on what type of device is generating the traceroute. Since Unix and IOS generate traceroute sending UDP packets to high number ports you may be able to construct a filter to deny this traffic (being careful not to block UDP ports that you might actually need). But since Windows machines (using the tracert command) send ping packets, you would not be able to construct a filter that would deny traceroute and permit ping.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card