Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

self icmp blocking in interface

Hi everybody,

I tried to block any ping (ICMP) from internet to my router. i have configured the below ACLs in the router and applied it in the interface connected to internet

access-list 110 permit icmp any any unreachable

access-list 110 permit icmp any any ttl-exceeded

access-list 110 permit icmp any any echo-reply

access-list 110 deny icmp any any

Applied in Interface connected to Internet as below:

interface ser 0/0

ip address

ip access-group 110 in

It is working perfectly by blocking the icmp packets destined to the router, from Internet. Also i am able to ping any public IP from the router console.

But Ironically, when i ping the own interface ser 0/0, it is showing U.U.U

I am not able to ping the self interface after applying the ACLs.

Can you please guide me what is the problem and solution



Re: self icmp blocking in interface

I tested this on a router, and it does block traffic. The only way to get around this is to add echo to your acl:

access-list 110 permit icmp any any echo

It also shows me in the log that it's getting denied:

%SEC-6-IPACCESSLOGDP: list PING denied icmp -> (8/0), 1 packet

That should do it.



HTH, John *** Please rate all useful posts ***
Hall of Fame Super Bronze

Re: self icmp blocking in interface


The problem is that when pinging to the local serial interface, the packet actually goes to the device attached to the router's serial interface and returns back hence it's blocked with the last line on your ACL.

To fix it, allow ICMP within the subnet.