how to block traeroute ouput but permit ping ...

From: JZ (jzhang0427a@xxxxxxxxx)
Date: Sun Feb 25 2001 - 18:30:53 GMT-3

Next message: David Fahed: "ATM simple PVC config"
Previous message: Andrew: "Re: off-topic - what software is good for monitoring traffic for T1 and Gigabit Ethernet?"
Next in thread: Patrick Murphy: "Re: how to block traeroute ouput but permit ping ..."
Maybe reply: Patrick Murphy: "Re: how to block traeroute ouput but permit ping ..."
Maybe reply: Sameer Khosla: "Re: how to block traeroute ouput but permit ping ..."
Maybe reply: Fred Ingham: "Re: how to block traeroute ouput but permit ping ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, here is an issue I have been working on but no lucky..

rL:s0 ----------------s1:rM:s0 --------------- s0:rR
"tr < rR:s0 IP>" ACL# 100 /out
apply on rM:s0

Q: apply access-group 100 OUT on rM:s0 to block the output
of traceroute from rL toward rR:s0, but allow rL ping
rR

My cfg. on rM:
int s0
ip access-group 100 out
!
acl 100 deny icmp any Any eq traceroute
acl 100 permit ip any Any
!
While verify, from rL: using " tr <rR:s0's IP> "
I can still see the output from both routers: rM and rR.
not just rM.

Was anything wrong in my cfg. ?

Thanks in advance.

JZ
Sunday

Next message: David Fahed: "ATM simple PVC config"
Previous message: Andrew: "Re: off-topic - what software is good for monitoring traffic for T1 and Gigabit Ethernet?"
Next in thread: Patrick Murphy: "Re: how to block traeroute ouput but permit ping ..."
Maybe reply: Patrick Murphy: "Re: how to block traeroute ouput but permit ping ..."
Maybe reply: Sameer Khosla: "Re: how to block traeroute ouput but permit ping ..."
Maybe reply: Fred Ingham: "Re: how to block traeroute ouput but permit ping ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:00 GMT-3