From: Patrick Murphy (pjm@xxxxxxxxxxxxxxxxx)
Date: Sun Feb 25 2001 - 18:45:43 GMT-3
Permit the following
access-list 100 permit icmp any Any echo
access-list 100 permit icmp any Any echo-reply
Patrick
----- Original Message -----
From: "JZ" <jzhang0427a@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, February 25, 2001 6:00 PM
Subject: how to block traeroute ouput but permit ping ...
> Hi, here is an issue I have been working on but no lucky..
>
> rL:s0 ----------------s1:rM:s0 --------------- s0:rR
> "tr < rR:s0 IP>" ACL# 100 /out
> apply on rM:s0
>
> Q: apply access-group 100 OUT on rM:s0 to block the output
> of traceroute from rL toward rR:s0, but allow rL ping
> rR
>
> My cfg. on rM:
> int s0
> ip access-group 100 out
> !
> acl 100 deny icmp any Any eq traceroute
> acl 100 permit ip any Any
> !
> While verify, from rL: using " tr <rR:s0's IP> "
> I can still see the output from both routers: rM and rR.
> not just rM.
>
> Was anything wrong in my cfg. ?
>
> Thanks in advance.
>
> JZ
> Sunday
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:00 GMT-3