From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Wed Mar 14 2007 - 14:55:57 ART
Hi:
1) I which way do you have your acl (in/out) and on what interface.
2) You could try blocking udp port 33434 which is the default udp port
(starting).
DMT
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of cisco monster
> Sent: Wednesday, March 14, 2007 1:37 PM
> To: ccielab@groupstudy.com
> Subject: traceroute and ACL
>
> Hello friends
>
> I want to block traceroute traffic on R5 genrated by R4
> destined to Cat-1 but ACL is not working please guide me !!!
>
> Topology
>
> R4 -frame-relay - R5 - fram-relay R3 -eth - Cat-1
>
>
> R5(config)#do sh ip access
> Standard IP access list 1
> 10 permit 150.100.1.240
> Extended IP access list 120
> 10 deny icmp any any traceroute
> 20 deny icmp any any port-unreachable
> 30 deny icmp any any time-exceeded
> 40 permit ip any any (29 matches)
>
> R4(config)#do trace 7.7.7.7
>
> Type escape sequence to abort.
> Tracing the route to 7.7.7.7
>
> 1 16.16.45.5 32 msec 28 msec 32 msec
> 2 16.16.235.3 104 msec 108 msec 104 msec
> 3 16.16.23.7 104 msec * 104 msec
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information.
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART