From: Edison Ortiz (edisonmortiz@gmail.com)
Date: Wed Mar 14 2007 - 15:04:45 ART
Small hint,
enable log on the permit ip any any
enable logging buffer on R5.
You will see what kind of packet R5 is generating on the traceroute.
----- Original Message -----
From: "cisco monster" <cisco.monster@gmail.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, March 14, 2007 1:37 PM
Subject: traceroute and ACL
> Hello friends
>
> I want to block traceroute traffic on R5 genrated by R4 destined to Cat-1
> but ACL is not working please guide me !!!
>
> Topology
>
> R4 -frame-relay - R5 - fram-relay R3 -eth - Cat-1
>
>
> R5(config)#do sh ip access
> Standard IP access list 1
> 10 permit 150.100.1.240
> Extended IP access list 120
> 10 deny icmp any any traceroute
> 20 deny icmp any any port-unreachable
> 30 deny icmp any any time-exceeded
> 40 permit ip any any (29 matches)
>
> R4(config)#do trace 7.7.7.7
>
> Type escape sequence to abort.
> Tracing the route to 7.7.7.7
>
> 1 16.16.45.5 32 msec 28 msec 32 msec
> 2 16.16.235.3 104 msec 108 msec 104 msec
> 3 16.16.23.7 104 msec * 104 msec
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART