Re: icmp type and code DOCCD? from Dale Shaw on 2009-06-23 (Ccielab archives 06/2009)

From: Dale Shaw <dale.shaw_at_gmail.com>
Date: Wed, 24 Jun 2009 12:03:14 +1000

Hi Dennis,

On Wed, Jun 24, 2009 at 8:21 AM, Dennis Worth<dennis.worth_at_gmail.com> wrote:
> Anyone have a link to icmp type and code on DOCCD?

This doesn't directly answer your question, but don't discount the
ability of IOS to resolve these sort of things for you:

R1(config)#access-list 100 permit icmp any any 0
R1(config)#access-list 100 permit icmp any any 1
R1(config)#access-list 100 permit icmp any any 2
R1(config)#access-list 100 permit icmp any any 3
[...]
R1(config)#access-list 100 permit icmp any any 39
R1(config)#access-list 100 permit icmp any any 40
R1(config)#access-list 100 permit icmp any any 41

R1(config)#do sh run | i access-list 100
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any 1
access-list 100 permit icmp any any 2
access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any source-quench
access-list 100 permit icmp any any redirect
access-list 100 permit icmp any any alternate-address
access-list 100 permit icmp any any 7
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any router-advertisement
access-list 100 permit icmp any any router-solicitation
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any parameter-problem
access-list 100 permit icmp any any 113
access-list 100 permit icmp any any timestamp-request
access-list 100 permit icmp any any timestamp-reply
access-list 100 permit icmp any any information-request
access-list 100 permit icmp any any information-reply
access-list 100 permit icmp any any mask-request
access-list 100 permit icmp any any mask-reply
access-list 100 permit icmp any any 19
access-list 100 permit icmp any any 20
access-list 100 permit icmp any any 21
access-list 100 permit icmp any any 22
access-list 100 permit icmp any any 23
access-list 100 permit icmp any any 24
access-list 100 permit icmp any any 25
access-list 100 permit icmp any any 26
access-list 100 permit icmp any any 27
access-list 100 permit icmp any any 28
access-list 100 permit icmp any any 29
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any conversion-error
access-list 100 permit icmp any any mobile-redirect
access-list 100 permit icmp any any 33
access-list 100 permit icmp any any 34
access-list 100 permit icmp any any 35
access-list 100 permit icmp any any 36
access-list 100 permit icmp any any 37
access-list 100 permit icmp any any 38
access-list 100 permit icmp any any 39
access-list 100 permit icmp any any 40
access-list 100 permit icmp any any 41

Obviously this just resolves ICMP types, but you can go into sub-codes as well:

R1(config)#access-list 101 permit icmp any any 3 0
R1(config)#access-list 101 permit icmp any any 3 1
R1(config)#access-list 101 permit icmp any any 3 2
R1(config)#access-list 101 permit icmp any any 3 3
R1(config)#access-list 101 permit icmp any any 3 4
R1(config)#access-list 101 permit icmp any any 3 5
R1(config)#access-list 101 permit icmp any any 3 6
R1(config)#access-list 101 permit icmp any any 3 7
R1(config)#access-list 101 permit icmp any any 3 8
R1(config)#access-list 101 permit icmp any any 3 9
R1(config)#access-list 101 permit icmp any any 3 10
R1(config)#access-list 101 permit icmp any any 3 11
R1(config)#access-list 101 permit icmp any any 3 12
R1(config)#access-list 101 permit icmp any any 3 13
R1(config)#access-list 101 permit icmp any any 3 14
R1(config)#access-list 101 permit icmp any any 3 15

R1(config)#do sh run | i access-list 101
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any protocol-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any source-route-failed
access-list 101 permit icmp any any network-unknown
access-list 101 permit icmp any any host-unknown
access-list 101 permit icmp any any host-isolated
access-list 101 permit icmp any any dod-net-prohibited
access-list 101 permit icmp any any dod-host-prohibited
access-list 101 permit icmp any any net-tos-unreachable
access-list 101 permit icmp any any host-tos-unreachable
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any host-precedence-unreachable
access-list 101 permit icmp any any precedence-unreachable

You can use similar methods to resolve (for example) IP precedence values:

R1(config)#access-list 101 permit icmp any any precedence ?
  <0-7> Precedence value
  critical Match packets with critical precedence (5)
  flash Match packets with flash precedence (3)
  flash-override Match packets with flash override precedence (4)
  immediate Match packets with immediate precedence (2)
  internet Match packets with internetwork control precedence (6)
  network Match packets with network control precedence (7)
  priority Match packets with priority precedence (1)
  routine Match packets with routine precedence (0)

Anyway, the point is, sometimes it's quicker and easier to get what
you need from IOS rather than digging around inside the DocCD.

cheers,
Dale

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 24 2009 - 12:03:14 ART

This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART