Amir,
I'm not 100% sure what you mean by "doing ping and traceroute to their PE's" .
Because the PE is (usually) the first device you see on the provider side, so
"usually" no more than one hop away.
If your question is; how to block ping/trace on PE boxes:
1- If they are customer facing; configure your ACLs on them (as mentioned by
Joe) - not the best practice
2- If they are behind any other appliances take a look at them and see if you
can do anything there.
However, if you work for a SP I dont recommend that. Why? Business issue. If
as a customer I hit a problem and as a part of a troubleshooting process I
can't even verify my connectivity to the PE I'd consider it as a big
"negative" score for your company. Especially external consultants are perfect
creatures in making noises on "hard to evaluate/troubleshoot" SPs.
HTH
--------------------------
Kambiz Agahian
CCIE (R&S)
CCSI, WAASSE, RSSSE
Technical Instructor
CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
Email: kagahian_at_ccbootcamp.com
Toll Free: 877-654-2243
International: +1-702-968-5100
Skype: skype:ccbootcamp?call
FAX: +1-702-446-8012
YES! We take Cisco Learning Credits!
Training And Remote Racks: http://www.ccbootcamp.com
OEQ Voice Waiver: http://www.ccbootcamp.com/noeqvoice.html
OEQ R&S Waiver: http://www.ccbootcamp.com/noeqrs.html
OEQ Commercial: http://www.ccbootcamp.com/noeq.mpg
-----Original Message-----
From: nobody_at_groupstudy.com on behalf of Aamir Aziz
Sent: Wed 4/14/2010 9:16 AM
To: Cisco certification
Subject: Traceroute in MPLS
Dear *,
With no mpls ip propagate-ttl command MPLS core is hidden from
customers however they can still ping and traceroute to their PE. Is
there anyway to stop customers from even doing ping and traceroute to
their PE's?
Thanks
Aamir
-- Sent from my mobile device Blogs and organic groups at http://www.ccie.netReceived on Wed Apr 14 2010 - 09:34:30 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART