Yes it works with this command ! thanks
Stephane ""Robert Edmonds"" a icrit dans le message de news: [EMAIL PROTECTED] > Are you wanting to also block the ICMP unreachable message? If so, you can > use "no ip unreachable". > > ""Stephane Litkowski"" wrote in message > news:200211052003.UAA03311@;groupstudy.com... > > Robert, > > > > I tried to apply th ACL at inbound (for ICMP traceroute version) : > > on the PC (192.168.1.2), I tried to traceroute an address behind the > router > > (172.16.4.5) > > I can see in debug that the the ICMP packet is denied by ACL but the > router > > replies to the host : > > > > 00:07:23: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.2 -> > > 172.16.4.5 (0/0), 1 packet > > 00:07:23: IP: s=192.168.1.2 (Ethernet0), d=172.16.4.5, len 92, access > denied > > 00:07:23: ICMP type=8, code=0 > > 00:07:23: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len 56, > > sending > > 00:07:23: ICMP type=3, > ->(unreachable > > because the address i traceroute does not exist) > > > > > > ""Robert Raver"" a icrit dans le message de news: > > [EMAIL PROTECTED] > > > Stephane, > > > > > > How are you applying this? It should be coming and not going out. ex. > ip > > > access-group 101 in > > > > > > Thanks, > > > Robert Raver > > > > > > > > > ----- Original Message ----- > > > From: "Stephane Litkowski" > > > To: > > > Sent: Tuesday, November 05, 2002 11:21 AM > > > Subject: Traceroute blocking on CISCO router [7:56924] > > > > > > > > > > Hi all, > > > > > > > > how can I prevent a cisco router to respond to a traceroute (ICMP or > > UDP) > > > ? > > > > I tried to apply an access-list out to prevent ICMP to be generated by > > the > > > > router, but it doesn't seem to block anything ! Maybe access-lists > > cannot > > > > block local traffic ... > > > > > > > > access-list 101 deny icmp any any log > > > > access-list 101 permit ip any any > > > > > > > > I see the packet log by the ACL, but it is still transmitted (because > > > local > > > > ?) > > > > > > > > 00:24:13: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.3 -> > > > > 192.168.1.2(0/0), 1 packet > > > > 00:24:13: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len > 56, > > > > sending > > > > 00:24:13: ICMP type=11, code=0 > > > > > > > > Thanks for help > > > > > > > > Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56968&t=56924 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
