21 deny icmp – CANOGA PERKINS CanogaOS Command Reference User Manual

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 676 of 855

IP ACL configuration

Usage

The fragments will be invalid when the layer 4 information is specified (i.e. src-port).

Examples

This example shows how to create a filter in IP ACL to deny any UDP packets.
Switch(config-ip-acl)# 1 deny udp any any
This example shows how to create a filter in IP ACL to deny the UDP packets with the source IP 1.1.1.1,
source port 10, and destination port less than 2000.
Switch(config-ip-acl)# 2 deny udp host 1.1.1.1 src-port eq 10 any dst-port lt 2000

Related Commands

deny
deny tcp
deny icmp
deny igmp

33.21 deny icmp

Use this command to reject ICMP packets matching the IP filter.

Command Syntax

[<1-2147483646>] deny icmp { source source-mask | any | host source } {destination
destination-mask any | host destination } [ icmp-type < 0-255 > [icmp-code < 0-255 >] ]
[ ip-precedence precedence | dscp dscp ] [ fragments ] [ routed-packet ] [ options ] [ time-range
time-range-name ] [ stats ]
icmp-type: <0-255> ICMP message type
icmp-code: <0-255> ICMP message code

Command Mode

IP ACL configuration

Usage

None

Examples

This example shows how to create a filter in IP ACL to deny any ICMP packets.
Switch(config-ip-acl)#1 deny icmp any any
This example shows how to create a filter in IP ACL to deny the ICMP packets with the icmp-type 3 and
icmp-code 3.
Switch(config-ip-acl)#2 deny icmp any any icmp-type 3 icmp-code 3

Related Commands