Commands to filter ICMP traffic
Syntax
[deny|permit] icmp
SA DA
icmp-type icmp-code
Options
icmp-type icmp-code
-
icmp-type— This value is in the range of 0 to 255 and corresponds to an ICMP packet type.
-
icmp-code— This value corresponds to an ICMP code for an ICMP packet type. It is optional and needed only when a particular ICMP subtype is needed as a filtering criterion.Range: 0 to 255
Example
Showing two ACEs entered in an ACL context:
#permit icmp any any 1 3 #permit icmp any any destination-unreachable
Options
icmp-type name
These name options are an alternative to the [ icmp-type [ icmp-code ] ] methodology described above.
cert-path-advertise |
mobile-advertise |
cert-path-solicit |
mobile-solicit |
destination-unreachable |
nd-na |
echo-reply |
nd-ns |
echo-request |
node-info |
home-agent-reply |
node-query |
home-agent-request |
packet-too-big |
inv-nd-na |
parameter-problem |
inv-nd-ns |
redirect |
mcast-router-advertise |
router-advertisement |
mcast-router-solicit |
router-renum |
mcast-router-terminate |
router-solicitation |
mld-done |
time-exceeded |
mld-query |
ver2-mld-report |