Commands to filter ICMP traffic

Syntax

[deny|permit] icmp SA DA icmp-type icmp-code

Options

icmp-type icmp-code

This option identifies an individual ICMP packet type as criteria for permitting or denying that type of ICMP traffic in an ACE.
  • icmp-type— This value is in the range of 0 to 255 and corresponds to an ICMP packet type.

  • icmp-code— This value corresponds to an ICMP code for an ICMP packet type. It is optional and needed only when a particular ICMP subtype is needed as a filtering criterion.Range: 0 to 255

Example

Showing two ACEs entered in an ACL context:

#permit icmp any any 1 3
#permit icmp any any destination-unreachable

Options

icmp-type name

These name options are an alternative to the [ icmp-type [ icmp-code ] ] methodology described above.

cert-path-advertise

mobile-advertise

cert-path-solicit

mobile-solicit

destination-unreachable

nd-na

echo-reply

nd-ns

echo-request

node-info

home-agent-reply

node-query

home-agent-request

packet-too-big

inv-nd-na

parameter-problem

inv-nd-ns

redirect

mcast-router-advertise

router-advertisement

mcast-router-solicit

router-renum

mcast-router-terminate

router-solicitation

mld-done

time-exceeded

mld-query

ver2-mld-report