Defining the ICMP match criteria
To more precisely define the ICMP packets to match in an IPv4 or IPv6 traffic class, use the optional parameter settings below. For example, instead of matching or ignoring all ICMP traffic, you can configure a class that matches only a specific ICMP packet type by entering its numeric value.
Context: Class configuration
Syntax:
no [seq—number] [match | ignore] [icmp] source—address destination—address [icmp—type—number | icmpv4—type—name | icmpv6—type—name] [ip—dscp codepoint] [precedence precedence—value] [tos tos—value] [vlan—id]
icmp
as the IP protocol type in a match/ignore statement, you can optionally specify an ICMP packet type to more precisely define match criteria for a traffic class. Enter the optional ICMP match criteria immediately after the destination address (DA) value in the command syntax; for example:
switch(config-class)# match icmp any any host-unknown switch(config-class)# match icmp any any 3 7
- icmp-type-number
Configures an ICMP packet type as match criteria in a class configuration by entering its numeric identifier. Valid values are from
0
to255
.For information on ICMP packet-type names and numeric identifiers, go to the Internet Assigned Numbers Authority (IANA) website at www.iana.com, click Protocol Number Assignment Services, and then go to the selections under Internet Control Message Protocol (ICMP) Parameters.
- icmpv4-type-name
Enter any of the following ICMPv4 packet-type names to configure more precise match criteria for ICMP packets in an IPv4 class configuration.
To display a list of valid
icmpv4-type-name
entries when enteringicmp
as the IP protocol type in a match/ignore statement, enter ?. Some of the valid values are:administratively-prohibitednet-tos-unreachable
alternate-addressnet-unreachable
conversion-errornetwork-unknown
dod-host-prohibitedno-room-for-option
dod-net-prohibitedoption-missing
echopacket-too-big
echo-replyparameter-problem
general-parameter-problemport-unreachable
host-isolatedprecedence-unreachable
host-precedence-unreachableprotocol-unreachable
host-redirectreassembly-timeout
host-tos-redirectredirect
host-tos-unreachablerouter-advertisement
host-unknownrouter-solicitation
host-unreachablesource-quench
information-replysource-route-failed
information-requesttime-exceeded
mask-replytimestamp-reply
mask-requesttimestamp-request
mobile-redirecttraceroute
net-redirectttl-exceeded
net-tos-redirectunreachable
- icmpv6-type-name
You can also enter any of the following ICMPv6 packet-type names to configure more precise match criteria for ICMP packets in an IPv6 class configuration.
To display a list of valid
icmpv6-type-name
entries when you entericmp
as the IP protocol type in a match/ignore statement, enter ?. Some of the valid values are as follows:cert-path-advertisemobile-advertise
cert-path-solicitmobile-solicit
destination-unreachablend-na
echo-replynd-ns
echo-requestnode-info
home-agent-replynode-query
home-agent-requestpacket-too-big
inv-nd-naparameter-problem
inv-nd-nsredirect
mcast-router-advertiserouter-advertisement
mcast-router-solicitrouter-renum
mcast-router-terminate router-solicitation
mld-done time-exceeded
mld-query ver2-mld-report
mld-report