Defining the ICMP match criteria

To more precisely define the ICMP packets to match in an IPv4 or IPv6 traffic class, use the optional parameter settings below. For example, instead of matching or ignoring all ICMP traffic, you can configure a class that matches only a specific ICMP packet type by entering its numeric value.

Context: Class configuration

Syntax:


no [seq—number] [match | ignore] [icmp] source—address destination—address [icmp—type—number | icmpv4—type—name | icmpv6—type—name] [ip—dscp codepoint] [precedence precedence—value] [tos tos—value] [vlan—id]
If you enter icmp as the IP protocol type in a match/ignore statement, you can optionally specify an ICMP packet type to more precisely define match criteria for a traffic class. Enter the optional ICMP match criteria immediately after the destination address (DA) value in the command syntax; for example:
 
switch(config-class)# match icmp any any host-unknown 
switch(config-class)# match icmp any any 3 7
icmp-type-number

Configures an ICMP packet type as match criteria in a class configuration by entering its numeric identifier. Valid values are from 0 to 255.

For information on ICMP packet-type names and numeric identifiers, go to the Internet Assigned Numbers Authority (IANA) website at www.iana.com, click Protocol Number Assignment Services, and then go to the selections under Internet Control Message Protocol (ICMP) Parameters.

icmpv4-type-name

Enter any of the following ICMPv4 packet-type names to configure more precise match criteria for ICMP packets in an IPv4 class configuration.

To display a list of valid icmpv4-type-name entries when entering icmp as the IP protocol type in a match/ignore statement, enter ?. Some of the valid values are:

  • administratively-prohibitednet-tos-unreachable
  • alternate-addressnet-unreachable
  • conversion-errornetwork-unknown
  • dod-host-prohibitedno-room-for-option
  • dod-net-prohibitedoption-missing
  • echopacket-too-big
  • echo-replyparameter-problem
  • general-parameter-problemport-unreachable
  • host-isolatedprecedence-unreachable
  • host-precedence-unreachableprotocol-unreachable
  • host-redirectreassembly-timeout
  • host-tos-redirectredirect
  • host-tos-unreachablerouter-advertisement
  • host-unknownrouter-solicitation
  • host-unreachablesource-quench
  • information-replysource-route-failed
  • information-requesttime-exceeded
  • mask-replytimestamp-reply
  • mask-requesttimestamp-request
  • mobile-redirecttraceroute
  • net-redirectttl-exceeded
  • net-tos-redirectunreachable
icmpv6-type-name

You can also enter any of the following ICMPv6 packet-type names to configure more precise match criteria for ICMP packets in an IPv6 class configuration.

To display a list of valid icmpv6-type-name entries when you enter icmp as the IP protocol type in a match/ignore statement, enter ?. Some of the valid values are as follows:

  • cert-path-advertisemobile-advertise
  • cert-path-solicitmobile-solicit
  • destination-unreachablend-na
  • echo-replynd-ns
  • echo-requestnode-info
  • home-agent-replynode-query
  • home-agent-requestpacket-too-big
  • inv-nd-naparameter-problem
  • inv-nd-nsredirect
  • mcast-router-advertiserouter-advertisement
  • mcast-router-solicitrouter-renum
  • mcast-router-terminate router-solicitation
  • mld-done time-exceeded
  • mld-query ver2-mld-report
  • mld-report