Block incoming ping (CISCO)

PROBLEM: I would like to block all incoming ping requests.
SOLUTION: Block incoming ICMP traffic using access-list.

[?] Why you should not block ICMP traffic!
https://neilalexander.eu/articles/2017/4/16/understanding-icmp
http://shouldiblockicmp.com/

//create deny rule to drop all ICMP requests
//enable other traffic (bcs of implicit deny by ACL)

Router(config)# access-list 101 deny icmp any any
Router(config)# access-list 101 permit ip any any

//assign the rule to the interface

Router(config)# int FastEthernet 0/1 
Router(config-if)# ip access-group 101 in

OUTPUT

Router# ping 172.16.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

Copy & Paste

conf t
access-list 101 deny icmp any any
access-list 101 permit ip any any
int FastEthernet 0/1 
ip access-group 101 in 
end

Source: https://community.cisco.com/t5/routing/block-icmp/td-p/2419132

Tags:

Date:

November 8, 2018

Up next:

Before:

filipniko.cz

Block incoming ping (CISCO)

Leave a Reply Cancel reply