ICMP ACL Configuration
#configure terminal | Enter configure mode. |
(config)#ip access-list icmp-acl-01 | Create an IP access list named icmp-acl-01. |
(config-ip-acl)#10 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11 f | Create an access rule with sequence number 10 to deny ICMP packets from a specific source towards a specific destination with a DSCP value of af11. Note: The sequence number is optional. |
(configip-acl)#20 permit icmp 1.1.1.1/24 2.2.2.2/24 precedence flash | Create an access rule with sequence number 20 to permit ICMP packets from a specific source towards a specific destination with precedence as flash. |
(config-ip-acl)#exit | Exit access list mode. |
(config)#interface xe10 | Enter interface mode. |
(config-if)#no switchport | Configure the interface as Layer 3. |
(config-if)#ip address 1.1.1.3/24 | Assign an IP address. |
(config-if)#ip access-group icmp-acl-01 in | Apply access group icmp-acl-01 for inbound traffic to the interface. |
(config-if)#end | Exit interface and configure mode. |
Validation
Use the commands below to verify the match count. When inbound IP packets reach interface xe10 with source address 1.1.1.X, destination address 2.2.2.X, DSCP value af11, and are fragmented, then the count for access rule 10 increases equal to the number of packets sent.
#show ip access-lists icmp-acl-01
IP access-list icmp-acl-01
10 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11 [match=200]
20 permit icmp 1.1.1.1/24 2.2.2.2/24 precedence flash
default deny-all
When inbound IP packets reach interface xe10 with source address as 1.1.1.X, destination address 2.2.2.X, and precedence value flash, then the count for access rule 20 increases equal to the number of packets sent.
#show ip access-lists icmp-acl-01
IP access-list icmp-acl-01
10 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11
20 permit icmp 1.1.1.1/24 2.2.2.2/24 precedence flash [match=200]
default deny-all
Note: Use the command clear ip access-list counters to clear statistics of all ACLs configured or clear ip access-list <access-list name> counters to clear statistics of a particular ACL.
Last modified date: 08/28/2023