GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Traceroute Block posted 11/24/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi all,
Traceroute uses three ICMP messages: echo (type: 8), time-exceeded (type:
11), port-unreachable (Type: 3, code:3).
pls correct me, if I am wrong.

Regards,
But Nguyen.

On Mon, Nov 24, 2008 at 11:25 PM, Scott M Vermillion <
scott_ccie_list@xxxxxxxxx> wrote:

> Hey Gaurav,
>
> I believe that the 'traceroute' keyword has to do with ICMP Type Code 30
> (http://www.iana.org/assignments/icmp-parameters).  This never got any
> traction and thus is pretty much a historical footnote in IOS.
> (http://www.faqs.org/rfcs/rfc1393.html)
>
> Just to prove this to yourself, do the following:
>
> R1(config-ext-nacl)#deny icmp any any  30
> R1(config-ext-nacl)#do sh ip access
> Extended IP access list test
>     10 deny icmp any any traceroute
>
> Regards,
>
> Scott
>
>
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
> GAURAV MADAN
> Sent: Monday, November 24, 2008 6:58 AM
> To: ccie forum
> Subject: Traceroute Block
>
> HI Group
>
> Can someone please confirm if following do the same purpose or are diff :
>
> R1(config-if)#do sh ip access-li
> Extended IP access list TEST
>    10 deny icmp any any traceroute
>    20 permit ip any any
>
> Extended IP access list TEST1
>    10 deny udp any any range 33400 34400 log
>    20 permit ip any any
> I found 2nd one working for me ..
> I actually configured 1st ACL thinking it will work . but it didnt ..
> finally googled it to find UDP ports ..
> Can someone plzz lemme know where am i missing and how to test this one
>
> Gaurav Madan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html