RT1#sh cdp neighbors detail ------------------------- Device ID: RT2 Entry address(es): IP address: 192.168.1.2 Platform: cisco 3620, Capabilities: Router Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0 Holdtime : 157 sec Version : Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 16:20 by dchih advertisement version: 2 Duplex: full RT1# RT1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/36 ms RT1# ================================================================================ RT2#conf t Enter configuration commands, one per line. End with CNTL/Z. RT2(config)#access-list 101 deny icmp any any RT2(config)#access-list 101 permit ip any any RT2(config)#int fa0/0 RT2(config-if)#ip access-group 101 in RT2(config-if)# ================================================================================ RT1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) RT1# RT1#debug ip icmp ICMP packet debugging is on RT1# RT1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: U *Mar 1 00:04:47.947: ICMP: dst (192.168.1.1) administratively prohibited unreachable rcv from 192.168.1.2.U *Mar 1 00:04:49.979: ICMP: dst (192.168.1.1) administratively prohibited unreachable rcv from 192.168.1.2.U Success rate is 0 percent (0/5) RT1# *Mar 1 00:04:51.995: ICMP: dst (192.168.1.1) administratively prohibited unreachable rcv from 192.168.1.2 RT1# ================================================================================ RT2(config-if)#do sh access-list | do sh ip access-list Extended IP access list 101 10 deny icmp any any (22 matches) 20 permit ip any any RT2(config-if)# RT2(config-if)#no ip unreachables RT2(config-if)# ================================================================================ RT1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) RT1# ================================================================================ RT2(config-if)#do sh access-list | do sh ip access-list Extended IP access list 101 10 deny icmp any any (27 matches) 20 permit ip any any RT2(config-if)# RT2(config-if)#ip access-list extended 101 RT2(config-ext-nacl)#no 10 RT2(config-ext-nacl)#exit RT2(config)# RT2(config)#do sh access-list | do sh ip access-list Extended IP access list 101 20 permit ip any any RT2(config)# ================================================================================ RT1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/22/36 ms RT1# *Mar 1 00:07:47.403: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1 *Mar 1 00:07:47.435: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1 *Mar 1 00:07:47.443: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1 *Mar 1 00:07:47.451: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1 *Mar 1 00:07:47.487: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1 RT1# ================================================================================ RT2(config)#do sh access-list | do sh ip access-list Extended IP access list 101 20 permit ip any any (15 matches) RT2(config)#
Monday, June 20, 2011
'permit ip any any' is inclusive of 'permit icmp any any'
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment