Hello Jerome, The config looks ok to me. I was wondering how you're testing this? Can you maybe change the "access-control" class map to match for the UDP traceroute packets instead and verify using that?
class-map type access-control match-all ACCESS_CLASS match field UDP dest-port range 33434 33464 exit I tried that now and it seems to be working fine. I can see the packets being dropped and also the logs. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
