Hi Mike, Why did you choose to look for code 0? Code 0 means different thing for each ICMP type. I think for echo messages you should look for icmp type 8 . Now the interesting part is that if you try to match icmp type 8 instead of code 8 your solution won't work.
Oszkar > > Annnnnnnd Bingo, > > I was right, since it is encapsulated and not Encrypted, we can match > whatever it is inside on the GRE packet... we are matching, not crafting.... > > Here is the example of dropping ICMP echo messages encapsulated on GRE... > > Class Map type access-control match-all ICMP (id 2) > Match field ICMP code eq 0 mask 0x1 > > Class Map type stack match-all STACK-GRE (id 1) > Match field IP protocol eq 0x2F next ICMP > > > Policy Map type access-control STACK-GRE > Class STACK-GRE > service-policy ICMP-DROP-GRE > > Policy Map type access-control ICMP-DROP-GRE > Class ICMP > drop > > > > > Router1#sh policy-map type access-control interface fa 0/1 > FastEthernet0/1 > > Service-policy access-control input: STACK-GRE > > Class-map: STACK-GRE (match-all) > 5 packets, 690 bytes > 5 minute offered rate 0 bps > Match: field IP protocol eq 0x2F next ICMP > > Service-policy access-control : ICMP-DROP-GRE > > Class-map: ICMP (match-all) > 5 packets, 690 bytes > 5 minute offered rate 0 bps > Match: field ICMP code eq 0 mask 0x1 > drop > > Class-map: class-default (match-any) > 0 packets, 0 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: any > > Class-map: class-default (match-any) > 2 packets, 1236 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: any > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
