Icmp Code/ type 0 mean echo request and icmp code/type 8 means echo reply. Type/code 3 means Icmp unreachable.
Code and type means the same thing, memorizing or knowing where to find the Icmp code types or any port number is very important. I sent a link couple of months back which is inside Asa config guide which serial all the port numbers, protocols numbers. On Wednesday, June 20, 2012, Imre Oszkar wrote: > Hi Mike, > > Why did you choose to look for code 0? Code 0 means different thing for > each ICMP type. > I think for echo messages you should look for icmp type 8 . > Now the interesting part is that if you try to match icmp type 8 instead > of code 8 your solution won't work. > > > Oszkar > > >> >> Annnnnnnd Bingo, >> >> I was right, since it is encapsulated and not Encrypted, we can match >> whatever it is inside on the GRE packet... we are matching, not crafting.... >> >> Here is the example of dropping ICMP echo messages encapsulated on GRE... >> >> Class Map type access-control match-all ICMP (id 2) >> Match field ICMP code eq 0 mask 0x1 >> >> Class Map type stack match-all STACK-GRE (id 1) >> Match field IP protocol eq 0x2F next ICMP >> >> >> Policy Map type access-control STACK-GRE >> Class STACK-GRE >> service-policy ICMP-DROP-GRE >> >> Policy Map type access-control ICMP-DROP-GRE >> Class ICMP >> drop >> >> >> >> >> Router1#sh policy-map type access-control interface fa 0/1 >> FastEthernet0/1 >> >> Service-policy access-control input: STACK-GRE >> >> Class-map: STACK-GRE (match-all) >> 5 packets, 690 bytes >> 5 minute offered rate 0 bps >> Match: field IP protocol eq 0x2F next ICMP >> >> Service-policy access-control : ICMP-DROP-GRE >> >> Class-map: ICMP (match-all) >> 5 packets, 690 bytes >> 5 minute offered rate 0 bps >> Match: field ICMP code eq 0 mask 0x1 >> drop >> >> Class-map: class-default (match-any) >> 0 packets, 0 bytes >> 5 minute offered rate 0 bps, drop rate 0 bps >> Match: any >> >> Class-map: class-default (match-any) >> 2 packets, 1236 bytes >> 5 minute offered rate 0 bps, drop rate 0 bps >> Match: any >> >> >> -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
