IP Access list. Deny ICMP

  • 0
L3-AE-IOU1(config)#do sh run
Building configuration...

Current configuration : 1967 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname L3-AE-IOU1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!        
!
!
!
interface Ethernet0/0
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 10
 switchport mode access
 duplex auto
!
interface Ethernet0/2
 switchport access vlan 10
 switchport mode access
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 shutdown
 duplex auto
!        
interface Ethernet1/1
 shutdown
 duplex auto
!
interface Ethernet1/2
 shutdown
 duplex auto
!
interface Ethernet1/3
 shutdown
 duplex auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 ip address 10.0.32.1 255.255.255.0
!
interface Vlan10
 ip address 10.0.33.1 255.255.255.0
 ip access-group 100 in
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 10.0.32.20
!
access-list 100 deny   icmp host 10.0.33.37 any
access-list 100 permit ip any any
!
!
!        
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

The above config blocks PC2 from sending any Ping in the given diagram:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)