Refer to Figure 5-12 for the network topology upon which the following con?¬?gurations are
based.
Edge(config)#access-list 107 deny icmp any any
mask-request log
Blocks mask-request
packets from anywhere
going to anywhere, and
logs any instance in which
this statement was used
Edge(config)#access-list 107 permit icmp any
10.2.1.0 0.0.0.255
Permits all other ICMP
messages from traveling
to the 10.2.1.0 network
Edge(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 107 in Takes all access list lines
that are de?¬?ned as being
part of group 107 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#
Edge(config)#access-list 108 permit icmp
10.2.1.0 0.0.0.255 any echo
Permits echo packets from
10.2.1.x going to
anywhere
Edge(config)#access-list 108 permit icmp
10.2.1.0 0.0.0.255 any parameter-problem
Permits parameter problem
packets from 10.2.1.x
going to anywhere
112 Using ACLs to Filter Network Traf?¬?c to Mitigate Threats
Filtering UDP Traceroute Messages
Traceroute displays the IP addresses of the routers that a packet encounters along the packet
path (hops) from source to destination.
Pages:
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106