ACL to block icmp

GngoghGngogh Member Posts: 165 ■■■□□□□□□□
Hi,

I have a topology with 2 vlans and router-on-stick, i was playing with ping and decided to do a icmp sweep, i was able to get the ip address of all host's from the vlan i was pinging.

I try to block the icmp ping with a ACL, but no success...

My access-list is as follows,

- access-list 101 deny icmp any any

and then on the router subinterfaces

- ip access-group 101 in

the problem is that the ping's are still going through, not through the router, but through the switch,

so when i apply a acl on a switch, i cannot do ip access-group on the interfaces. How do i achieve this on a L2 switch?

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    How and where are you applying this? What type of switch?
    An expert is a man who has made all the mistakes which can be made.
  • GngoghGngogh Member Posts: 165 ■■■□□□□□□□
    im doing this on packet tracer, and im not applying because i cannot find where. im able to create the access-list, but on interfaces i dont have the ip commnad, and on vlan i dont have the ip access-group command. i dont know if this is a problem with packet tracer or if i have to apply them elsewere.

    BTW: the switch is a L2 switch.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Most newer switches support inbound port ACLs (ACLs applied to the layer 2 interfaces). Not sure what packet tracer has available though.

    Usually in the real world this would be something you'd apply on the gateway (or the edge of your network depending on how far out you are wanting to block this). So if you are doing router on a stick or have a L3 switch with an SVI acting as your hosts gateway you can put an outbound ACL there.
    An expert is a man who has made all the mistakes which can be made.
  • GngoghGngogh Member Posts: 165 ■■■□□□□□□□
    this is all i have available in packet tracer for layer 2 switch

    Switch(config)#int range f0/1-24
    Switch(config-if-range)#?
    cdp
    channel-group
    channel-protocol
    description
    duplex
    exit
    mdix
    mls
    no
    shutdown
    spanning-tree
    speed
    storm-control
    switchport
    tx-ring-limit

    so i guess i have to use layer 3 switch instead..

    thanks for your help.
Sign In or Register to comment.