The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers’ operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.

When creating Cisco IOS ACLs, many admins start out with either:

access-list 101 deny ip …


access-list 101 deny tcp …

While these may be the two most common ways to filter network traffic with Cisco IOS extended ACLs, neither of these will work to filter ICMP. Additionally, no standard access list will work for ICMP specifically.

To filter ICMP traffic, you need to use an extended access list and start with something like this:

access-list 101 deny icmp …

Post By Editor (2,827 Posts)

Website: →