nanog mailing list archives

IPV6 ACL command to block ICMPv6 Type and code

From: Roman <nurul () apnic net>
Date: Fri, 29 Jun 2012 14:52:06 +1000

Hi,

I am looking for Cisco IOS command to block specific ICMPv6 message typeand code. For example how to block only code 1 (communication withdestination administratively prohibited) of message type 1 (destinationunreachable). All other code will be permited.


deny icmp any any type 1 code 1

In my router I can see these:

Router(config-ipv6-acl)#deny icmp any any destination-unreachable ?
  auth              Match on authentication header
  dest-option       Destination Option header (all types)
  dest-option-type  Destination Option header with type
  dscp              Match packets with given dscp value
  flow-label        Flow label
  log               Log matches against this entry
  log-input         Log matches against this entry, including input
  mobility          Mobility header (all types)
  mobility-type     Mobility header with type
  routing           Routing header (all types)
  routing-type      Routing header with type
  sequence          Sequence number for this entry
  time-range        Specify a time-range
  <cr>

My IOS is c2800nm-ipvoicek9-mz.124-24.T2

Regards

Rom

Current thread:

IPV6 ACL command to block ICMPv6 Type and code Roman (Jun 28)
- Re: IPV6 ACL command to block ICMPv6 Type and code Jimmy Hess (Jun 28)