No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


How to permit ping but forbid tracert

Publication Date:  2012-09-17 Views:  2284 Downloads:  0

Issue Description

user want to permit ping but forbid tracert in network,and deny icmp in rule,as a result,both tracert and ping are forbidden  

Alarm Information


Handling Process

in our equipment:
when we ping, sent package style is echo,type Code is 8,answer package style is echo-reply and type Code is 0
when we tracert,sent package style is the same to ping(but ttl is different),answer package style is ttl-exceeded and type Code is 0
we can refer to acl as follows
acl number 3000
rule 5 permit icmp icmp-type echo
rule 10 permit icmp icmp-type echo-reply
rule 15 deny icmp icmp-type ttl-exceeded

Root Cause

Both of tracert and ping are also achieved by icmp protocol,but the type of icmp protocol are differently,the difference can be distinguished by parameter icmp-type.