Filter
Top Products
C H A P T E R 17 Access Policies
323
Figure 17.4 shows the final outcome of this access list.
Figure 17.4: Permit-established access list filters out SYN
packet to destination
Example 2: Filtering ICMP Packets
This example creates an access list that filters out ping (ICMP echo)
packets. ICMP echo packets are defined as type
any code any.
The command to create this access list is:
create access-list denyping icmp destination any
source any type any code any deny ports any
Figure 17.5 shows the final outcome of this access list.
Figure 17.5: ICMP packets are filtered out
Using Routing Access Policies
Access policy entries can be one of these types:
• IP addresses and subnet masks
• VLANs
• Autonomous system path expressions (AS-Path), Border Gateway
Protocol (BGP) only
• BGP communities (BGP only)
10.10.10.100 10.10.20.10
0
SYN
SYN