高端路由器是否支持命令行配置ACL rule deny icmp-type 13和17
可以正常配置根据ICMP报文类型包过滤阻断报文。
以CR16K-F为例,命令行配置rule时虽然提示中没有type 17的举例,但实际设备支持直接配置对应数值。
[UP-acl-ipv4-adv-3111]rule deny icmp icmp-type ?
INTEGER<0-255> ICMP type
echo Type=8, Code=0
echo-reply Type=0, Code=0
fragmentneed-DFset Type=3, Code=4
host-redirect Type=5, Code=1
host-tos-redirect Type=5, Code=3
host-unreachable Type=3, Code=1
information-reply Type=16, Code=0
information-request Type=15, Code=0
net-redirect Type=5, Code=0
net-tos-redirect Type=5, Code=2
net-unreachable Type=3, Code=0
parameter-problem Type=12, Code=0
port-unreachable Type=3, Code=3
protocol-unreachable Type=3, Code=2
reassembly-timeout Type=11, Code=1
source-quench Type=4, Code=0
source-route-failed Type=3, Code=5
timestamp-reply Type=14, Code=0
timestamp-request Type=13, Code=0
ttl-exceeded Type=11, Code=0
[UP-acl-ipv4-adv-3111]rule deny icmp icmp-type 17
[UP-acl-ipv4-adv-3111]dis th
#
acl advanced 3111
rule 5 permit ip source 1.1.1.1 0
rule 10 deny icmp icmp-type 17
#
return
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作