ip copp access-list icmp

Use this command to permit or deny ICMP packets based on the given source and destination IP address.

Use the no form of this command to remove an ACL specification.

Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.

Command Syntax

Copy

ip copp access-list (<1-268435453>|)
 (deny|permit) 
icmp 
(any|host A.B.C.D|A.B.C.D/M|A.B.C.D A.B.C.D|prefix-group WORD) 
(any|host A.B.C.D|A.B.C.D/M|A.B.C.D A.B.C.D|prefix-group WORD) 
(fragments|) 
(ttl <0-255>|) 
(ip-options|) 
(log (sampling-rate)|)
no ip copp access-list (<1-268435453>|)
 (deny|permit) 
icmp 
(any|host A.B.C.D|A.B.C.D/M|A.B.C.D A.B.C.D|prefix-group WORD) 
(any|host A.B.C.D|A.B.C.D/M|A.B.C.D A.B.C.D|prefix-group WORD) 
(fragments|) 
(ttl <0-255>|) 
(ip-options|) 
(log (sampling-rate)|)

Parameters

<1-268435453>

IPv4 ACL sequence number.

deny

Drop the packet.

permit

Accept the packet.

icmp

Internet Control Message Protocol packet.

A.B.C.D/M

Source IP prefix and length.

A.B.C.D A.B.C.D

Source IP address and mask.

host A.B.C.D

A single source host IP address.

any

Match any source IP address.

A.B.C.D/M

Destination IP prefix and length.

A.B.C.D A.B.C.D

Destination IP address and mask.

host A.B.C.D

A single destination host IP address.

any

Match any destination IP address.

fragments

Matches fragmented packets..

ttl <0-255>

Filters packets based on Time-To-Live (TTL) value.

ip-options

Matches packets containing IP options (used for security policies).

administratively-prohibited

Administratively prohibited.

alternate-address

Alternate address.

conversion-error

Datagram conversion.

dod-host-prohibited

Host prohibited.

dod-net-prohibited

Net prohibited.

echo

Echo (ping).

echo-reply

Echo reply.

general-parameter-problem

Parameter problem.

host-isolated

Host isolated.

host-precedence-unreachable

Host unreachable for precedence.

host-redirect

Host redirect.

host-tos-redirect

Host redirect for ToS.

host-tos-unreachable

Host unreachable for ToS.

host-unknown

Host unknown.

host-unreachable

Host unreachable.

information-reply

Information replies.

information-request

Information requests.

mask-reply

Mask replies.

mask-request

Mask requests.

mobile-redirect

Mobile host redirect.

net-redirect

Network redirect.

net-tos-redirect

Net redirect for ToS.

net-tos-unreachable

Network unreachable for ToS.

net-unreachable

Net unreachable.

network-unknown

Network unknown.

no-room-for-option

Parameter required but no room.

option-missing

Parameter required but not present.

packet-too-big

Fragmentation needed and DF set.

parameter-problem

All parameter problems.

port-unreachable

Port unreachable.

precedence-unreachable

Precedence cutoff.

protocol-unreachable

Protocol unreachable.

reassembly-timeout

Reassembly timeout.

redirect

All redirects.

router-advertisement

Router discovery advertisements.

router-solicitation

Router discovery solicitations.

source-quench

Source quenches.

source-route-failed

Source route failed.

time-exceeded

All time-exceeded messages.

timestamp-reply

Time-stamp replies.

timestamp-request

Time-stamp requests.

traceroute

Traceroute.

ttl-exceeded

TTL exceeded.

unreachable

All unreachables.

<0-255>

ICMP type.

<0-255>

ICMP code.

log

Log the packets matching the filter (in-direction only). sample Sample the packets matching the filter (in-direction only).

sample

Sample the packets matching the filter (in-direction only).

redirect-to-port

Redirect the packet (in-direction only)

IFNAME

Interface name to which packet to be redirected (switchport only)

Default

None

Command Mode

IP access-list mode

Applicability

This command was introduced beforeOcNOS version 6.6.0 .

Examples

Copy

#configure terminal
(config)#ip copp access-list ip-icmp
(config-ip-copp-acl)#200 permit icmp any any