How can I silently discard packets ?

How can I silently discard packets ?

Post by phil » Thu, 13 Nov 2003 19:35:47



Hi,

I built an access-list but this access-list generates an icmp 3/13
when the packet is discarded ... I would like to modify the router
behavior, any suggestion will be appreciated

Thanks

Phil ~~

 
 
 

How can I silently discard packets ?

Post by M.C. van den Bovenkam » Thu, 13 Nov 2003 20:13:19



> I built an access-list but this access-list generates an icmp 3/13
> when the packet is discarded ... I would like to modify the router
> behavior, any suggestion will be appreciated

I don't think there is an easy way (or any way) to make an access list
not send ICMP Admin Prohibited. But I'm willing to be corrected on that.

You might want to try policy routing the traffic to the null interface
instead of blocking it; that will make it disappear silently.

                Regards,

                        Marco.

 
 
 

How can I silently discard packets ?

Post by Bob { Goddard » Thu, 13 Nov 2003 20:38:16




>> I built an access-list but this access-list generates an icmp 3/13
>> when the packet is discarded ... I would like to modify the router
>> behavior, any suggestion will be appreciated

> I don't think there is an easy way (or any way) to make an access list
> not send ICMP Admin Prohibited. But I'm willing to be corrected on that.

> You might want to try policy routing the traffic to the null interface
> instead of blocking it; that will make it disappear silently.

Easiest way is under the interface put "no ip unreachables".
This /should/ work.

B

--
http://www.mailtrap.org.uk/
http://www.ibrox.demon.co.uk/
ng at bgcomp.co.uk

 
 
 

How can I silently discard packets ?

Post by M.C. van den Bovenkam » Thu, 13 Nov 2003 21:00:28



Quote:> Easiest way is under the interface put "no ip unreachables".
> This /should/ work.

Hmm. Good one. Yes, it probably should.

                Regards,

                        Marco.

 
 
 

How can I silently discard packets ?

Post by phil » Fri, 14 Nov 2003 19:03:44




> > Easiest way is under the interface put "no ip unreachables".
> > This /should/ work.

> Hmm. Good one. Yes, it probably should.

>            Regards,

>                    Marco.

I tried to filter the icmp but it does not work ...
I tried no ip icmp unrea ... negative

I'm stuck !   my version is 12.2

 
 
 

How can I silently discard packets ?

Post by Moi » Fri, 14 Nov 2003 19:05:45


Il se trouve que "phil~~" a formul :




>>> Easiest way is under the interface put "no ip unreachables".
>>> This /should/ work.

>> Hmm. Good one. Yes, it probably should.

>>                Regards,

>>                        Marco.

> I tried to filter the icmp but it does not work ...
> I tried no ip icmp unrea ... negative

I did "no ip icmp unreachable" on my 3640 for my WAN interface : it
works

My WAN interface is a WIC-1ADSL. I had to setup this on the Dialer
interface, not on the ATM/ADSL interface itself

Quote:

> I'm stuck !   my version is 12.2

--
Ceci est une signature automatique de MesNews.
Site : http://mesnews.no-ip.com
 
 
 

How can I silently discard packets ?

Post by Francois Labrequ » Fri, 14 Nov 2003 22:02:10


Program ended abnormally on 13/11/2003 05:03, Due to a catastrophic
phil~~ error:



>>>Easiest way is under the interface put "no ip unreachables".
>>>This /should/ work.

>>Hmm. Good one. Yes, it probably should.

>>                Regards,

>>                        Marco.

> I tried to filter the icmp but it does not work ...
> I tried no ip icmp unrea ... negative

Packets generated by the router will be ignored by ACLs on its own interfaces.
You would have to filter the ICMPs on the next hop.

--
Francois Labreque | The surest sign of the existence of extra-
     flabreque     | terrestrial intelligence is that they never

   videotron.ca    |                             - Calvin

 
 
 

1. Silently Discard on Cisco PIX?

Hi All;

Is it possible to silently drop packets on a Cisco PIX?

On a standard IOS router, you can specify what you want logged, and what you
don't; PIX appears to log all denied attempts (and then farm them out to a
syslog server, if configured, or store in the internal buffer, etc).

So.  If we have a port we don't want to log on (ident, telnet, dns, you name
it) is there a way of specifying a silent discard (deny without logging) for
packets on that port/protocol combination?

Cheers

Richard

--

Glue Guy: CCNA, CSE(SMB), MCP, makes pretty good coffee    Optimation

2. Error msg when I try to run Vo-programs

3. Packets discarded on a switch ...

4. undelete [i]

5. Cisco VPN client, packets beeing discarded and bypassed

6. Duwamish7.0 Setup

7. Does anyone know more about "Selective Packet Discard" ?

8. Don't Fear's 2nd Auction (Update 24) Part 2

9. Non-NCP packet, discarding

10. Packet Discards

11. Frame Relay & Discarded Packets

12. discard packets question

13. Packets discarded when fragmentation needed!!!