Follow these steps to configure an ACL that can be used to protect against ping flood attack.
Procedure
-
Enter global configuration mode.
device# configure terminal
-
Create or invoke an extended IP ACL.
device(config)# ip access-list extended acl1
2015/04/01-13:18:15, [SSMD-1400], 2315, SW/device | Active | DCE, INFO, device, IPv4 access list acl1 is created.
The system message is generated when you create an ACL. If you are configuring an existing ACL, no message is generated.
-
Configure the extended ACL to filter ICMP packets.
device(conf-ipacl-ext)# permit icmp any any
2015/04/02-11:44:45, [SSMD-1404], 2501, SW/device | Active | DCE, INFO, device, IPv4 access list acl1 rule sequence number 10 is added.
-
Return to privileged EXEC mode.
device(conf-ipacl-ext)# end
-
Verify the ACL.
device# show running-config ip access-list extended acl1
ip access-list extended acl1
seq 10 permit icmp any any
Protection against ping attacks - ACL configuration example
device# configure terminal
device(config)# ip access-list extended acl1
device(conf-ipacl-ext)# permit icmp any any
device(conf-ipacl-ext)# end
device# show running-config ip access-list extended acl1
