Configuring use case 3: Protection against ping flood attacks

  1. Enter global configuration mode.
    device# configure terminal
    
  2. Create or invoke an extended IP ACL.
    device(config)# ip access-list extended acl1
    2015/04/01-13:18:15, [SSMD-1400], 2315, SW/device | Active | DCE, INFO, device, IPv4 access list acl1 is created.
    
    The system message is generated when you create an ACL. If you are configuring an existing ACL, no message is generated.
  3. Configure the extended ACL to filter ICMP packets.
    device(conf-ipacl-ext)# permit icmp any any
    2015/04/02-11:44:45, [SSMD-1404], 2501, SW/device | Active | DCE, INFO, device, IPv4 access list acl1 rule sequence number 10 is added.
    
  4. Return to privileged EXEC mode.
    device(conf-ipacl-ext)# end
    
  5. Verify the ACL.
    device# show running-config ip access-list extended acl1
    ip access-list extended acl1
     seq 10 permit icmp any any 
    

Protection against ping attacks - ACL configuration example

device# configure terminal
device(config)# ip access-list extended acl1
device(conf-ipacl-ext)# permit icmp any any 
device(conf-ipacl-ext)# end
device# show running-config ip access-list extended acl1