Controlling ICMP traffic flow

This command is useful where it is necessary to permit some types of ICMP traffic and deny other types, instead of simply permitting or denying all types of ICMP traffic. That is, an ACE designed to permit or deny ICMP traffic can optionally include an ICMP type and code value to permit or deny an individual type of ICMP packet while not addressing other ICMP traffic types in the same ACE. As an optional alternative, the ACE can include the name of an ICMP packet type.

Syntax:


access-list <100-199> <deny|permit> icmp <SA> <DA>

[[icmp-type [icmp-code]]|[icmp-type-name]]

The ICMP "type" and "code" criteria are identical to the criteria described for ICMP in named, extended ACLs.