Wireless Access

Frequent Contributor I

Is svc-icmp all ICMP types?

Does svc-icmp mean all of this:


administratively-proh.. Administratively prohibited
alternate-address       Alternate address
conversion-error        Datagram conversion
dod-host-prohibited     Host prohibited
dod-net-prohibited      Net prohibited
echo                    Echo (ping)
general-parameter-pro.. Parameter problem
host-isolated           Host isolated
host-precedence-unrea.. Host unreachable for precedence
host-redirect           Host redirect
host-tos-redirect       Host redirect for TOS
host-tos-unreachable    Host unreachable for TOS
host-unknown            Host unknown
host-unreachable        Host unreachable
information-request     Information requests
mask-request            Mask requests
mobile-redirect         Mobile host redirect
net-redirect            Network redirect
net-tos-redirect        Net redirect for TOS
net-tos-unreachable     Network unreachable for TOS
net-unreachable         Net unreachable
network-unknown         Network unknown
no-room-for-option      Parameter required but no room
option-missing          Parameter required but not present
packet-too-big          Fragmentation needed and DF set
parameter-problem       All parameter problems
port-unreachable        Port unreachable
precedence              Match packets with given precedence value
precedence-unreachable  Precedence cutoff
protocol-unreachable    Protocol unreachable
reassembly-timeout      Reassembly timeout
redirect                All redirects
router-advertisement    Router discovery advertisements
router-solicitation     Router discovery solicitations
source-quench           Source quenches
source-route-failed     Source route failed
time-exceeded           All time exceededs
timestamp-request       Timestamp requests
traceroute              Traceroute
ttl-exceeded            TTL exceeded
unreachable             All unreachables


Or is it a subset of the common stuff (echo, traceroute, unreachable)?

Frequent Contributor I

Re: Is svc-icmp all ICMP types?

I just did this to be safe:


ip access-list session .allow-ping-traceroute
  user any icmp echo permit
  user any icmp traceroute permit


Mine was host specific though.  Then I applied it to the role.


*I put a . in front of my stuff to distinguish from defaults.

Guru Elite

Re: Is svc-icmp all ICMP types?

It would be all of them (protocol 1).

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: