How to Disable Ping Replies on Brocade Switch

brocadepingswitch

What is the command to use to disable ping replies from a brocade switch? Baasically, I am trying to disable any outbound ping messages to inbound ICMP request messages. I stumbled upon brocade-broadcast-requests but this still allows the brocade switch to be pingable.

Brocade switch: NetIron CES 2024C

Software version: 5.3.0T185

Best Answer

You would need to create an ACL to filter the ICMP traffic (edit: referring to ping here - it's generally not advisable to filter all ICMP), and apply it to the desired interfaces, including the management interface. You would specify host addresses that match your router's management interface, as well as any addresses of routed interfaces.

ip access-list 666 deny any x.x.x.x icmp echo
ip access-list 666 deny any x.x.x.x icmp echo-reply
ip access-list 666 deny any y.y.y.y icmp echo
ip access-list 666 deny any y.y.y.y icmp echo-reply
ip access-list 666 permit ip any any

Where x.x.x.x and y.y.y.y would represent your addresses that you wish to filter. Continue to add addresses as you see fit. Don't forget the explicit permit at the end. Once you have the ACL created, you would then apply it to your desired interfaces in the inbound direction.

ip access-group 666 in

ETA: the echo-reply rules may be superfluous, since one shouldn't be generated if the original echo is filtered by the ACL. I don't have a Brocade at hand to test.

Related Topic