Access Security Guide K/KA/KB.15.15
• general-parameter-problemport-unreachable
• host-isolatedprecedence-unreachable
• host-precedence-unreachableprotocol-unreachable
• host-redirectreassembly-timeout
• host-tos-redirectredirect
• host-tos-unreachablerouter-advertisement
• host-unknownrouter-solicitation
• host-unreachablesource-quench
• information-replysource-route-failed
• information-requesttime-exceeded
• mask-replytimestamp-reply
• mask-requesttimestamp-request
• mobile-redirecttraceroute
• net-redirectttl-exceeded
• net-tos-redirectunreachable
Controlling IGMP traffic in extended ACLs
This option is useful where it is necessary to permit some types of IGMP traffic and deny other
types instead of simply permitting or denying all types of IGMP traffic. That is, an ACE designed
to permit or deny IGMP traffic can optionally include an IGMP packet type to permit or deny an
individual type of IGMP packet while not addressing other IGMP traffic types in the same ACE.
Syntax:
< permit | deny > igmp SA DA [ igmp-type ]
In an extended ACL using igmp as the packet protocol type, you can optionally
specify an individual IGMP packet type to further define the criteria for a match.
This option, if used, is entered immediately after the destination addressing entry.
The following example shows an IGMP ACE entered in the Named ACL context:
HP Switch(config-ext-nacl)# permit igmp any any host-query
[ igmp-type ]
The complete list of IGMP packet-type options includes:
dvmrptracemtrace-request
host-queryv2-host-reportv3-host-report
host-reportv2-host-leave
pimmtrace-reply
For more information on IGMP packet types, visit the Internet Assigned Numbers
Authority (IANA) website at www.iana.com.); select "Protocol Number Assignment
Services", and then go to the selections under "Internet Group Management Protocol
(IGMP) Type Numbers".
Example
Suppose that you want to implement these policies on a switch configured for IPv4
routing and membership in VLANs 10, 20, and 30:
270 IPv4 Access Control Lists (ACLs)