Block icmp or ping using extended acl : a cisco packet tracer lab

Posted: 24 Jan 2020 in CCNA
Tags: , ,

This is a ccna Lab showing how to block ping or how to block icmp protocol using ACL configuration on cisco routers.

Learn how to use acl on router to block ping packets. At the same time learn how to allow other packets like telnet ,ssh and other to be allowed on acl.

extended acl lab to block PING

Step 1:Configure IP Address on routers.


Here i assume that you all know how to configure ip address on cisco routers and if you dont know you can read my articles over this.


Step2: Configure Routing on Both Routers.


Static routing configuration on Router R1:


R1(config)#ip route


Static routing configuration on Router R2:


R2(config)#ip route


Step3: Configure Telnet on Router R1:


R1#config t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#enable password ccna

R1(config)#line vty 0 4

R1(config-line)#password cisco





Step4:Now Configure Extended ACL on router R1 so that it will block ping packets but allow others.


R1(config)#access-list 100 deny icmp host echo

R1(config)#access-list 100 permit ip any any

R1(config)#int se0/0/0

R1(config-if)#ip access-group 100 in


Step5:Check PING Packets are blocked or not.

icmp blocked using acl configuration on router

Step6: Now also Make sure no other services or protocols except ICMP has been blocked.

It means you must me able to telnet.


Check ACL Rules Configured on Router:


R1#show ip access-lists

Extended IP access list 100

10 deny icmp host echo

20 permit ip any any

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.