Why ICMP packets used to ping a host cannot be discarded using a traffic policy on an S series modular switch

An S series modular switch sends ICMP packets to the CPU based on an ACL and discards ICMP packets based on an ACL in a traffic policy. The two ACLs are used for packet sending to the CPU and packet discarding respectively, and the ACL with a higher priority takes effect. The ACL for sending ICMP packets to the CPU has a higher priority. Therefore, ICMP packets cannot be discarded by configuring a traffic policy. To discard the ICMP packets, configure a blacklist.
If the switch sends ICMP packets to the CPU through a route, you can configure a traffic policy to discard ICMP packets.

Scroll to top