HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Can we restrict ICMP from VLANs?

 
Aafremov
Occasional Visitor

Can we restrict ICMP from VLANs?

We have two VLANs for example VLAN1 and VLAN2 configured on a5500 switch. We wont permit ICMP packets from VLAN1 to VLAN2, but deny ICMP packets from VLAN2 to VLAN1. Can this be done using ACL?

Example:

VLAN1 : 10.210.1.0/24
VLAN2: 10.210.2.0/24

acl rule 3001
rule permit ICMP source 10.210.1.0 0.0.0.255 destination 10.210.2.0 0.0.0.255
rule deny ICMP source 10.210.2.0 0.0.0.255 destination 10.210.1.0 0.0.0.255
rule permit ip source any
quit
int VLAN 1
packet-filter 3011 outbound

where i am wrong?

Thanks in advance. Anton.

1 REPLY
Vince-Whirlwind
Honored Contributor

Re: Can we restrict ICMP from VLANs?

Try rule deny ICMP source 10.210.2.0 0.0.0.255 destination 10.210.1.0 0.0.0.255 inbound on VLAN2