LAN Routing

acl switch procurve 5406zl

Occasional Visitor

acl switch procurve 5406zl

I block on setting up ACL on our hp switch procurve 5406zl.
On the switch the ip routing is activated and all the vlans have an address so all the vlans communicate with each other. I would therefore like to set up communication restrictions between vlan on the switch.
I have 2 vlan (vlan 4 and vlan 10); On the vlan 4 I have a machine in and on the vlan 10 I have a machine in I wish that these machines no longer communicate in ping icmp.
So I wrote the following acl rule

Ip access-list extended drop_icmp_vlan10
Deny icmp host host
Vlan 10 ip access-group drop_icmp_vlan10 in

Paf against this rule also prohibits the ping from other machines of the vlan4.

Have you ever encountered this problem?

Honored Contributor

Re: acl switch procurve 5406zl

I don't know what "paf" means, so I'm not sure what you are saying, but you've got your acl line the wrong way around.

It should be
vlan 4 ip access-group drop_icmp in.

And maybe there's an implicit deny at the end, so you would need to add allow ip any any at the end