HPE Community
Comware Based
1821216 Members
3089 Online
109632 Solutions
New Discussion

Can we restrict ICMP from VLANs?

 
Aafremov
Occasional Visitor

‎11-13-2015 03:23 PM

‎11-13-2015 03:23 PM

Can we restrict ICMP from VLANs?

We have two VLANs for example VLAN1 and VLAN2 configured on a5500 switch. We wont permit ICMP packets from VLAN1 to VLAN2, but deny ICMP packets from VLAN2 to VLAN1. Can this be done using ACL?

Example:

VLAN1 : 10.210.1.0/24
VLAN2: 10.210.2.0/24

acl rule 3001
rule permit ICMP source 10.210.1.0 0.0.0.255 destination 10.210.2.0 0.0.0.255
rule deny ICMP source 10.210.2.0 0.0.0.255 destination 10.210.1.0 0.0.0.255
rule permit ip source any
quit
int VLAN 1
packet-filter 3011 outbound

where i am wrong?

Thanks in advance. Anton.

0 Kudos
1 REPLY 1
Vince-Whirlwind
Honored Contributor

‎11-17-2015 01:35 PM

‎11-17-2015 01:35 PM

Re: Can we restrict ICMP from VLANs?

Try rule deny ICMP source 10.210.2.0 0.0.0.255 destination 10.210.1.0 0.0.0.255 inbound on VLAN2

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.