Hi,
I have 2 vsp 7k connected via V-Ist and I have 2 vsp 4k connected in those 7k using spb.
All the routing and l3 vlan are created in the vsp 7k.
vlan mgmt is 1000 (172.16.10.0/26) and I also have other vlans configured.
I plugged my notebook on the VSP4k with a static IP 10.222.10.100 and I can ping 172.16.10.0 network normally.
I am trying to block ping from vlan 12 (10.222.12.0/24) to vlan mgmt (172.16.10.0/24)
I create a ACL trying to block this but didnt work. I still pinging from my pc.
filter acl 1 type inVlan name "ACL-1"
filter acl vlan 1 12,1000
filter acl ace 1 1 name "MGMT_Ping"
filter acl ace action 1 1 permit
filter acl ace ethernet 1 1 ether-type eq ip
filter acl ace ip 1 1 src-ip mask 10.222.12.0 0.0.0.255
filter acl ace ip 1 1 dst-ip mask 10.222.12.0 0.0.0.255
filter acl ace 1 1 enable
filter acl ace 1 2 name "ACE-deny"
filter acl ace action 1 2 deny
filter acl ace ethernet 1 2 ether-type eq ip
filter acl ace ip 1 2 dst-ip mask 172.16.10.0 0.0.0.255
filter acl ace 1 2 enable
After apply that filter I keep pinging vlan 1000 normally.
Any kind of help would be welcome.
Thanks
