I want to block ping to switch which is connected to fa1/0 interface of router here is my config
access-list 103 deny icmp 192.168.1.1 0.0.0.0 192.168.1.10 0.0.0.0 echo host-unknown log
access-list 103 permit ip any any
switch IP is 192.168.1.10
Router ip 192.168.1.1
Lan interface of router config
ip dhcp relay information trusted
ip address 192.168.1.1 255.255.255.0
ip access-group 103 out
i tried both ip access-group 103 out and in still ping is going?
thanks for reply.
so on switch i can apply the acl like this on switch
2950T(config)#access-list 100 deny icmp 192.168.1.1 0.0.0.0 host 192.168.1.10 echo
2950T(config)#access-list 100 permit ip any any
now switch interface fa0/16 is connected to router should i apply acl on fa0/16 on switch interface?
If this is a 2950 switch you can't apply an IP address to an interface. What have you assigned the IP address to on the switch ?
If is a L3 vlan interface then apply it to that ie.
int vlan 10
ip access-group 100 in