Hi  - We have a requirement to block icmp on an SVI  - I have tried this on our live kit and it did not work. so looking for some guidance and alternative options.

We tried

ip access-list extended 110

5 deny icmp any any echo log

10 deny icmp any any echo-reply log

15 deny icmp any any redirect log

20 permit ip any any log

interface vlan 250

ip address 10.10.10.10 255.255.255.0

ip access-group 110 in

ip access-group 100 out

We could still ping 10.10.10.10 from any host.

Regards