Use the Port ACL feature on 3550s to block ICMP on Switch1.
Port ACL can be used to apply on the Layer-2 interface of the switch.
Port ACLs are applied on interfaces for inbound traffic only. Configure ACL on switch1 to deny ICMP and permit everything. Apply the ACL to Fastethernet0/4 on switch1, where AAA/CA server is connected as shown in Table 5-1. The example that follows shows this configuration:
hostname sw1 ! interface FastEthernet0/4 switchport access vlan 2 switchport mode access no ip address ip access-group 101 in ! access-list 101 deny icmp any any access-list 101 permit ip any any
For more information, see the following URL: