I have a TL-SG3428MP and I'm quite happy with my configuration so far.
Now I have a question regarding ACL.
I set up the hardware in my office just to test everything. See the infrastructure:
I'm able to access the Switch from my computer with the Interface IP-address I configured in the L3 Routed Port Interface.
To test ACL I created a new IP ACL and configured it:
I used this faq entry as an example:
So basically I want to bock all communication from the laptop 192.168.150.19 with rule 1 and 2. Mask is 255.255.255.255 und rule 1 and 2 to just block this IP-address.
All other communication should be allowed with rule 3. So if I change the IP of the laptop to 192.168.150.18, communication should be possible.
After creating the rule I created the ACL Binding:
I tried Port Binding and VLAN Binding. Direction Ingress is the only option.
So now if I ping from the laptop 192.168.150.19 to the hardware controller 192.168.150.10, the ping fails. If I unbind the ACL, ping is working. So the ACL is working properly, I guess.
Now if I ping from the laptop 192.168.150.19 to the interface IP 192.168.150.1, the ping is working. The same behavior if I ping the interface IP for the Routed Port or my computer. From my computer (company network) to laptop 192.168.150.19 it's working too (thought it will be blocked by rule 2 because of D-IP)
Is the ACL only working correctly in the 192.168.150.0 network / VLAN and doesn't work between VLAN and Routed Port or I'm missing something here?
Thanks for your help and best regards