Hello all,

I have a TL-SG3428MP and I'm quite happy with my configuration so far.

Now I have a question regarding ACL.

I set up the hardware in my office just to test everything. See the infrastructure:

I'm able to access the Switch from my computer with the Interface IP-address I configured in the L3 Routed Port Interface.

To test ACL I created a new IP ACL and configured it:

I used this faq entry as an example:

https://www.tp-link.com/pl/support/faq/951/

So basically I want to bock all communication from the laptop 192.168.150.19 with rule 1 and 2. Mask is 255.255.255.255 und rule 1 and 2 to just block this IP-address.

All other communication should be allowed with rule 3. So if I change the IP of the laptop to 192.168.150.18, communication should be possible.

After creating the rule I created the ACL Binding:

I tried Port Binding and VLAN Binding. Direction Ingress is the only option.

So now if I ping from the laptop 192.168.150.19 to the hardware controller 192.168.150.10, the ping fails. If I unbind the ACL, ping is working. So the ACL is working properly, I guess.

Now if I ping from the laptop 192.168.150.19 to the interface IP 192.168.150.1, the ping is working. The same behavior if I ping the interface IP for the Routed Port or my computer. From my computer (company network) to laptop 192.168.150.19 it's working too (thought it will be blocked by rule 2 because of D-IP)

Is the ACL only working correctly in the 192.168.150.0 network / VLAN and doesn't work between VLAN and Routed Port or I'm missing something here?

Thanks for your help and best regards

Stefan