I've been in initial phases  of creating a very simple network.  I have a Core LAN and matching SSID and a IoT LAN and Matching SSID.

I wanted to create a very simple Switch ACL that blocks IoT from the Core, but still allows traffic the opposite direction (core to iot).  It doesn't seem to matter what I try (list below), when I enable my Block IoT rule, I lose all connectivity, bidirectionally, between the LANs.

I have:

Rebooted

Performed Factory Reset

Deleted all SSIDs and LANs and rebuilt from scratch

Created a "permit all" from my Core network to all other networks before and after the block rule

I am sure there is something I'm missing... but after my 5th time going over things I'm at a loss.  Below are write outs of my relevant configs

LANS:

CORE LAN - 10.0.0.0/24 - Interface (all LAN interfaces checked) - VLAN 1 (also tried changing to 2, in case 1 had management issue)

IoT LAN      10.0.100.0/24 - Interface (all LAN interfaces checked) - VLAN 100

WLAN

The Force - 2.4/5GHz, WPA-Personal - SSID Broadcast, VLAN 1 (also tried matching to 2 per above CORE LAN test)

IoT            - 2.4/5GHz, WPA-Personal - SSID Broadcast, VLAN 100

Access List - Switch ACL

Rule: Block IoT: Deny all protocols - Source Network - IoT       Destination Network - Core Lan

From what I know/have read and watched, this should allow my Core network to communicate with my IoT network, but the second I turn it on, my extended pings drop until I disable the rule.

Should I be doing this a different way?  What am I doing wrong?