ACL only enabling as bidirectional
I've been in initial phases of creating a very simple network. I have a Core LAN and matching SSID and a IoT LAN and Matching SSID.
I wanted to create a very simple Switch ACL that blocks IoT from the Core, but still allows traffic the opposite direction (core to iot). It doesn't seem to matter what I try (list below), when I enable my Block IoT rule, I lose all connectivity, bidirectionally, between the LANs.
I have:
Rebooted
Performed Factory Reset
Deleted all SSIDs and LANs and rebuilt from scratch
Created a "permit all" from my Core network to all other networks before and after the block rule
I am sure there is something I'm missing... but after my 5th time going over things I'm at a loss. Below are write outs of my relevant configs
LANS:
CORE LAN - 10.0.0.0/24 - Interface (all LAN interfaces checked) - VLAN 1 (also tried changing to 2, in case 1 had management issue)
IoT LAN 10.0.100.0/24 - Interface (all LAN interfaces checked) - VLAN 100
WLAN
The Force - 2.4/5GHz, WPA-Personal - SSID Broadcast, VLAN 1 (also tried matching to 2 per above CORE LAN test)
IoT - 2.4/5GHz, WPA-Personal - SSID Broadcast, VLAN 100
Access List - Switch ACL
Rule: Block IoT: Deny all protocols - Source Network - IoT Destination Network - Core Lan
From what I know/have read and watched, this should allow my Core network to communicate with my IoT network, but the second I turn it on, my extended pings drop until I disable the rule.
Should I be doing this a different way? What am I doing wrong?