ACL Counter not Incrementing despite packets getting matched
I have the following ACL setup on my TP-Link L2+ Managed Switch:
access-list create 550 name "Internal Firewall"
access-list ip 550 rule 1001 permit logging enable sip 0.0.0.0 sip-mask 255.255.255.255 dip 255.255.255.255 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff s-port 68 s-port-mask ffff
access-list ip 550 rule 1005 permit logging enable sip 10.0.91.1 sip-mask 255.255.255.255 dip 10.0.91.1 dip-mask 255.255.255.0 protocol 17 d-port 68 d-port-mask ffff s-port 67 s-port-mask ffff
access-list ip 550 rule 1010 permit logging enable sip 0.0.0.0 sip-mask 255.255.255.255 dip 10.0.91.1 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff s-port 68 s-port-mask ffff
access-list ip 550 rule 9999 deny logging enable
#
access-list bind 550 interface gigabitEthernet 1/0/1,1/0/7
As you can see, the ACL defaults to blocking any traffic.
The DHCP-Traffic should be allowed though (and DHCP works) but (for some reason I don't understand) the ACL counter does not increment:
I already tried re-setting and upgrading my TP-Link Switch to the latest firmware, but the counter still doesn't increment.
The ACL config provided above is as is ; I haven't modified it in any way.
Flipping the action from "permit" to "deny" makes DHCP not work anymore so I'm sure that the rule gets matched.
However, I'm still not confident if the rule really get matched as the counter doesn't increment.
Any suggestions?