Isolate Hosts from each other, but make dedicated traffic possible
Hello everybody.
It's me again with some problems regarding ACLs.
I would like to create an isolated VLAN where no host can reach any other host or VLAN.
But I would like to be able to allow dedicated services to the VLAN. In my special case SSH (port 22) and VNC (port 5800/5900).
I followed the guide from @Death_Metal (https://community.tp-link.com/en/business/forum/topic/603136), but its doesn't seem to work.
What i did:
1. I created a Switch ACL block rule to forbid the whole VLAN to any other VLAN (at this step not from itself)
2. I added a IP/PORT Group for SSH and VNC
3. I created a PERMIT rule for the SSH and VNC Group
With this configuration everything works like expected. But the hosts are reachable among themself (like expected)
Know I add the VLAN DMZ to the block rule to block it from itself.
I would furthermore expect the PERMIT rule work. But it don't.
The connection to SSH and VNC stays alive, but I'm not able to open a new connection. Even if I reverse the PERMIT rule.
And its also not working if I PERMIT the whole MGMT subnet instead of the dedicated SSH and VNC group.
Any suggestion here?
Thank you and best wishes
Sebastian