Gateway ACL, LAN->LAN, IP-Port Needed.

Currently its not possible to define IP-Port or any other group in Gateway ACL rules.

This is crucial I think for allowing communication between isolated VLANs, for use-cases such as Internal DNS server etc..
It's currently only possible to define entire Network(s).
Or can you please advice, how to allow communication from isolated IoT VLAN to main VLAN DNS server ? Is there some other way ?
EDIT: By "Isolated" I mean I have a Gateway ACL rule to disallow communication between IoT VLAN -> All other VLANs, thus making communication to DNS server in main VLAN impossible.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Your observation is completely correct, I thought at first it was a bug but then it turned out that it wasn't. with tp-link you can close all the doors but not open any individual doors. so what the idea is at tp-link, I don't know
- Copy Link
- Report Inappropriate Content
Hi @pdu_
Thank you for your feedback and post. We have forwarded your request to our developer team for evaluation.
To stay updated on firmware releases, we recommend subscribing to the pinned thread on the related page or regularly checking our official website where new releases are typically announced promptly.
Please note that all requests undergo thorough evaluation by our developer team before being added to the roadmap. This process may take some time, so please be patient if you don't see immediate results. Features with lower priority or fewer user reports might experience delays in implementation as we gather more feedback.
It is important to understand that submitting a request does not guarantee its implementation; only requests that pass the evaluation will be considered for inclusion in future updates.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Take a look at the posts from Clive, I think he said it's been recorded.
- Copy Link
- Report Inappropriate Content
Hi @Tedd404 , that's why I was asking, since the original thread is about the ER605 (TL-R605) but it also affects the ER707-M2. @Clive_A mentions he have forwarded the initial request to the developer team for evaluation, but I wanted to know if there were any updates from the developer team about implementing this feature or not. For me it is a basic feature and a blocker for my current setup.
Thank you!
- Copy Link
- Report Inappropriate Content
Hi @ManoloTech
ManoloTech wrote
Hi @Tedd404 , that's why I was asking, since the original thread is about the ER605 (TL-R605) but it also affects the ER707-M2. @Clive_A mentions he have forwarded the initial request to the developer team for evaluation, but I wanted to know if there were any updates from the developer team about implementing this feature or not. For me it is a basic feature and a blocker for my current setup.
Thank you!
https://community.tp-link.com/en/business/forum/topic/606980?replyId=1320472
Refer to this comment. Cannot give you a specific time about it but it should be available soon.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
It's "ACL, LAN->LAN, IP-Port" in the topic, so I guess it's really about Port ACLs. The other one is "ACL LAN-LAN IPGroup." That's not quite the same. Actually, I would be really surprised seeing Port ACLs on these routers.
- Copy Link
- Report Inappropriate Content

Information
Helpful: 6
Views: 2960
Replies: 8
Voters 2






