ACL denying all - All but one device have no internet
Hello all,
I am currently trying getting my head around ACLs and how to set them up.
Currently I have my home Network divided into 3 VLANs: Management, Daily Use, Guest
My Setup:
- Omada SW Controller: 5.13.30.8
- Router: ER605 v1.0 Firmware: 1.3.1
- Switch: SG3428 v2.30 Firmware: 2.30.0
- 3x EAP653(EU) v1.0 Firmware: 1.0.14
For my test I've added an additional Lan Network "Test_23" as VLAN 40 with Wifi.
DHCP range is 192.168.40.xxx
I have added the following bidirectional switch ACL:
Type: Network
Policy: Deny
Protocols: All
Source: All Networks / Test
Destination: Test / All Networks
My expectation:
This should block all communication between Test_23 and other VLANs as well as Internet access and communication between devies.
Observed:
- Phone 1 (192.168.40.10) immediatley looses internet access but can ping Phone 2
- Phone 2 (192.168.40.11) retains internet access and can ping Phone 2
I have tested multiple configurations, also with my other Vlans and if I have such ACLs Phone 2 alwys has internet access even if all other devices do not.
Furthermore I thought that this rule would block inter VLAN communication but I am wrong there too.
There must be something I don't see there and a nudge in the right direction would be very appreciated.