Business Community > Switches > TL-SG2008P TCP ACL rule
< Switches

TL-SG2008P TCP ACL rule

TL-SG2008P TCP ACL rule

TL-SG2008P TCP ACL rule
TL-SG2008P TCP ACL rule
2025-08-08 18:14:44 - last edited 2 weeks ago
Model: SG2008P  
Hardware Version: V3
Firmware Version: 3.20.0 Build 20230818 Rel.72032

Hi,

 

I'm trying to configure an IP ACL rule to allow outgoing mail on TCP port 587 for a video recorder otherwise blocked from internet, only accessible with my own PC. Video recorder being pluged to let say port 1 of my switch, local IP adress 192.168.1.xxx. The mail are send to gmail using port 587 TLS protocol

 

Trying to understand what is wrong with my setting, I tried to bind the ACL rule in the attached screenshot (and only this one) to the port 1 of my switch, it blocks the outgoing mail, whereas I use FFFF or 0000 as mask for TCP port 587

 

The 2 other IP ACL rules I'll bind to the port are working, the first one permit video recorder IP (source) to computer IP (destination), any protocol, and the last one video recorder IP (source) to all IP (destination), any protocol, deny

 

I intended do put the TCP ACL rule first, followed by the 2 other described, but since already just the TCP ACL rule blocks outgoing mail instead of permitting it I think there is something I don't understand

 

Sorry for the lack of knowledge

 

Thanks in advance for your help

 

 

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:TL-SG2008P TCP ACL rule-Solution
2025-08-13 00:41:26 - last edited 2 weeks ago

  @bob1202 

bob1202 wrote

  @Clive_A thanks for your answer. I'll check with Wireshark (never used it before so will have to  learn ). I don't have an Omada router, it was the purpose of the SG2008P to avoid using a dedicated router since I had troubles making it work with my provider's box. Thus I just have the provider's box connected to one port of the switch and my NVR connected to another

 

I don't know how to specify the destination port and IP since it is gmail smtp server with a domain adress SMTP.gmail.com and not an IP adress

If the DST is unknown, you can set it to FF for MAC or 0.0.0.0 for IP. 

Recommended Solution
  0  
  0  
#4
Options
4 Reply
Re:TL-SG2008P TCP ACL rule
2025-08-11 01:09:51

  @bob1202 

Wireshark and see what's like on the uplink port in two different situations:

1. When ACL is not involved.

2. ACL is involved. 

 

Have you tried to specify the destination IP and ports in the proper format? 

Do you have an Omada router? What's the diagram like?

  1  
  1  
#2
Options
Re:TL-SG2008P TCP ACL rule
2025-08-12 13:31:37

  @Clive_A thanks for your answer. I'll check with Wireshark (never used it before so will have to  learn ). I don't have an Omada router, it was the purpose of the SG2008P to avoid using a dedicated router since I had troubles making it work with my provider's box. Thus I just have the provider's box connected to one port of the switch and my NVR connected to another

 

I don't know how to specify the destination port and IP since it is gmail smtp server with a domain adress SMTP.gmail.com and not an IP adress

  0  
  0  
#3
Options
Re:TL-SG2008P TCP ACL rule-Solution
2025-08-13 00:41:26 - last edited 2 weeks ago

  @bob1202 

bob1202 wrote

  @Clive_A thanks for your answer. I'll check with Wireshark (never used it before so will have to  learn ). I don't have an Omada router, it was the purpose of the SG2008P to avoid using a dedicated router since I had troubles making it work with my provider's box. Thus I just have the provider's box connected to one port of the switch and my NVR connected to another

 

I don't know how to specify the destination port and IP since it is gmail smtp server with a domain adress SMTP.gmail.com and not an IP adress

If the DST is unknown, you can set it to FF for MAC or 0.0.0.0 for IP. 

Recommended Solution
  0  
  0  
#4
Options
Re:TL-SG2008P TCP ACL rule
2025-08-14 13:05:25

  @Clive_A thanks I'll try that in a while and let you know

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 168

Replies: 4

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.