Gateway ACL rule doesn't work, but same rule on Switch ACL works

wiub

9 hours ago - last edited 9 hours ago

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-09-16

Gateway ACL rule doesn't work, but same rule on Switch ACL works

9 hours ago - last edited 9 hours ago

Model: ER605 (TL-R605) OC200 SG2008P

Hardware Version:

Firmware Version:

I am a beginner and I would like to understand why if I create a Gateway ACL that denies all protocols from VLAN 10 to VLAN 01 (as in first image), it doesn't work. In fact I would expect that the PC on VLAN 10 would stop ping the device on VLAN 01 but it doesn't!

r/TPLink_Omada - Gateway ACL doesn't work, but same Switch ACL works

Instead if I create the same exact rule but on Switch ACL (as in second image), it works as expected and the PC on VLAN 10 can't ping the device on VLAN 01 anymore.

r/TPLink_Omada - Gateway ACL doesn't work, but same Switch ACL works

Is Gateway ACL completely useless?

1 Reply

jra11500

LV4

5 hours ago - last edited 5 hours ago

Posts: 425

Helpful: 170

Solutions: 28

Stories: 2

Registered: 2022-12-20

Re:Gateway ACL rule doesn't work, but same rule on Switch ACL works

5 hours ago - last edited 5 hours ago

@wiub

With the gateway ACL, if your PC on VLAN 10 is pinging the gateway on VLAN 1, you will get a response. If your PC pings any other device on VLAN 1, it should not get a response. The gateway is always accessible unless you create an ACL to deny access to the Gateway Management Page..

Switch ACLs are stateless, which means the switch does not remember anything about an established connection. If you do not have a switch ACL to allow the ping response, then the response will never be seen and that is why everything appears to be working with the switch ACL.

1x ER706W 1x OC300 4x SG2008 1x EAP610 2x EAP650

Gateway ACL rule doesn't work, but same rule on Switch ACL works

Gateway ACL rule doesn't work, but same rule on Switch ACL works

Information

Voters 0

Tags