Gateway ACL rule doesn't work, but same rule on Switch ACL works

Gateway ACL rule doesn't work, but same rule on Switch ACL works

Gateway ACL rule doesn't work, but same rule on Switch ACL works
Gateway ACL rule doesn't work, but same rule on Switch ACL works
9 hours ago - last edited 9 hours ago
Model: ER605 (TL-R605)   OC200   SG2008P  
Hardware Version:
Firmware Version:

I am a beginner and I would like to understand why if I create a Gateway ACL that denies all protocols from VLAN 10 to VLAN 01 (as in first image), it doesn't work. In fact I would expect that the PC on VLAN 10 would stop ping the device on VLAN 01 but it doesn't!

r/TPLink_Omada - Gateway ACL doesn't work, but same Switch ACL works

Instead if I create the same exact rule but on Switch ACL (as in second image), it works as expected and the PC on VLAN 10 can't ping the device on VLAN 01 anymore.

r/TPLink_Omada - Gateway ACL doesn't work, but same Switch ACL works

Is Gateway ACL completely useless?

 

 

 

  0      
  0      
#1
Options
1 Reply
Re:Gateway ACL rule doesn't work, but same rule on Switch ACL works
5 hours ago - last edited 5 hours ago

  @wiub 

 

With the gateway ACL, if your PC on VLAN 10 is pinging the gateway on VLAN 1, you will get a response.  If your PC pings any other device on VLAN 1, it should not get a response.  The gateway is always accessible unless you create an ACL to deny access to the Gateway Management Page..

 

Switch ACLs are stateless, which means the switch does not remember anything about an established connection.  If you do not have a switch ACL to allow the ping response, then the response will never be seen and that is why everything appears to be working with the switch ACL.

 

 

1x ER706W 1x OC300 4x SG2008 1x EAP610 2x EAP650
  0  
  0  
#2
Options