Business Community > All Threads > ACLs between vlans do not work as expected
< All Threads

ACLs between vlans do not work as expected

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACLs between vlans do not work as expected

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ACLs between vlans do not work as expected
ACLs between vlans do not work as expected
2022-01-25 13:50:58
Model: ER605 (TL-R605)  
Hardware Version:
Firmware Version:

The page below describes how you can block vlan to vlan traffic using an ACL:

https://www.tp-link.com/nl/support/faq/3061/

 

"After saving, the ACL takes effect and the computers in the R&D department will never be able to access the Marketing department's network."

 

However, if I add such an ACL, traffic in the other direction is also blocked. So Marketing can no longer access R&D which is not the expected result.

 

Are more people encountering this? Is there a solution or a workaround?

 

Thank you.

  0      
 
  0      
 
#1
Options
5 Reply
Re:ACLs between vlans do not work as expected
2022-01-26 05:16:22 - last edited 2022-01-26 05:17:03

@matthijs_ 

ACL will stop the talk even you don't enable bi-directional. Deny A to B will stop the talk between them. There is no way you can do with this even you permit A to B before the Deny rule. I don't see a way to have the unidirectional talk across VLAN. 

  0  
  0  
#2
Options
Re:ACLs between vlans do not work as expected
2022-01-26 19:42:16

@John1234 

 

Thank you for your response.

 

That's too bad. We regularly use this functionality on Watchguard Firebox and Netgate pfSense.

 

Since when creating a rule you are asked to specify a source and destination I assumed that it would only be blocked that way.

  0  
  0  
#3
Options
Re:ACLs between vlans do not work as expected
2022-01-26 21:50:45

@Fae

Are you able to confirm whether or not unidirectional talk across VLAN should be possible?

 

Thank you.

  0  
  0  
#4
Options
Re:ACLs between vlans do not work as expected
2022-04-22 18:06:58

In my experience, at least in standalone mode, it doesn't not block bi-directionally.

When I wanted to stop any traffic between two vlans to both directions, I needed to create two ACL rules for each.

  0  
  0  
#5
Options
Re:ACLs between vlans do not work as expected
2022-06-27 18:59:42

  @Arion 

Yes, that's what I would expect. On the ER605 router?

 

Via another channel, tp-link indicated that this functionality has been intentionally disabled to save processing power on the cheaper models. A solution that was suggested to place a tp-link switch with acl functionality behind the ER605.

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 917

Replies: 5

Related Articles
ER605 ACLs not working as expected in standalone
668 1
Problems with ACLs
1042 0
ER605 Router Bandwidth Control doesn't work as expected.
3532 3
Broken InterVlan ACLs
2631 1
[SEC] - OpenVPN as Interface for ACLs
420 5
VLANS
189 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.