Hi,

i have an OC200 wich controlls a ER605 VPN Router. I created four VLANs, eg to sperate my Home-PC Network from my Homelab. Not all devices are connected to the ER605 directly. Some are wired through a TL-SG108E switch, which also helps to seperate the VLANs. 

Before i used the OC200 i created some Firewall ACL Rules in the ER605 to deny communication between the differend VLANs and only permitted to access some services. 
But how do i configure this in the OC200? The Network Security > ACL > Gateway ACL Rules work as expected when i blocked a AWS EC2 IP for testing. But how do i deny communication inside my network and between my VLANs. Neighter the Switch ACL configuration seem to be applyed when blocking access between whole networks, nor the EAP ACL had any effect.

My understanding is:

Gateway ACL -> Everything going auto through the WAN Port

Switch ACL -> Everything thought the LAN Ports of the ER605 and inside the wired network

EAP ACL -> Everything going throug External Access Points

Can someone tell me what i'm doing wrong or missunderstood?

Thank you in advice.

PS: This is a simple screenshot of my switch configuration, which i thought should work as expected.