TP-LINK ER605 Access Control does not work (NOOP)
TLDR: No matter what "Access Control" policies I set, they do nothing. I can't find any option to "enable" the Access Control as a feature so I'm left to assume that Access Control is busted.
Quick steps:
1) I assigned a device of mine I wish to never have access to the internet a DCHP reserved IP [and confirmed with the device's admin that the IP assigned matches the DHCP reservation and the device only has a single IP of 192.168.0.101]
2) Under "Preferences -> Service Type" I added a service type named "ALL_UDP_TCP" and specified "UDP+TCP" and ports 0-65535 on the source and destination
3) Under "Preferences -> IP Group, IP Address" I added an IP address range of 192.168.0.101 -> 192.168.0.101 as "My_Device"
4) Under "Preferences -> IP Group" I added the "My_Device" into a group called "My_Device_Group"
5) Under Firewall -> Access Control" I added an entry policy "Block", Service type "ALL_UDP_TCP", Direction "[WAN] IN", Source: "IPGROUP_ANY", Destination: "My_Device_Group", Effective time "Any"
6) Under Firewall -> Access Control" I added an entry policy "Block", Service type "ALL_UDP_TCP", Direction "LAN->WAN", Source: "My_Device_Group", Destination: "IPGROUP_ANY", Effective time "Any"
Variations:
a) I set service Type "Any"
b) I changed IP address range to subnet mask "192.168.0.101/32"
c) Rebooting the ER605 does not help
Other notes:
c) There are no NAT rules "Virtual Service" defined (although my understanding is that Access Control will still filter/monitor this traffic anyway)
d) I am using SIP/RTP over UDP for this device (source port 5032, destination 5060 and RTP range is UDP 13100-13499), and I disabled the SIP ALG under "Transmission -> NAT, ALG" "SIP ALG"
e) My actual goal is to enable this rule during specific hours (i.e. I'd like to set an Effective time) right now i'm just trying to prove the access control works at all; if it won't block "Any" for effective time then it won't block during a specific time frame either
My conclusions:
i) I may need to "enable" "Access Control" but I found no such option to enabled it, and if that's the case this issue will be easy to fix if someone can point where this option exists
ii) I do not understand Access Control in some subtle way, e.g. IPGROUP_ANY doesn't do what I expect it to do or something...
iii) Access Control is busted and effectively does a NO-OP
Please help as this is concerning that I cannot block traffic to/from this device and I can confirm the server on the open internet is in-fact receiving traffic to/from this device despite the Access Control rules being set.