Business Community > All Threads > [SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
< All Threads

Troubleshooting [SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working

Troubleshooting [SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working

Troubleshooting[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
Saturday - last edited 14 hours ago
Tags: #Switch ACL #Highlighted Thread
Model: SG3218XP-M2  
Hardware Version: V1
Firmware Version: 1.0.5 Build 20241104 Rel.41704

ACL setup

 

IP-Port Group: Nginx 443

 

IP Group: Nginx

 

Issue:

I can't access Nginx homepage with this setup.

 

Wireguard captured packets

 

Everything work just fine once I disable ACL rule 11 and 12.

 

Expected:

ACL rule 9 and 10 will override the below rules once matched.

 

Note:

If rule 9 and 10 is setup with IP and Protocol = TCP will have the same issue.

However, change the Protocol = ALL resolves the issue

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working-Solution
Yesterday - last edited 23 hours ago

Hi @yliu 

Thanks for posting in our business forum.

That probably does not only rely on TCP 443. That's why when you set it as ALL before it works as expected. This is common. Some services may not work if you block ICMP though it seems to be unrelated.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
2 Reply
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working-Solution
Yesterday - last edited 23 hours ago

Hi @yliu 

Thanks for posting in our business forum.

That probably does not only rely on TCP 443. That's why when you set it as ALL before it works as expected. This is common. Some services may not work if you block ICMP though it seems to be unrelated.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
23 hours ago

  @Clive_A Thank you for resolving my doubt so promptly!

 

My connection went through after removing ICMP from the Deny rule wink

  1  
  1  
#3
Options

Information

Helpful: 0

Views: 75

Replies: 2

Tags

Switch ACL Highlighted Thread
Related Articles
ACL with Source IP and Port to Destination IP and Port between VLANs
822 0
ACL between VLAN and Routed Port
1828 0
ACL on switch port to deny traffic to local subnet - except to router, and allow internet
2674 0
Single IP ACL
1098 0
Can I DENY one VLAN to VLAN but also PERMIT to One IP/Port?
835 0
ACL - Port forward limit to source ip - ip group not working on ER605
1397 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.