Home

Forums

Stories

Knowledge Base

Business Community > Switches > ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

< Switches

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

DrNeau

2025-02-25 00:10:32 - last edited 2025-02-25 02:09:41

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-02-24

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

2025-02-25 00:10:32 - last edited 2025-02-25 02:09:41

Model: SG2016P

Hardware Version: V1

Firmware Version: 1.20.5

I have two "Interface" networks set up:

"Core" for the network devices and home computers
"Outer Core" for my wireless printer

Everything is successfully connected with IPs that show that they are in the correct subnets. I can ping the printer from my desktop.

Now I'm trying to create an ACL so that the printer cannot touch the Core devices.

The ACL has the following properties:

Policy: Deny
Protocols: All
Rule:
- Source: Network "Outer Core"
- Destination: Network "Core"
ACL Binding (can't change these):
- Binding type: Ports
- Ports: All ports
Advanced settings:
- Time Range: not enabled
- Ethertype: not enabled

That's it. When I create that rule, I can no longer even ping the printer that's in "Outer Core" from my desktop that's in "Core". Disable the rule, wait a few seconds and I can ping again.

Not sure what I'm doing wrong. Thoughts?

1 Accepted Solution

Clive_A

2025-02-25 02:09:28 - last edited 2025-02-25 02:09:41

Posts: 8362

Helpful: 4349

Solutions: 2191

Stories: 0

Registered: 2023-06-09

Re:ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?-Solution

2025-02-25 02:09:28 - last edited 2025-02-25 02:09:41

Hi @DrNeau

Thanks for posting in our business forum.

Understand how communication works.

Successful communication is bidirectional. Not unidirectional.

A > B and B > A. Good.

A > B good, B > A no good = bad communication.

And second concept, switch ACL is not stateful. Stateful and stateless has been explained in the guide on the router page. You can search and read it.

A > B, ACL block, B > A ACL allow = A > B works, B > A does not work, this is stateful ACL.

In SW ACL, you block A > B, with this single rule, A > B or B > A are both blocked.

Recommended Solution

1 Reply

Clive_A

2025-02-25 02:09:28 - last edited 2025-02-25 02:09:41

Posts: 8362

Helpful: 4349

Solutions: 2191

Stories: 0

Registered: 2023-06-09

Re:ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?-Solution

2025-02-25 02:09:28 - last edited 2025-02-25 02:09:41

Hi @DrNeau

Thanks for posting in our business forum.

Understand how communication works.

Successful communication is bidirectional. Not unidirectional.

A > B and B > A. Good.

A > B good, B > A no good = bad communication.

And second concept, switch ACL is not stateful. Stateful and stateless has been explained in the guide on the router page. You can search and read it.

A > B, ACL block, B > A ACL allow = A > B works, B > A does not work, this is stateful ACL.

In SW ACL, you block A > B, with this single rule, A > B or B > A are both blocked.

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

Information

Voters 0

Tags