Home

Forums

Stories

Knowledge Base

Business Community > Switches > ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

< Switches

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

Yesterday - last edited Yesterday

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-02-24

ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?

Yesterday - last edited Yesterday

Model: SG2016P

Hardware Version: V1

Firmware Version: 1.20.5

I have two "Interface" networks set up:

"Core" for the network devices and home computers
"Outer Core" for my wireless printer

Everything is successfully connected with IPs that show that they are in the correct subnets. I can ping the printer from my desktop.

Now I'm trying to create an ACL so that the printer cannot touch the Core devices.

The ACL has the following properties:

Policy: Deny
Protocols: All
Rule:
- Source: Network "Outer Core"
- Destination: Network "Core"
ACL Binding (can't change these):
- Binding type: Ports
- Ports: All ports
Advanced settings:
- Time Range: not enabled
- Ethertype: not enabled

That's it. When I create that rule, I can no longer even ping the printer that's in "Outer Core" from my desktop that's in "Core". Disable the rule, wait a few seconds and I can ping again.

Not sure what I'm doing wrong. Thoughts?

0

0

#1

1 Accepted Solution

Yesterday - last edited Yesterday

Posts: 6659

Helpful: 3388

Solutions: 1582

Stories: 0

Registered: 2023-06-09

Re:ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?-Solution

Yesterday - last edited Yesterday

Thanks for posting in our business forum.

Understand how communication works.

Successful communication is bidirectional. Not unidirectional.

A > B and B > A. Good.

A > B good, B > A no good = bad communication.

And second concept, switch ACL is not stateful. Stateful and stateless has been explained in the guide on the router page. You can search and read it.

A > B, ACL block, B > A ACL allow = A > B works, B > A does not work, this is stateful ACL.

In SW ACL, you block A > B, with this single rule, A > B or B > A are both blocked.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Recommended Solution

1

1

#2

1 Reply

Yesterday - last edited Yesterday

Posts: 6659

Helpful: 3388

Solutions: 1582

Stories: 0

Registered: 2023-06-09

Re:ACL rule blocking traffic from "A" to "B" is also preventing communication from "B" into "A"?-Solution

Yesterday - last edited Yesterday

Thanks for posting in our business forum.

Understand how communication works.

Successful communication is bidirectional. Not unidirectional.

A > B and B > A. Good.

A > B good, B > A no good = bad communication.

And second concept, switch ACL is not stateful. Stateful and stateless has been explained in the guide on the router page. You can search and read it.

A > B, ACL block, B > A ACL allow = A > B works, B > A does not work, this is stateful ACL.

In SW ACL, you block A > B, with this single rule, A > B or B > A are both blocked.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Recommended Solution

1

1

#2