I have a stack of SG500 switches that are in layer 3 mode.
There are 3 VLANS
100 = Data 192.168.1.0
200 = Phone 192.168.200.0
500 = Management 192.168.220.0
Each VLAN has an ip address and clients have their gateways set as the switches interface address. Intervlan is working and clients can ping across VLANS and access the internet.
I now want to apply some restrictions. For example I want to be able to apply rules such as:-
1) Any client on 100 or 200 can not access each other or Management
2) Management can access anything on ANY VLAN.
3) Clients on 100 can access host 192.168.200.100 on vlan 200 on port 443 only.
I have tried setting up an example ACL and ACE such as per attached screenshot and apply the ACL to all ports on the switch:-
When I do this the management can't ping anything. It seems that the 'deny' is blocking the replies etc.
Is this possible, if you how? Thanks in advance.