We have an SSID setup for guest devices, VLAN20, with the deny local LAN option enabled. We also have a few ACLs configured for VLAN 20 (see screen shot).
Would there be any conflict having the ACLs and "deny local LAN"?
Note that DNS uses both UDP and TCP (UDP for small queries and TCP for large queries).
Yes, you can use both ACLs at the same time.
No conflict as your individual rules are always placed above the "Deny Local LAN".
So order of operations would process the ACLs first then it would process "deny local LAN"?
If this network is used only for Wifi you can deny the LAN directly on the SSID and remove the firewall rule deny which will work without problem. But it's okay to keep both.
Thank you everyone for the quick responses. I just wanted to make sure I wasnt hindering any wireless clients from getting connected/dhcp addresses.
You wouldn't need the firewall rules for DHCP as that is exempted from the "Deny Local LAN" processing:
I need the ACLs in place for the Guest devices that are going to be plugged into the switch.
For that you would need acl on the switch. Or maybe port isolation
Bringing this back alive. Does anyone see a problem with this ACL? With these ACLs in place, mobile clients do not get a DHCP IP. If I remove the ACLs, everything works as it should. Also this network has the "Deny local LAN" option ticked under ssid.