Anyone else got an issue with clients communicating with each other on the same subnet if deploying an ACL Policy on egress of a VLAN.
In Cisco world a normal RFC1918 ACL Egressing the VLAN is sufficient for a guest network, clients can still communicate with each other but this can be additionally adjusted with an ACL.
It seems in EXOS as soon as you define an ACL it enables a type of Client Isolation and the only way around this would be to specifically allow client to client config via an additional rule to allow egress traffic of the whole subnet.
Best answer by RobertWilkinson
Turns out it works on Ingress on the VLAN, Cisco and Enterasys is the opposite way. All sorted now.
Still have to have an entry that has the L2 subnet as a source and destination to allow clients to reach each other but not a major issue, just not usual behavior for other vendor ACL’s.