Omada, VLAN, routing, firewall

I did star work for small company as IT admin. They have network base on omada products. The network is build by external company and they also configured it.

router : ER605 v2.0
switches : TL-SG2428P v5.0
APs : EAP615-Wall(EU) v1.0
controller : OC200

LAN network is not used and we have Management VLAN where all swithces and APs are, then I have home VLAN 10 and quest VLAN 20. In settings → network security → ACL there are only two rules in switch ACL (gateway and EAP ACLs are empty):

  • denny quest access to LAN, home and Management
  • denny home access to LAN and Management

so question #1 what is default state? all routing between vlan is permint?

I am trying to access host in quest from home and it is not possible. So I assume that routing between vlans is denny by default. question #2 do you think that those two rules are unnecessary?

I did create rules (in switch ACL) which permit access from home to quest. It is first rule. But still not able to access host in quest vlan from home. I did enable all protocols. I am not also ping router quest IP from home vlan.

question #3 what is different or how should I understand gatewat ACL, switch ACL, EAP acls?

maybe I dont understand it correctly. Thank you for any help, tip or link to documentation.

your using er605 router and pfsense? Do you run it before or after? I have a problem with my 605. It will work but dont try and get out or in not a chance I will be watching this

no, I am not using pfsense

ahh ok sorry read it wrong