A bridge too far?
USG 20 (not 20W): lan1 all my wired devices (desktop, kid's desktop, blu-ray, home security, NAS etc.);...lan2 is wireless with two WAP3205s, one in universal repeater mode. So lan2 is for everything wireless (cell phones, kindles, ipads....) and stays separated from my wired lan (lan1).
Love it. Works great . . . . .but I just got a new wireless printer. Rather than tethering it to just my desktop, I'd love to be able to use it as a network printer for both lan1 and lan2 devices
(printing photos from my phone etc). Because my desktop is on lan1 and the wireless network is lan2, my printer unseen by the desktop (which is where I really need it 98% of the time).
(BTW I seem to like parenthetical explanations [go figure] ).
I want to keep the security as tight as possible with wireless (lan2) and wired (lan1) not "talking" to each other, but is there a way to punch a hole and let both lan1 and lan2 access a wireless printer on the lan2 side-o-things? Do I bridge lan1 and lan2 and then create mDNS rules for the printer?
Hmmmmm... It's not for lack of looking and reading that I'm asking. I just need a shove in the right direction, and any help is much appreciated.
AnavSarcastic Llama? Naw, Just AcerbicPremium
Yes, through firewall rules you can open doors between the LANS.
I have never done it but would assume you would permit LAN1 to LAN2 (all of LAN1 or a range of IPs - easier than one by one) to the IP of the wireless printer in LAN2.
Now that should let you print but that will not allow I dont think LAN2 to LAN1 feedback from the printer (like ink levels or perhaps other stuff).
UP to you if you want to allow LANIP of the printer on LAN2 access to all your LAN1 PCs, kinda breaks security. So initially just do the one-way and see what happens.
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
BranoI hate VogonsPremium,MVMReviews:
|reply to olsongt |
As mentioned, punch a firewall hole for the printer service from LAN1 to LAN2 (port depends on how the printer is accessed, it should tell you on the printer WEB GUI).
You will most likely also need static route from LAN1 to LAN2 (the USG may add it automatically/dynamically but I doubt it).
I was wondering about that Brano. When a VLAN is downstream of a LAN port, a static route is needed so the router knows how to get to the VLAN address range via the smart switch's address connected to the router's LAN port. But LAN1 and LAN2 are part of the router's own "switch," so one would hope that the router would know the path to take to an address within either LAN's IP range (sub net).
Only broadcast traffic within each LAN should be blocked at the router's "switch." Printer broadcast traffic should be blocked even if there is a static route established between LANs.
I don't have anything on LAN2 so I haven't had a need to find out the hard way.