BranoI hate VogonsPremium,MVMReviews:
|reply to olsongt |
Re: A bridge too far?
As mentioned, punch a firewall hole for the printer service from LAN1 to LAN2 (port depends on how the printer is accessed, it should tell you on the printer WEB GUI).
You will most likely also need static route from LAN1 to LAN2 (the USG may add it automatically/dynamically but I doubt it).
I was wondering about that Brano. When a VLAN is downstream of a LAN port, a static route is needed so the router knows how to get to the VLAN address range via the smart switch's address connected to the router's LAN port. But LAN1 and LAN2 are part of the router's own "switch," so one would hope that the router would know the path to take to an address within either LAN's IP range (sub net).
Only broadcast traffic within each LAN should be blocked at the router's "switch." Printer broadcast traffic should be blocked even if there is a static route established between LANs.
I don't have anything on LAN2 so I haven't had a need to find out the hard way.