dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
813
share rss forum feed


saulos

@ngi.it

lan2 don't see server on lan1

Hi I have
all the desktop/server/printers on Lan1 192.168.1.x
and
I will like to put all the
laptop/cellphone/tablet on wifi at Lan2 192.168.2.x
I already set the 2 lan according to the IP and mask is
255.255.255.0
Zone is set to allow intra-zone for both
all is working and I can ping server from Lan2.
Now I have 2 problems,
first I need to use the WAN2 interface for the Lan2 internet traffic so I will free some bandwith on Wan1
second how I can enable the Lan2 clients to see the server and printer on Lan1 ??
Thanks a lot


Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..

"See" can mean two things.

If the firewall allows LAN 1 to LAN 2 and vice versa traffic, then one can ping each way and one can print, so long as the printer program on a LAN 2 PC knows the IP address of the printer on LAN 1.

If you want auto discovery of where printers are by, e.g., Windows, the messages that perform that function are not usually passed beyond the boundaries of a given subnet so you may be out of luck.

I have printers on a separate VLAN and allow them access to the VLAN the computers are on and vice versa at the USG firewall. I block them from access to the Internet. I use MAC binding to assure that printers obtain specific IP addresses, and then point PC printer setups to those IP addresses.

kirby



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:8
reply to saulos

Both of your issues are related to Policy Routing and Firewall config possibly.
For testing disable and fix your Policy routing (if unsure post a screenshot here).



saulos

@ngi.it
reply to saulos

First thanks to both of you
yes for "see" I was intending that I can ping them, ftp and web connect on server using the IP so I think that some service for autodiscovery are not passing to Lan2 .
I will try your binding suggestion , Kirby, adding fixed IP for printer and server.
Brano, sorry but as now I don't have any , except the one the USG 100 create when it was installed.
Before we only had 1 WAN and we use only LAN1 so no specifc set up was put in place, all came in november when we got the second Wan and we start to see how we can separate the traffic on both lan, a sort of load balancing, we started Lan2 to be used for cellphone/private tablet and it was ok as they don't need to see any internal resource. Now we are try to squeeze the most of the 2 WAN .
Any furter suggestion will be helpfull


Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to Brano

Brano:

Can one route NetBios etc. across subnet boundaries with a policy route?

On my Cisco switch (yes, I call my USG 50 Pancho) VLANs can be setup so that particular ports are members of more than one VLAN (not sure if this only works for members of default VLAN 1 at the moment) and in such a case, the NetBios traffic seems to be common because some PCs can find the printers.

kirby



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:8

No idea about NetBIOS, never tried that. Some answers here »NETBIOS Routable?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:8
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to saulos

For both LAN1 to LAN2 routing and/or LAN2 to WAN2 you need to setup appropriate policy routes, the default routes are not sufficient.
Start with user guide here »ftp://ftp.zyxel.com/ZYWALL_USG_100/use···_Ed1.pdf
When you run into specific questions don't hesitate to ask here.



saulos

@telecomitalia.it

Thanks,
I will go with your suggestion, if I will need more support I will post again


Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to Brano

Thanks, Brano, your reference asserts that it is routable over the Internet, much to the dismay of many who received malware by that path (something I should have remembered). So it is surely routable between LANs, given appropriate firewall permissions. For example, the default DMZ allow lists NetBIOS.

Subnet broadcasts to .255 might be a different kettle of fish.

kirby