Orbi WiFi 7 RBE973
Reply

Re: Route printing across VLANS with SRX5308

Jim_Young
Initiate

Route printing across VLANS with SRX5308

I have an SRX5308 with three VLANS setup:

192.168.1.1

192.168.2.1

192.168.3.1

All are subnet mask 255.255.255.0. Each has it's own DHCP range. Each as a dedicated LAN port on the firewall. Currently I have Inter VLAN Routing enlabled on all three VLANs.

 

I want to place a printer on the first VLAN at 192.168.1.201 and make it visible on the other two VLANs. Currently I cannot ping across VLANS, nor do I want to other than for this printer. I suspect there is some sort of static route I need to setup, but I'm not finding much good information out there.

 

Can anyone give me a quick tutorial on how to do this?

 

Thanks in advance.

 

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 7
JohnRo
NETGEAR Employee Retired

Re: Route printing across VLANS with SRX5308

Hello Jim_Young, 

 

Welcome to the community! 

 

You'll probably need a switch (smart or managed) for this kind of setup. Since you have Inter-VLAN already enabled, all you need to do is to configure an ACL on the switch. Another option is to disable the Inter-VLAN and create a new VLAN on the switch making the printer a part of the three VLANs. This way, the clients on all three VLANs will have access on the switch but the other devices will not be able to talk to each other. 

 

Thanks, 

Message 2 of 7
KBXR
Aspirant

Re: Route printing across VLANS with SRX5308

I have a similar issue using an M4100 switch.

 

You say "... create a new VLAN on the switch making the printer a part of the three VLANs."  Exactly HOW you would go about doing that?  

 

I'm going to guess:

- three vlans already exist

- ports 1-6 are vlan 101, IP network 192.168.10.0

- ports 7-12 are vlan 102, IP network 192.168.20.0

- ports 13-18 are vlan 103, IP network 192.168.30.0

- create a vlan of ports 19-24 IP network 192.168.40.0  and hang the printer off that vlan

- Make ports 1-18 part of vlan 104

- enable IP routing.

 

Am I close?

Message 3 of 7
KBXR
Aspirant

Re: Route printing across VLANS with SRX5308

lol -- I used the very phrase I didn't understand when you said it. Human beings -- wow.

 

OK, so what I mean is that once the vlans 101, 102, 103, are setup

 

- Make ports 1-18 part of vlan 104 by tagging all of the ports with a U but only ports 19-24 have a PVID of 104

 

lol - I'm still not sure that I'm being as clear as I need to be. 

Message 4 of 7
DaneA
NETGEAR Employee Retired

Re: Route printing across VLANS with SRX5308

Hi KBXR,

 

I have just replied on your initial post here.  Kindly respond if it works. 🙂

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 5 of 7
Jim_Young
Initiate

Re: Route printing across VLANS with SRX5308

Problem solved, with some insight from the folks who posted. Thank you all.

 

I created a separate VLAN just for the printer and made it a member of all of the other VLAN ports. In turn, I gave each of the other VLANS membership on the default port for the printer's VLAN. Then I used unmanaged switches on the ports that needed them.

 

Below is the full setup. This is for a small public library -- the goal was to keep library patrons out of the staff side of the network. I'm also using OpenDNS for filtering and bandwidth profiles so that one kid on a patron computer can torrent a movie at full speed and kill the entire network.

 

Thank you again for all the help.

 

VLAN1 – printers:

  • Name: Default
  • Port membership: 1,2,3,4
  • IP: 192.168.10.1
  • SN: 255.255.255.0
  • DHCP range: 192.168.10.100 to 192.168.10.199
  • Primary DNS: 208.67.222.222
  • Secondary DNS: 208.67.220.220
  • DNS Proxy: off
  • Inter VLAN routing: on

VLAN102 – Staff:

  • Name: StaffVLAN
  • Port membership: 1,2
  • IP: 192.168.20.1
  • SN: 255.255.255.0
  • DHCP range: 192.168.20.100 to 192.168.20.199
  • Primary DNS: 8.8.8.8
  • Secondary DNS: 8.8.4.4
  • DNS Proxy: off
  • Inter VLAN routing: on

VLAN103 – Patrons:

  • Name: PatronVLAN
  • Port membership: 1,3
  • IP: 192.168.30.1
  • SN: 255.255.255.0
  • DHCP range: 192.168.30.100 to 192.168.30.199
  • Primary DNS: 208.67.222.222
  • Secondary DNS: 208.67.220.220
  • DNS Proxy: off
  • Inter VLAN routing: on

VLAN104 – Wi-Fi:

  • Name: WiFiVLAN
  • Port membership: 1,2,4
  • IP: 192.168.40.1
  • SN: 255.255.255.0
  • DHCP range: 192.168.40.100 to 192.168.40.199
  • Primary DNS: 208.67.222.222
  • Secondary DNS: 208.67.220.220
  • DNS Proxy: off
  • Inter VLAN routing: on

LAN Default Ports:

  • Port 1 – default (printer)
  • Port 2 – VLAN102 (Staff)
  • Port 3 – VLAN103 (Patrons)
  • Port 4 – VLAN104 (WiFi)

 

Message 6 of 7
JohnRo
NETGEAR Employee Retired

Re: Route printing across VLANS with SRX5308

Hello Jim_Young, 

 

We are glad to know that you have it working! If ever one of the posts on this thread helped fix the issue please click on "Accept as Solution", this will help other community members if in case they encounter the same setup. 

 

Thanks, 

Message 7 of 7
Discussion stats
  • 6 replies
  • 6101 views
  • 1 kudo
  • 4 in conversation
Announcements