This topic has been closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
2016-04-15 08:07 AM
I have an SRX5308 with three VLANS setup:
All are subnet mask 255.255.255.0. Each has it's own DHCP range. Each as a dedicated LAN port on the firewall. Currently I have Inter VLAN Routing enlabled on all three VLANs.
I want to place a printer on the first VLAN at 192.168.1.201 and make it visible on the other two VLANs. Currently I cannot ping across VLANS, nor do I want to other than for this printer. I suspect there is some sort of static route I need to setup, but I'm not finding much good information out there.
Can anyone give me a quick tutorial on how to do this?
Thanks in advance.
2016-04-15 11:28 AM
Welcome to the community!
You'll probably need a switch (smart or managed) for this kind of setup. Since you have Inter-VLAN already enabled, all you need to do is to configure an ACL on the switch. Another option is to disable the Inter-VLAN and create a new VLAN on the switch making the printer a part of the three VLANs. This way, the clients on all three VLANs will have access on the switch but the other devices will not be able to talk to each other.
2016-04-16 12:40 PM
I have a similar issue using an M4100 switch.
You say "... create a new VLAN on the switch making the printer a part of the three VLANs." Exactly HOW you would go about doing that?
I'm going to guess:
- three vlans already exist
- ports 1-6 are vlan 101, IP network 192.168.10.0
- ports 7-12 are vlan 102, IP network 192.168.20.0
- ports 13-18 are vlan 103, IP network 192.168.30.0
- create a vlan of ports 19-24 IP network 192.168.40.0 and hang the printer off that vlan
- Make ports 1-18 part of vlan 104
- enable IP routing.
Am I close?
2016-04-17 06:05 AM
lol -- I used the very phrase I didn't understand when you said it. Human beings -- wow.
OK, so what I mean is that once the vlans 101, 102, 103, are setup
- Make ports 1-18 part of vlan 104 by tagging all of the ports with a U but only ports 19-24 have a PVID of 104
lol - I'm still not sure that I'm being as clear as I need to be.
2016-04-25 10:29 AM
Problem solved, with some insight from the folks who posted. Thank you all.
I created a separate VLAN just for the printer and made it a member of all of the other VLAN ports. In turn, I gave each of the other VLANS membership on the default port for the printer's VLAN. Then I used unmanaged switches on the ports that needed them.
Below is the full setup. This is for a small public library -- the goal was to keep library patrons out of the staff side of the network. I'm also using OpenDNS for filtering and bandwidth profiles so that one kid on a patron computer can torrent a movie at full speed and kill the entire network.
Thank you again for all the help.
VLAN1 – printers:
VLAN102 – Staff:
VLAN103 – Patrons:
VLAN104 – Wi-Fi:
LAN Default Ports:
2016-04-25 10:36 AM
We are glad to know that you have it working! If ever one of the posts on this thread helped fix the issue please click on "Accept as Solution", this will help other community members if in case they encounter the same setup.