USG60W - L2 isolation and WLAN Printer avalibility

ChrisGer
ChrisGer Posts: 205  Ally Member
Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
edited August 2021 in Security
hello Zyxel Community,
I have a USG60W - current firmware is installed and get a little stumble, because the L2 isolation in the WLAN works, but the printers located in this VLAN are now no longer accessible.

What have I already done:
- Whitelist enabled
- IP address of the WLAN printers entered in the whitelist
- All WLAN devices can access the Internet
- The devices do not see each other

The aim would be, that the Windows clients could use the WLAN printers over the network.

Did I forget something or did I make a mental mistake?

Thx forward and regards
Chris

All Replies

  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    During connection is unreachable between PC and printer....does PC and WLAN printer are belonging to same IP segment?
    Can you take a screenshot of white list what you configured?
    Does L2 isolation is enabled on your switch?
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    @CHS
    PC an WLAN Printer are in different segments -> PC to WLAN printer is working well.

    The affected device is in the same IP segment as the WLAN printers.

    Whitelist is enabled and i put the IPs of WLAN Printer and the affected WIndows10 device and put them in the Whitelist -> nothing changed -> printer is not rechable.

    The L2 Isolation is configured on the USG60W and there is no switch between USG and affected devices.

    The USG is remote located and the web/remote access is disabled (saty first) ;) If you still have an approach / idea, where it can be, please give me a short feedback.

    Regards
    Chris
  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Hi @ChrisGer
    L2 isolation is cheating MAC address in same IP segment prevent devices connect to each other.
    And ARP record will exist in table for a period time.
    You may reboot PC and printer to flush MAC table firs and make sure if it is helpful.
    And check if PC can receive ICMP response from printer.
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Hi @CHS
    sorry for the delay, but we still have school vacations and my summer vacation until 15.09. as I am at the site again (after my vacation) i will test everything again and in the worst case move the notebooks in a separate vLAN and set this (notebook vLAN) with L2 isolation.

    thx and regards
    Chris
  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Why not a 1:1 NAT for the IP Printer to a "current network" address?
  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Win10 and printer are in same IP segment...so 1:1NAT doesn't help in this case.

Security Highlight