USG60W - L2 isolation and WLAN Printer avalibility

ChrisGer
ChrisGer Posts: 205  Ally Member
First Anniversary Friend Collector First Answer First Comment
edited August 2021 in Security
hello Zyxel Community,
I have a USG60W - current firmware is installed and get a little stumble, because the L2 isolation in the WLAN works, but the printers located in this VLAN are now no longer accessible.

What have I already done:
- Whitelist enabled
- IP address of the WLAN printers entered in the whitelist
- All WLAN devices can access the Internet
- The devices do not see each other

The aim would be, that the Windows clients could use the WLAN printers over the network.

Did I forget something or did I make a mental mistake?

Thx forward and regards
Chris

All Replies

  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    During connection is unreachable between PC and printer....does PC and WLAN printer are belonging to same IP segment?
    Can you take a screenshot of white list what you configured?
    Does L2 isolation is enabled on your switch?
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    @CHS
    PC an WLAN Printer are in different segments -> PC to WLAN printer is working well.

    The affected device is in the same IP segment as the WLAN printers.

    Whitelist is enabled and i put the IPs of WLAN Printer and the affected WIndows10 device and put them in the Whitelist -> nothing changed -> printer is not rechable.

    The L2 Isolation is configured on the USG60W and there is no switch between USG and affected devices.

    The USG is remote located and the web/remote access is disabled (saty first) ;) If you still have an approach / idea, where it can be, please give me a short feedback.

    Regards
    Chris
  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @ChrisGer
    L2 isolation is cheating MAC address in same IP segment prevent devices connect to each other.
    And ARP record will exist in table for a period time.
    You may reboot PC and printer to flush MAC table firs and make sure if it is helpful.
    And check if PC can receive ICMP response from printer.
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hi @CHS
    sorry for the delay, but we still have school vacations and my summer vacation until 15.09. as I am at the site again (after my vacation) i will test everything again and in the worst case move the notebooks in a separate vLAN and set this (notebook vLAN) with L2 isolation.

    thx and regards
    Chris
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Why not a 1:1 NAT for the IP Printer to a "current network" address?
  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Win10 and printer are in same IP segment...so 1:1NAT doesn't help in this case.

Security Highlight