Nebula/on-prem: bonjour reflection (e.g. AirPrint, Chromecasts, Spotify)

GiuseppeR
GiuseppeR Posts: 334  Master Member
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector
edited March 31 in Nebula

Hello everyone,

I am looking for some improvements about the need to share printers across differents VLANS. That is needed when you have multifunctions to be shared across different subnets and when you want to be green-friendly (buying only one printer) but also be careful about IT security with WiFi guests.

I was on this page since some time, there is no easy solution and this is my result: I am not able to find any solution inside Zyxel documentation.

Some other network players have the ability to use mDNS reflection with easy steps setting the repeater function. With latest documentation you can enable it with:

set service mdns repeater interface eth1

set service mdns repeater interface eth2

so you can set how to reflect the packets you need to use to print/scan via AirPrint and other bonjour services.

You can use also a project on GitHub:

https://github.com/Gandem/bonjour-reflector

Anyway there is NO easy solution with both configs:

  • on-premise
  • Nebula controlled

versions of:

  • firewalls
  • security routers

to share a printer (or another device Chromecasts or Spotify...) between different VLANS, a part from allowing traffic to that specific IP printer using the rules, but loosing easy management via bonjour.

For example, a printer is 192.168.1.100

You set VLANS to have 192.168.10.0/24 and 192.168.11.0/24 separated networks for your specific usage like guests, IoT and so on…

You have to create rules to block any sort of traffic from x.x.10.x and from x.x.11.x to x.x.1.x while you allow to reach only 192.168.1.100 and in this way you can ping that printer and print with it, using traditional drivers (from Win/Mac) and apps (from iOS/Android)

You loose easy config with AirPrint, anyway you can avoid to buy a printer for each subnets.

Hope this helps.

It should be mandatory to have the possibility to have an option to use reflection for the packets needed without exposing the whole subnet to IT risks, for example when giving tablet to guests to allow them to manage music but being sure you are not allowing them to reach other important items inside your network.

Nebula Tips & Tricks