Cross-LAN to share a single printer/scan
Hello folks, I set a new USG20-VPN with last firmware 4.35(ABAQ.2). There are 2 LAN (lan-1 & lan-2) and only one Printer on LAN1. So I set the Policy Route between the LANs and create an object (Printer-Scan) with static IP (192.168.1.100) on LAN1. So easy but it does'nt work at all. No Ping from the LAN2 and of course no Traffic. What I missed ? Thank you
All Replies
-
After disable firewall, Is ping working?
Check Layer 2 isolation is disabled.
0 -
Hi Jeremylin thank you for your suggestions. I will check if with firewall DISABLE something change, anyway today I found a very strange behaviour ! If the printer is set on LAN2 (192.168.2.100) in this case, from LAN1 (192.168.1.0/24) is possible to ping the host on LAN2 (when the rule is active). Viceversa Not. But I don't want put the Printer on LAN2. I need the Printer on LAN1.
Really it looks as an anomaly.
Moreover this PRINTER is even a SCANNER and in this case the Source Address of IP Traffic Is on LAN2 to the share on LAN1 and again the Rule LAN2 -> LAN1 doesn't work ....
Really frustrating ....
0 -
Hi @dlauri
Welcome to Zyxel community
In your scenario, could you changed the printer to PC and try to ping from Lan1 to Lan2 ,Lan2 to Lan1.
I would like to know if the configuration works on PC.
Try to disable Layer 2 Isolation and ping from Lan1 to Lan2 ,Lan2 to Lan1 to check if it works?
0 -
Hello Jerry,
I try to reset-factory default the USG to start with a new configuration.
I swapped even the lan between Port 3 and Port 4.
The result doesn't change, there will be some logic issue (on LAN2).
Anyway this is the current testbed:
P3 = LAN1 192.168.1.0/24 [printer-scan (Kyocera) on LAN1 - 192.168.1.100]
P4 = LAN2 192.168.2.0/24 [PC on LAN2 (MacBookPro) 192.168.2.60]
rule: LAN2 subnet allowed to alias-printer (192.168.1.100)
From MacBookPro in LAN2, I cannot see the printer
NEW SCENARIO
but if I set a new rule where LAN1 Subnet is allowed to send traffic to alias MacbookPro (on LAN2)
in this case from LAN1 I can ping the MacBookPro on LAN2. It looks that cross-LAN working (LAN1 -> LAN2).
So probably if I set the printer on LAN2 it will work as a printer, but not as a scanner ! Becouse again, the ping generate from LAN2 doesn't reach LAN1. The previous rule, doesn't work, seems that every packet starting from LAN2 doesn't reach LAN1. The rule is on of course (LAN2 Subnet allowed to alias-Printer or other host as access point or switch managed).
Any PC on LAN1 ping my MacBookPro on LAN2. From LAN2 I cannot ping any host on LAN1. It's a behavior affected LAN2 [beside I don't want to set the Printer on LAN2].
Thank you for your analysis.
daniele
0 -
When setting up the printer IP does it have a gateway option and is set to LAN1 gateway?
0 -
Hi @dlauri
Using default setting, it works fine to use pc ping from lan1 to lan2, viceversa.
Can you private message your configuration for check further?
0 -
@ PeterUK, yes I checked the DG of the printer is set (192.168.1.1)
@ Zyxel_Jerry ok I got now the configuration files and sent to you.
Tnx
0 -
sorry after many many several tests, I changed the firewall (another vendor) and the strange behavior was that !!!
Last I chanded even mine PC (MAC-OS-X) with a Windows PC and now the IP traffic is going both directions. Never happend to me such strange anomaly with my favorite MacBookPro OS X Maverick 10.9.5.
Even the ping doesn't work correctly between the devices crossing network (when the ping is launched from Apple to Windows hosts). With a 'poor' Windows PC the issue was solved. Sorry for this escalation. I cannot understand the rational reasons. A ping from Apple is different from a ping from Windows, moreover if the ping is sent from the same network by Apple, it works ! The same opening a web page on port 80/443 as usual in the same network (i.e. LAN1) MacBook working fine. Crossing network viceversa doesn't work. That's a mistery for me.
0 -
Hi @dlauri
I’ve test your configuration, and try to ping from lan1 to lan2 between two windows, it works fine, and vice versa.
Do you mean after changed the firewall (another vendor) , you did the test try to ping Apple to Windows hosts , it fails,but from windows client to window client it works fine?
0 -
Right !
Moreover if the APPLE notebook stay on the same LAN (i.e. LAN1) I can ping every host and open every page as a manager web page of an access point. So working fine Apple. But, If I move the macbook on LAN2 with all the policies enable (i.e. LAN2-to-LAN1) in this case the Apple notebook doesn't work. In the same scenario with a Windows PC on LAN2 every thing is working crossing the LAN. I discovered it after many tests. Before with apple than at the end with a Windows PC. Could be something regarding NETBIOS or other protocols ??? Really I don't know ....
0
Master Member
Zyxel Employee
Guru Member
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
