cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2602
Views
5
Helpful
4
Replies

RV345: disable inter-VLAN routing, but keep printer accessible?

ValleyITPC
Level 1
Level 1

 Hi all.  

I will be buying one RV345 and two WAP371s.  I want to be able to keep some computers from talking to each other by separating them into VLANs and then disabling inter-VLAN routing, which I understand is the best or perhaps only way to segregate the machines into separate networks.  But I need all devices on every VLAN to still be able to print to the networked printer.  

 

Can this be done somehow? 

 

Second question or perhaps just related to the first:  I will want to have separate WiFi networks in the same manner as above.  So basically it's a home office setup where we want to keep the business computers (wired and wirelessly connected) on one VLAN, the home computers/iPads/smartphones, etc. on another VLAN, and devices we don't trust the security at all (like smart TV's, an XBox, thermostats, etc.). on their own VLAN.  But to still allow all devices to be able to print to the printer.  

Thank you! 

 

 

 

 

4 Replies 4

ktonev
Cisco Employee
Cisco Employee

Hi,

Probably the easiest way to achieve what you want is to leave InterVLAN routing enabled and restrict traffic between VLANs/PCs/devices with an access list. That way you still have InterVLAN routing for when you need a device from any VLAN to access the printer. 

Thanks,
Kris

If you found this post useful please rate it so other users can benefit as well.

Thank you for your input... I am doing the same thing.

 

Sharing a printer (IP: 10.10.10.110) that resides with PC's on VLAN1 (10.10.10.1) with wifi devices on VLAN3 (15.15.20.1) via a WAP571 (IP: 15.15.20.5) where wifi users are assigned addresses from the VLAN3 pool (15.15.20.100 to 145).

 

could you share the example of a routes that would allow bidirectional access both to and from the Printer to the Interface for the VLAN3 WiFi clients but not allow WiFi clients to access other user data on VLAN1?

 

Would it be advisable to place the Printer(s) on their own VLAN 2 (10.10.20.1) - along with any other shared devices so that VLAN2 is always open to anyone on any interface? That way as we add devices that need access by everyone, no additional routes would need to be implemented.

 

Thanks so much

You will want intervlan routing on with the printers on your regular network 10.10.10.0.  Then deny your VLAN 2 access to all of the 10.10.10.0 except for where your printer IP is.  I would arrange the printer IP so you can use a 248 mask.  That way if you need something else shared you can just add it in the 248 IP network space.

 

I do this.  I have my wireless setup where I advertise 2 SSIDs where the regular VLAN is assigned to 1 SSID and my guess is assigned to the other SSID.  The SSIDs have separate logons and passwords.

 

You can use a separate VLAN for wireless you just need to expand on the above setup using ACLs for denies and allows with your additional network.

 

 

Would very much like to see real-world example - I haven't yet had time to
try this out myself. Also it's been a few years since I put in various
ACL's on IOS devices and neve ron these newer RV's so call me lazy but I
just want to see it first to refresh.