Creating a SSID to provide WAN+Printer access

Creating a SSID to provide WAN+Printer access

Creating a SSID to provide WAN+Printer access
Creating a SSID to provide WAN+Printer access
2 weeks ago - last edited 2 weeks ago
Model: ER7212PC  
Hardware Version: V1
Firmware Version:

Hello, 

 

I have an ER7212PC, 3 EAP615 APs and an EAP655 setup and working with a default LAN 192.168.0.0/19 with wired and wireless clients, and an SSID to provide isolated guest access to the internet WAN. The wired printer has a reserved IP address. Clients on my default LAN can discover and print to my wired printer; on the guest SSID they cannot.

 

I want to offer wireless access that provides client isolation and internet plus discoverable access to a wired network printer on my default LAN. Are there any examples that I can follow to achieve this, at least for iOS and Android clients?

 

To try to do this I have created an isolated/guest LAN on 192.168.255.128/25 (used only by wireless clients on SSID PrinterGuests, or via PPSK). These clients have only internet WAN access and are isolated from each other and other LANs by a pair of EAP ACLs. I've tried to create EAP ACLs to allow access to the open TCP ports on the printer but I cannot access the printer in my testing. Am I on the right track, or are there any other approaches?

 

 

===

Edit:

The rules above allow me to access the printer web configuration from the internet+print SSID using a web browser on port 80 or 443, but if I try to manually add the printer to the Epson app on Android it fails with the message "Communication Error. Check the network settings for this device." And, it isn't discovered in any iPad or Android app 🤷‍♀️

 

 

  0      
  0      
#1
Options
2 Reply
Re:Creating a SSID to provide WAN+Printer access
a week ago

Hi @RockPaper 

Thanks for posting in our business forum.

The router doesn't support IP-Port Group ACL yet.

As for now, I think what you requested is not possible to be done.

IP-Port group requires a switch and it does not apply to the router. So you need to do this with a switch and rules should be applied to the switch.

 

If you need the discovery to work, you should take a look at this guide: mDNS Repeater on the Router Doesn't Take Effect

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Creating a SSID to provide WAN+Printer access
a week ago

  @Clive_A 

 

Thanks - I found this helpful doc in the WiFi forum 

How to allow guest network to access specific device on the main network by configuring EAP ACL? - Business Community

(I just needed TCP and UDP protocols, rather than ALL.)

IP Port Groups are available for the EAP ACL rules, so maybe I could get it a little more locked down than the IP described in the article, but I have it working using the IP Group ACL.

 

Also thanks for the pointer to the mDNS page. I don't have it working yet, but that seems like configuration needed for printer discovery, so I'll keep poking it.

 

 

  1  
  1  
#3
Options