Business Community > Controllers > Moving Printer/Scanner to IoT
< Controllers

Moving Printer/Scanner to IoT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Moving Printer/Scanner to IoT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Moving Printer/Scanner to IoT
Moving Printer/Scanner to IoT
2023-04-22 15:59:35 - last edited 2023-04-24 12:42:08
Tags: #ACL

I have the following OMADA equipment:

 

  • (1) TL-R605 TP-Link Router/Gateway (V1)
  • (1) OC-200 TP-Link Omada Hardware Controller

  • (1) TL-SG2010P Managed POE Switch

  • (2) TL-SG2218) Managed 16-Port Switches

  • (3) TP-Link EAP245 Access Point

  • (1) TP-Link EAP225 Outdoor Access Point

 

I have three VLANs, LAN, IoT, and Guest.

 

I am using all the latest software and due to the addition of stateful ACLs, I am finally able to move my printer from the LAN (Main) VLAN to the IoT network.  Here's what I did to complete this task on my OC-200 Controller:

 

  1. Profile > Groups > Created a MAC Group for my Printer/Scanner's MAC Address
  2. Switch ACL - Created (2) Permit TCP and UDP, Bi-directional ACLs to allow connection to MAC Group in #1
  3. From the printer, logged into IoT VLAN and noted the assigned IP address (look it up on Controller)
  4. Services >DHCP add an entry for the printer using the new IP address - obtained in #3 (on IoT VLAN)

 

This works!  But, I have (2) questions - and will accept other advice too ;-) :

  1. is using the MAC group (See #1 above) for my printer the right method or is there a better way?
  2. Do I need UDP in my switch ACL (See #2 above)?

 

TIA

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Moving Printer/Scanner to IoT-Solution
2023-04-22 22:27:34 - last edited 2023-04-24 12:42:08

To update the above information and to:

  • add the Gateway ACLs that were done as part of the preliminary process, but not listed above,
  • reorder the process steps to more accurately show what is needed

 

Here is the whole process:

 

  1. Gateway ACL - Create (2) ACLs a Permit LAN >All b. Deny IoT >All.  NOTE: An ACL to Deny Guest > ALl can be added, but a Guest VLAN is already isolated from the other VLANs so it's not really needed.
  2. From the printer, log into the IoT VLAN (if possible) and note the assigned IP address by looking it up on Controller
  3. Services >DHCP add an entry for the printer using the new IP address - obtained in #2 (on IoT VLAN)
  4. Profile > Groups > Create a MAC Group for my Printer/Scanner's MAC Address
    OR
    Profile > Groups > Create an IP Group for the Printer/Scanner's IP Address obtained in #2, in the format of, 192.168.xx.xxx/32 (The /32 CIDR restricts this to the single IP listed)
  5. Switch ACL - Create (2) Permit with TCP and UDP, Bi-directional ACLs to allow connection to MAC or IP Group created in #4.

 

Comments and corrections are welcome. I hope this helps.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
Recommended Solution
  6  
  6  
#4
Options
5 Reply
Re:Moving Printer/Scanner to IoT
2023-04-22 18:03:11

  @lflorack 

 

Personally I would have created a profile for the IP address and not the MAC, however there is nothing wrong with using the MAC.

 

In terms of UDP, yeah its best to have both TCP and UDP for printers, sometimes disabling / blocking UDP can stop the printer being detected.. 

  1  
  1  
#2
Options
Re:Moving Printer/Scanner to IoT
2023-04-22 19:07:46 - last edited 2023-04-22 19:36:51

  @Philbert 

 

Thank you for your reply and advice.

 

For testing purposes, I deleted the MAC Group and added an IP Group for the printer/scanner (i.e., 192.168.xx.xxx/32) and then pointed the Switch ACLs to that instead of the MAC Group I used originally.  As expected, the iP Group also works.  I was hoping that using the IP Group might make the scanner's response quicker, as sometimes it can take 2-3 tries to have the scanner software elicit a response from the scanner.  But if it is any faster, it's not by much.

 

Thanks also for the information regarding my use of both TCP AND UDP.  I had read that it might be needed, but I never tried setting the ACLs up without it.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  1  
  1  
#3
Options
Re:Moving Printer/Scanner to IoT-Solution
2023-04-22 22:27:34 - last edited 2023-04-24 12:42:08

To update the above information and to:

  • add the Gateway ACLs that were done as part of the preliminary process, but not listed above,
  • reorder the process steps to more accurately show what is needed

 

Here is the whole process:

 

  1. Gateway ACL - Create (2) ACLs a Permit LAN >All b. Deny IoT >All.  NOTE: An ACL to Deny Guest > ALl can be added, but a Guest VLAN is already isolated from the other VLANs so it's not really needed.
  2. From the printer, log into the IoT VLAN (if possible) and note the assigned IP address by looking it up on Controller
  3. Services >DHCP add an entry for the printer using the new IP address - obtained in #2 (on IoT VLAN)
  4. Profile > Groups > Create a MAC Group for my Printer/Scanner's MAC Address
    OR
    Profile > Groups > Create an IP Group for the Printer/Scanner's IP Address obtained in #2, in the format of, 192.168.xx.xxx/32 (The /32 CIDR restricts this to the single IP listed)
  5. Switch ACL - Create (2) Permit with TCP and UDP, Bi-directional ACLs to allow connection to MAC or IP Group created in #4.

 

Comments and corrections are welcome. I hope this helps.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
Recommended Solution
  6  
  6  
#4
Options
Re:Moving Printer/Scanner to IoT
2023-06-20 05:42:12
Thank you! I've been looking for a solution to this forever. Have the same basic setup and am really new to anything that isn't Orbi but got so frustrated with the lack of control.
  0  
  0  
#5
Options
Re:Moving Printer/Scanner to IoT
2023-06-20 11:27:28

  @dh0608 

You are welcome. I'm glad it helped. 

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 1331

Replies: 5

Tags

ACL
Related Articles
Moving from Software to Hardware Controller
3009 0
Can you see bandwidth moving through a LAG interface?
549 0
 Moving to a new controller
1585 0
Moving from standalone to OMADA controller (with management VLAN)
2253 0
Moving Omada Software from Docker to standalone PC
822 0
 Moving from Software to Hardware Controller
680 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.