Unable to print from WLAN - using Layer2 Bridged Mode
Setup:
Port X4 is the main LAN port, IP of 192.168.3.X - This is connected to a switch in the main rack, feeding devices in the main part of the building which includes a few copiers.
Port X3 is on Layer 2 bridged mode (secondary) where port X4 is primary and set up as WLAN - A cable is going to go from this port to another portion of the building into a POE switch which will feed computers, printers, and severalSonicWAVE APs, (I have the setting to allow non-access point traffic). There is also a VLAN Sub-Interface for guest WiFi.
Symptom:
When I hooked a POE switch up to port X3 locally to test, and provisioned an AP, I was able to connect a desktop PC to the same switch the AP was connected to and it worked fine. I connected a laptop to the AP and it worked fine on both SSIDs (Staff and Guest). I moved one of the copiers from the main switch to the switch on port X3 as well, to test. I could print fine from the computer and other computers on the old switch, but here are the results from the laptop connected to the SonicWAVE AP: Could ping that copier and get replies just fine but I could not send print jobs or open the web control panel of the printer through the browser. Something odd I should note: about 3 out of the 20 some times I tried, the web page for the copier appeared, but if I clicked a link to log into the copier or anything, it would not go anywhere and time out again. I made sure to clear the cache each time to make sure it wasn't that which was coming up. Anyway I moved the copier back to the old switch that is on port X4 and could print and access the web page of that copier again. The access rules look OK to me. I added a snip of them and the port configs to this question. Could someone point me in the right direction?
Thanks!
Shannon
Best Answer
-
SHensleyCCMC Newbie ✭
Got help from a guy on fiverr.com, name of Itasia001. Excellent fellow! He made the necessary adjustments and everything works great now. Trust me, I know it sounds like a weird setup, but this was the best way to handle this building and the way everything is wired up. Truly a unique situation LOL
Thanks everyone!
0
Answers
I would recommend against bridging interfaces especially with wireless involved. Sonicwall firewalls are a firewall first. Bridging / switching should be left to dedicated devices (it adds unneeded complexity to already complex firewall configs). I also dont use wireless models / Sonicpoints / Sonicwaves for the same reasons.
My initial suggestion is to use the switch in the 'main rack' how it should be used and do not bridge firewall interfaces.
If you want to continue using the bridged interfaces look at how bridging interfaces affects the zones traffic is in. What are your "WLAN to WLAN" and "LAN to WLAN" rules? I'm guessing they are all open? Have you run packet captures on the traffic to see where things are being dropped?
Does a constant ping to the printer drop?
A constant ping to the copier from a wireless connection never drops, it's constant. Only when I try to go to the copier's IP through a browser or send print jobs to it, does it not seem to communicate.
The reason for this setup is that I need to have everything on the same subnet (except for the guest Wi-Fi, of course). And I need Wi-Fi in the other part of the building, which has 3 copiers, and that's why I need to get this part working. I did further testing and everything else works just like I want it to, except trying to print from a Wi-Fi connected device to the copier that is connected to the same interface (X3, secondary bridge to X4 which is being used for the main LAN). The copier will reply to a ping from something connected to Wi-Fi, but that's it. Scan to email from the copier, printing from hardwired computers on either X3 or X4 works just fine. Now, when I move the copier back to the switch on the X4 interface, I can print to it and the other copiers on that interface all day. Just not when they're under the same X3 interface as the SonicWAVEs.
As far as access rules go, here is what it looks like. I have everything allowed on WLAN to LAN... Now that I think about it, I may need a WLAN to WLAN rule!
access-rules-jpg.jpg (851×79) (v-cdn.net)
This is the article I followed to get it set up.
How can I configure the WLAN Interface in L2 Bridge Mode (WLAN and LAN on same subnet)? | SonicWall
Thanks, TKWITS, I'll try creating the new rule and also see if the packet capture shows anything.
Also consider if you have any security features enabled that could be blocking TCP traffic to / from the copier...
@SHensleyCCMC , I've had this in the past make sure you have enabled on the WLAN Zone Interface Trust
Be sure you have documented what was done or else you'll run into this again and not know how it was 'fixed'...
Clients receive IP addresses in an isolated 10.0.0.0/8 network. Clients cannot communicate with each other, but they may communicate with devices on the wired LAN if the SSID firewall settings permit.