Since we're not able to define a absolute solution with regards to printing and scanning via the dual-wan concept
I am able to provide this 100% solution based on my experience.
And Yes I did miss the part about the scanning, printing only will work fine with dual wan routers but not the scanning.
However a similar solution is provided here....see bottom of this post.
The solution is Managed/Layered vLan switches and may not be within a system budget, however careful planning and design goals
can yield a fairly inexpensive solution $200-300.00.
A single Managed/Layered vLan switch will fulfill the solution requirement.
Two separate firms/business may want to consider 2 Managed/Layered/Smart Switches trunked together on a 1,2,3 or 4 gigabit CAT5/6 or Fiber trunk.
That expense would be in the $1-4k range depending on requirements.
Managed/Layered/Smart vLan Switches are controlled broadcast traffic port switch equipment that provide isolation between network resource's while
at the same time provide shared access between those networks to specific network resource's.
Depending on the exacting requirements YMMV greatly.
As an example the linsys SFE2000P in the $600.00us price range.
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1169672084163&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=8416395123B08Recently Managed/Layered/Smart vLan Switches have become a cost effective solution within the business environment
and should and can be considered for all business's large and small.
Real World Example Application with print/scan server.Port-based VLAN will help efficiently confine the broadcast traffic to the switch ports.
Port-based VLANs
Example Packets received by the switch will be treated in the following way:
• When a packet enters a port, it only can proceed to the VLAN which the port belongs to. The packet will be able to be sent to other ports with the same VLAN ID membership.
• If the port in which the packet entered does not have membership with the same VLAN as the source port does, the packet will be dropped.
This example basically demonstrates how the port-based VLANs work to meet your needs.
Setup the following :
• VLAN 1 (IT department)
• VLAN 2 (Sales department)
• VLAN 3 (Marketing department)
• VLAN 4 (Accounting department).
Configure the VLAN membership. Be sure to set all of them as follows.
• Setting up second VLAN group (Sales), VLAN ID = 02, with membership of ports 1~8, 25.
• Setting up third VLAN group (Marketing), VLAN ID = 03, with membership of ports 7~14, 25.
• Setting up fourth VLAN group (Accounting), VLAN ID = 04, with membership of ports 19~20, 25.
• Setting up first VLAN group (IT), VLAN ID = 01, with membership of all ports.
Since VLAN ID 01 has been setup by default, you will have to remove the ports that belong to all other VLAN group except port 25.
• Ports 7 and 8 are kept for the usage of connecting file server and print/scan server.
Sales and Marketing departments can share file archives and printing/scanning services.
• Port 25 provides Gigabit speed for email server and Internet connection.
The specific ports above have the following functions:
• VLAN 1: Port 15 – Port 18, Port 21 – Port 24, Port 26, for IT department to monitor and control activities on all other VLANs
• VLAN 2: Port 1 – Port 8, for Sales department, port 7 and 8 connect to file archives and print/scan server.
• VLAN 3: Port 7 – Port 14, for Marketing department, port 7 and 8 connect to file archives and print/scan server.
• VLAN 4: Port 19 – Port 20, for Accounting department, its work is kept secret from other departments except IT.
Scenarios:
If a packet comes in on port 2 (Sales), it can go to ports 1, 3, 4, 5, 6, 7, 8, and 25, as those are the only ports in that VLAN.
A Sales person on Port 2 can get to the Internet, send and receive email, print/scan server or file archives but cannot access the marketing department.
If a Marketing user sends out a broadcast message, the Sales and Accounting departments will not be affected by the message, as it will not go out on their ports.
Only the Marketing department and the IT group will get the broadcast message.
If an IT user sends out a broadcast message, everyone will get it.
BTW In most cases the punch down patch panel can be eliminated and all cables terminated with RJ-45 direct to the switch since
the switch can enable/disable/delegate to any vlan aka network without re-patching cables and that can be accomplished remotely in an instant.
Thus the cost savings of installing time consuming patch panels the old way is history.
All cables are simply tagged/ID and plugged in permanently to the switch and never touched again thus reducing connection problems.
For the home user 24 port gigabit vlan switches can be had NIB for < $100-200.00 and will neaten up the spaghetti wiring for sure.
Also all gigibit network cards today are vlan tagable, thus a client system has the capability to connect to any vlan on the switch...instantly, if authorized.
Simply...hubs and switches will soon become a thing of the past, all network equipment will have vlan capability in the near future
as all mfg'ers migrate to that capability.
2 networks and a print/scanner server solutionWith Managed/Layered vLan switches your networking options are limitless, as proof, the solution to the 2 networks and a print/scanner server
is solved here in the OP guaranteed.
As a stated problem in this OP, a 4 port vlan switch would solve the problem, simply two vlan1-port1 & vlan2-port2 (one for each isolated network) with the print/scanner server having a single port membership i.e. port 4 in both vlan1-network1 & vlan2-network2 and your done, no tricks or work arounds....it just works and your done.
The caveat is that both networks need to be on the same subnet, they will still be isolated, but the DHCP servers on those networks
cannot serve IP's within the same IP range, which avoids IP conflicts or you can simply use Static IP's.
i.e.
Network1 DHCP 50-125
Network2 DHCP 126-200
Static below 50 or above 200 can be used for the Static IP for the print/scanner server assigned on both networks.
Same Subnet for both networks 1 & 2 i.e. 192.168.1.xxx
Networks 1 & 2 cannot access each other but both can access the print/scan server, subnet routing is no longer the problem for the scanner.
The print/scan server would need to be static on both networks 1 & 2, both networks would have a difficult time trying to hit a
dynamic IP moving target reliably.
Here's a 4 port vlan switch for 195.00, I'm sure there are others out there.
http://www.komusa.com/4po10smsw.htmlWe have similar setups in multiple locations, however we use 24 & 48 port vlan switches, not a four port stand alone config. as depicted here.
We use vlan switches and some tagged nic's and we never run into the problem in the OP.
The money saved from the patch panel installation and time, is put towards the vlan switches and a new deployment is faster.
We config switches here in the shop and simply upload the config to the on site switches when the system is ready...bam..done deal..!!
All networking configurations are now done remotely, another real nice advantage, no more going to the site to plug cables to different ports...PITA.
Simply put, there's no reason to use hubs & switches anymore, vlan switches are here and cost effective for many reasons.
Also, for those with interest, the linksys wrt54g 4 port wireless routers can be modded to support vlan capability via third party firmware i.e. SVEASOFT firmware....pretty cool..!
All routers of this sort will support vlan's in the near future or they won't sell them...that simple.
Why they don't all support vlan now is beyond understanding, it's fairly simple firmware update as SVEASOFT has shown
and the chipset's they all use support vlan capability, obviously the firmware doesn't at this point.
Have a good one....
HTH
37 Replies
8709 Views