Share Printer Among Subnets

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Share Printer Among Subnets

allanc

09-22-2008

Re: Share Printer Among Subnets

Todd H.

09-23-2008

Re: Share Printer Among Subnets

allanc

09-23-2008

Re: Share Printer Among Subnets

Alan J Rosentha...

09-27-2008

Re: Share Printer Among Subnets

Leythos

09-27-2008

Posted by allanc on September 22, 2008, 11:31 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Is it possible to share a printer among Subnets as follows:

There would be a 8 port switch with a printer (with built in
ethernet), several users, a couple of 4 port switches and a wireless
access point connected
The 4 port switches would also have a several users connected.
Is it possible for all users (except for those using the wireless
access point) to have access to this printer?
If so, how to permit and also how to disallow the wireless access
point?

Thank you very much in advance.

Posted by Todd H. on September 23, 2008, 1:15 am

If you were Registered and logged in, you could reply and use other advanced thread options

> Is it possible to share a printer among Subnets as follows:

> There would be a 8 port switch with a printer (with built in

> ethernet), several users, a couple of 4 port switches and a wireless

> access point connected

> The 4 port switches would also have a several users connected.

> Is it possible for all users (except for those using the wireless

> access point) to have access to this printer?

This conjures a picture of a lot of different ethernet switches (layer
2 devices) all on the same IP subnet. So, all of them seeing the
printer-- no problem.

> If so, how to permit and also how to disallow the wireless access

> point?

Depends on the access point, and you'll need to learn more about your
printer as well. Some AP's also have routing and rudimentary firewall
functionality, and can be configured with rules to disallow the
traffic flows on which your printer is listening.

If, hoever you can describe the network more in context, and why
you're afraid of the wireless users seeing the pritners, a better
solution and architecture may become more obvious.

Best Regards,
--
Todd H.
http://www.toddh.net/

Posted by allanc on September 23, 2008, 8:52 am

If you were Registered and logged in, you could reply and use other advanced thread options

On Sep 23, 1:15=A0am, comph...@toddh.net (Todd H.) wrote:

> > Is it possible to share a printer among Subnets as follows:

> > There would be a 8 port switch with a printer (with built in

> > ethernet), several users, a couple of 4 port switches and a wireless

> > access point connected

> > The 4 port switches would also have a several users connected.

> > Is it possible for all users (except for those using the wireless

> > access point) to have access to this printer?

> This conjures a picture of a lot of different ethernet switches (layer

> 2 devices) all on the same IP subnet. =A0So, all of them seeing the

> printer-- no problem.

> > If so, how to permit and also how to disallow the wireless access

> > point?

> Depends on the access point, and you'll need to learn more about your

> printer as well. =A0Some AP's also have routing and rudimentary firewall

> functionality, and can be configured with rules to disallow the

> traffic flows on which your printer is listening.

> If, hoever you can describe the network more in context, and why

> you're afraid of the wireless users seeing the pritners, a better

> solution and architecture may become more obvious.

> Best Regards,

> --

> Todd H.http://www.toddh.net/

It is difficult (for me) without a diagram.
The network would be in a condo with a library (which requires
wireless access) on the 2nd floor.
Four wired users on main floor
All computers are XP PRO sp2 or sp3.
They want 2 of the users on the first floor to share files but not
with any users.
One of the other users (on main floor) is the front desk (24*7). They
need to limit his/her access to the Internet (no adult sites, etc.).
This is *very* important.
They want to share a HP MFP (printer, scan, etc) among the first floor
users.
There would be students using the access point in the library. They do
not want these students using the printer or accessing the hard drives
of the first floor computers.
All suggestions are appreciated.

Posted by Alan J Rosenthal on September 27, 2008, 12:07 pm

If you were Registered and logged in, you could reply and use other advanced thread options

>I have not worked with DMZ before.

>For some reason I thought that DMZ meant Demiltaryzied (sp) Zone and

>that it wasn't behind a firewall.

>IOW - no firewall protections from the bad guys.

The idea of a DMZ in firewall design is that it's a zone which is neither
fully inside nor fully outside. Like the main inside network, it is
protected from the big bad internet; but unlike the main inside network,
it does not have any special access to the inside, or very little special
access to the inside. Nevertheless, it is sufficiently controlled that you
may be able to give it relatively safe access to the inside because people
out on the internet won't be able to spoof its IP addresses, etc.

The previous poster seems to be suggesting that you use the DMZ capability of
your gateway router to provide a separate inside network which doesn't have
access to the other inside network. This should work, except that there's
probably no ability in your router to protect the DMZ from the inside network.

Posted by Leythos on September 27, 2008, 2:48 pm

If you were Registered and logged in, you could reply and use other advanced thread options

flaps@dgp.toronto.edu says...

> >I have not worked with DMZ before.

> >For some reason I thought that DMZ meant Demiltaryzied (sp) Zone and

> >that it wasn't behind a firewall.

> >IOW - no firewall protections from the bad guys.

> The idea of a DMZ in firewall design is that it's a zone which is neither

> fully inside nor fully outside. Like the main inside network, it is

> protected from the big bad internet; but unlike the main inside network,

> it does not have any special access to the inside, or very little special

> access to the inside. Nevertheless, it is sufficiently controlled that you

> may be able to give it relatively safe access to the inside because people

> out on the internet won't be able to spoof its IP addresses, etc.

> The previous poster seems to be suggesting that you use the DMZ capability of

> your gateway router to provide a separate inside network which doesn't have

> access to the other inside network. This should work, except that there's

> probably no ability in your router to protect the DMZ from the inside network.

That's why I suggested a Quality Firewall and not a cheap NAT router.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Similar Threads	Posted
Printer Spy ?	December 27, 2008, 7:36 am
want to share a spyware story?	March 29, 2005, 8:30 am
Can PGP and GnuPG share the same keyrings?	July 25, 2005, 7:44 pm
share-morea-ware	January 11, 2008, 5:01 am
Interested in IS/IT Audit? Let me share some experience...	October 12, 2007, 10:20 pm
HPSBMA02235 SSRT061260 rev.1 - HP OpenView Internet Service (OVIS) Running Share d Trace Service, Remote Arbitrary Code Execution	August 13, 2007, 4:33 pm

The site map in XML format XML site map