I would like to create several VLANs to compartmentalize the network and hide some important PCs from the rest. The problem is that those PCs still need to be able to print and get internet.
My managed switch (DGS‑1210 Series) seems to support "asymmetric VLANs" which would supply internet, but it does not seem to have any L3 routing abilities(?) and it also isn't the default gateway anyhow.
So, I guess I would have to put the PCs in question behind a router with NAT/MASQ, its own address space and with static routes in that router and the "parent" router tying things together, plus firewall rules that only admit bidirectional access to the IP range of the (static) printer IPs in the parent net?
No comments:
Post a Comment