Use a router as a kinda switch with a firewall to block traffic?

**bsm2** · 03-01-2021, 12:25 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

Need more details on the problem

Start with the easy stuff first assign a new ipaddress to the copier.

**allan** · 03-01-2021, 12:35 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by fishleg

I'm not sure if this is even possible but could you use a mini router to block all traffic except certain ports? Say if a machine was getting random traffic and it was causing problems could a mini router be used as a kind of filter?

[ATTACH=CONFIG]48466[/ATTACH]

Where would you start does that even have a name?

What problems are you experiencing? Make and model of machine if its limited to that? The machine works on those ports and you would limit the function of it. You can always change the port numbers on both sides like for printing change it on the machine and driver.

**fishleg** · 03-01-2021, 12:39 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

In 12 years I've only ever seen two machines that did this and both where a complete nightmare to solve. I think it's what they called broadcast traffic and it was overloading the machine which would cause the machine to crash randomly every couple of hours. The 1st one was caused by hp laptops with dodgy network card drivers made them resend packets constantly. The customer never noticed any other problem with their network and these laptops where mobile so wouldn't all be in the building at the same time. We used a old hub and laptop connected to wire shark to see what the poor copier was having to deal with.

I've always been curious how routers etc work so was wondering if one could be used to troubleshoot a situation like that. So the router would act like a switch and just pass through to the copier but use the internal firewall of the router to only let through say port 9100 and nothing else.

**bsm2** · 03-01-2021, 12:45 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

Not normal
but start it as a fresh install new ip new drivers

**BillyCarpenter** · 03-01-2021, 05:40 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by fishleg

I'm not sure if this is even possible but could you use a mini router to block all traffic except certain ports? Say if a machine was getting random traffic and it was causing problems could a mini router be used as a kind of filter?

[ATTACH=CONFIG]48466[/ATTACH]

Where would you start does that even have a name?

I don't think a simple router such as the one you describe is capable of blocking selective ports. At least I've never seen an option to do that. And even if you could, it may cause a ripple effect for other devices on the network. If your device is getting unwanted traffic and it's causing issues, I think the best solution is to use something like Wire Shark and trace down the unwanted traffic and put a stop to it. Just my opinion.

PS - A bad switch can cause unwanted traffic to an IP address because the IP/host table becomes corrupt. Try chaging ports or change the switch itself.

**BillyCarpenter** · 03-01-2021, 06:20 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

Also, it's possible you could have a network "loop" because of a bad routing table. This is a pretty good article on loops:

Network loops and loop avoidance

Published on September 15, 2019

Experience in Wireless, Routing, Switching ,Customer support, Network planning, Troubleshooting,DNS,HTTP,Streaming,CDN

Do you know what a network loop is? Have you ever had a network loop in your LAN? So what happens when there is a loop in your network?[/COLOR]

A network loop occurs when a network has more than one active path carrying information from the same source to the same destination. The information loops and amplifies itself using the additional path instead of stopping when it reaches its destination. Network loops might cause a slow, irregular Internet connection or network failure.[/COLOR]
[/COLOR]

When working with medium to large scale networks, IT departments are often faced dealing with network loops and broadcast storms that are caused by user error, faulty network devices or incorrect configuration of network equipment. Network loops and broadcast storms are capable of causing major network disruptions and therefore must be dealt with very quickly.[/COLOR]

There are two kinds of network loops and these are routing loops and physical loops.

A routing loop is a situation where a packet keeps getting routed between two or more routers because of problems in the routing table. In case of distance vector protocols, the fact that these protocols route by rumor and have a slow convergence time can cause routing loops.A routing loop is a common problem with various types of networks, particularly computer networks. They are formed when an error occurs in the operation of the routing algorithm, and as a result, in a group of nodes, the path to a particular destination forms a loop.[/COLOR]

Physical loop is caused by a loop link between devices. A common example is two switches with two active Ethernet links between them. Broadcast packets exiting the links on one switch are replicated and sent back from the other switch. This is also known as a broadcast storm. A [/COLOR][COLOR=rgba(0, 0, 0, 0.75)]switching loop[/COLOR][COLOR=rgba(0, 0, 0, 0.75)] or bridge [/COLOR][COLOR=rgba(0, 0, 0, 0.75)]loop[/COLOR][COLOR=rgba(0, 0, 0, 0.75)] occurs in computer networks when there is more than one Layer 2 (OSI model) path between two endpoints (e.g. multiple connections between two network [/COLOR][COLOR=rgba(0, 0, 0, 0.75)]switches[/COLOR][COLOR=rgba(0, 0, 0, 0.75)] or two ports on the same [/COLOR][COLOR=rgba(0, 0, 0, 0.75)]switch[/COLOR][COLOR=rgba(0, 0, 0, 0.75)] connected to each other).

Rest of article:

https://www.linkedin.com/pulse/network-loops-loop-avoidance-priyanka-kumari

**slimslob** · 03-01-2021, 07:46 AM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by BillyCarpenter

I don't think a simple router such as the one you describe is capable of blocking selective ports. At least I've never seen an option to do that. And even if you could, it may cause a ripple effect for other devices on the network. If your device is getting unwanted traffic and it's causing issues, I think the best solution is to use something like Wire Shark and trace down the unwanted traffic and put a stop to it. Just my opinion.

PS - A bad switch can cause unwanted traffic to an IP address because the IP/host table becomes corrupt. Try chaging ports or change the switch itself.

There are a number of routers that can do just that. There are also stand alone firewalls that can be installed between the ISP modem and a router. Both types often out of the box require configuration to be functional. Very often out of the box they block everything. I have had to help customers that have purchased both types. Had to open port 80 just to use the internet. You have to determine exactly what ports the customer need to use and open only those.

It almost sounds like fishleg is either being hit with a DOS/DDOS attack or his computer is being used as a slave attacker in one.

**BillyCarpenter** · 03-01-2021, 06:34 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by slimslob

There are a number of routers that can do just that. There are also stand alone firewalls that can be installed between the ISP modem and a router. Both types often out of the box require configuration to be functional. Very often out of the box they block everything. I have had to help customers that have purchased both types. Had to open port 80 just to use the internet. You have to determine exactly what ports the customer need to use and open only those.

It almost sounds like fishleg is either being hit with a DOS/DDOS attack or his computer is being used as a slave attacker in one.

You're right. I had a total brain fart on that one. One downside I found to cramming so much information in a short amount of time is that I'm starting to forget some of it. If you don't use it, you lose it.

I guess in theory his idea would work. Not entirely sure about that? I think he really needs to find to source of the unwanted traffic and eliminate it. That's where Wire Shark would come in real handy. Before anyone says it, I know most companies won't allow it.

**rthonpm** · 03-02-2021, 09:04 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

The better solution for this would be a VLAN on the switch port for the MFP that only allows the traffic needed for printing and the web interface (9100, 515, 80, or 443) and drops everything else. The customer would need a managed switch to do that but it's going to be a much better solution than trying to add a router, which serves a very different purpose.

A lot of our customers are going the VLAN route since it can also be used from a management perspective to segment devices by their function and allows for a lot less traffic.

**BillyCarpenter** · 03-02-2021, 09:11 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by rthonpm

The better solution for this would be a VLAN on the switch port for the MFP that only allows the traffic needed for printing and the web interface (9100, 515, 80, or 443) and drops everything else. The customer would need a managed switch to do that but it's going to be a much better solution than trying to add a router, which serves a very different purpose.

A lot of our customers are going the VLAN route since it can also be used from a management perspective to segment devices by their function and allows for a lot less traffic.

I've played around with VLAN's before and correct me if I'm wrong....it's been a while. A VLAN is a "logical" way of creating separate networks that can't communicate with each other. I believe the entire purpose of VLANS is to have separate networks. So, how is that gonna work if you put the copier on it's own network? The only way 2 VLANS can communicate is via a router.

**slimslob** · 03-02-2021, 10:54 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

I have had customers using manageable switches to separate printer traffic to specific ports. It can become a problem if there are more than jack is near the printer. Let's say they move everything out to paint the office, replace the carpeting, whatever and when they put everything back they plug the printer into the wrong jack. Pain to trouble shoot until you look at the wall and realize that's the jack I usually plug my laptop into.

It is better to program the switches to only allow printer traffic to an address range and assign printers fixed addresses within that range. Someone does have to document those addresses to avoid problems.

**BillyCarpenter** · 03-02-2021, 11:01 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by slimslob

I have had customers using manageable switches to separate printer traffic to specific ports. It can become a problem if there are more than jack is near the printer. Let's say they move everything out to paint the office, replace the carpeting, whatever and when they put everything back they plug the printer into the wrong jack. Pain to trouble shoot until you look at the wall and realize that's the jack I usually plug my laptop into.

It is better to program the switches to only allow printer traffic to an address range and assign printers fixed addresses within that range. Someone does have to document those addresses to avoid problems.

All of this is interesting but referring back to the original problem of undesired network traffic , all of the possible solutions mentioned seem to be a bit convoluted to me. I don't think these work-arounds are the way to go.

**ThePomqueteer** · 03-04-2021, 07:34 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

Some makes allow you to limit the IP's that can send traffic to them. In the Ricoh world its called Access Control.

Access Control

If it isn't a Ricoh might be worth checking if they offer a similar option.

**rthonpm** · 03-04-2021, 08:04 PM

Re: Use a router as a kinda switch with a firewall to block traffic?

Originally posted by BillyCarpenter

I've played around with VLAN's before and correct me if I'm wrong....it's been a while. A VLAN is a "logical" way of creating separate networks that can't communicate with each other. I believe the entire purpose of VLANS is to have separate networks. So, how is that gonna work if you put the copier on it's own network? The only way 2 VLANS can communicate is via a router.

Layer 3 swtiches are the preferred solution since they can do the routing between VLAN's without passing the packets to another device.

Use a router as a kinda switch with a firewall to block traffic?

Use a router as a kinda switch with a firewall to block traffic?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment