Printers Not on Current VLAN
-
I am new to using vlans and I have read some accounts that it can be problematic trying to print to a printer not on the current network. To put this to the test I created a rule on my VLAN_15 interface allowing TCP through to the IP of my printer which is on the default LAN. The only other thing I did was to ensure that the gateway for the printer was set to the pfSense box. To my surprise this seems to work fine allowing me to print from the VLAN_15 network to the printer.
As I normally look gift horses in the mouth I am wondering what might go wrong with this arrangement if I start to rely on this capability.
The printer is a Brother MFC_J692DW.
-
@brucexling Did you try it before adding the vlan rule? It should have worked without that rule. The default LAN rule allows traffic to anywhere. Putting an allow rule on the vlan interface would only help if the printer needed to initiate a connection to a LAN client. Usually the client talks to the printer first.
-
Just to be clear, the printer is on the default LAN (192.168.10.13 - not a vlan) and the client who is attempting to print is on VLAN_15 (192.168.15.201). Without the rule on the VLAN_15 interface there is no printing happening. Enable that rule and so far printing works fine.
-
@brucexling lol yes I had it backwards. I thought you had a LAN client trying to talk to a wireless printer on a wifi vlan.
-
You may need to adjust your firewall rules on VLAN_15
https://www.sonicwall.com/support/knowledge-base/which-ports-are-used-by-network-printers/170503664134344/
I'd be tempted to allow all from VLAN_15 to the printer IP and enable logging, then adjust your firewall rules to suit.
Also allow ICMP, can you ping the printer.
-
@nogbadthebad
I can see now I would certainly come unstuck if I continued to only pass tcp. Your suggestion to pass any is what I should adopt for further trialing. I suspect that even passing all protocols as you suggest may not address all points of printing failure. -
@brucexling said in Printers Not on Current VLAN:
I have read some accounts that it can be problematic trying to print to a printer not on the current network.
This is the case if your trying to use L2 discovery to find the printer in the first place. Airprint for example will not work across vlans.
But printing across vlans is not problematic - if you are printing to the IP or the fqdn that resolves to the IP of the printer. And the appropriate firewall rules are in place to allow the ports your using for your printing protocol.
