Business Community > Switches > Printing across VLANs
< Switches

Printing across VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Printing across VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Printing across VLANs
Printing across VLANs
2023-09-08 11:18:57 - last edited 2023-09-11 02:30:00
Tags: #VLAN & Multi-Networks #Bonjour
Model: SG2008P  
Hardware Version: V3
Firmware Version: 3.0.5
  • Omada Software Controller v. 5.9.31 running on Ubuntu 23.04
  • Router ER605 v2.0 - Firmware 2.1.2
  • Switch TL-SG2008P v3.0 - Firmware 3.0.5
  • 2x EAP EAP653(EU) v1.0 - Firmware 1.0.9

 

After migrating from a single LAN to multiple VLANs, I am having issues using my Wireless Printer (Canon MG5700 series).

 

I have the printer in an IoT VLAN (40).


I have multiple VLANs for multiple purposes (e.g. Office, Home, Kids, etc. - on VLANs 10, 20, 30, 50, and so on). The clients are connected to different VLANs.

If the clients connect to the same VLAN where the printer is, everything works as expected (on Windows, MacOS, and iOS).

 

However, if the clients are on different VLANs (not guests), the printer is not usable.

I can ping the printer from any VLAN. I can also access the printer's web management page with no issues from any VLAN as well. But no print service.

 

I added an mDNS Rule (device type gateway) enabling the pre-configured Printers and Scanners Bonjour services between the Services Network (IoT) and the Client Network (all others):

  • Printers: _ipp._tcp.local, _pdl-datastream._tcp.local, _printer._tcp.local, _http._tcp.local, _http_alt._tcp.local, _ipp-tls._tcp.local, _fax-ipp._tcp.local, _riousbprint._tcp.local, _ica-networking._tcp.local, _ica-networking2._tcp.local, _ptp._tcp.local, _canon-bjnp1._tcp.local, _ipps._tcp.local
  • Scanners: _ipp._tcp.local, _pdl-datastream._tcp.local, _scanner._tcp.local, _http._tcp.local, _http_alt._tcp.local, _ipp-tls._tcp.local, _fax-ipp._tcp.local, _riousbprint._tcp.local, _ica-networking._tcp.local, _ica-networking2._tcp.local, _ptp._tcp.local, _canon-bjnp1._tcp.local, _ipps._tcp.local

 

However, it did not work (mDNS is working, as I added also HomeKit services and it works fine). AirPrint scans are not able to find the printer if it is on a different VLAN.

 

There is no ACL rule in place blocking any traffic between the VLANs (as far as I am aware, the default behavior is to allow it). Nevertheless, I anyway configured a Switch ACL rule explicitly allowing bi-directional TCP and UDP traffic on all ports from an IPGroup containing the printer's_ip/32 and the VLANs, but it also did not work.


Do you have any hints on how to get printing to work in an Omada-based SDN (Windows and Airprint)?
 

Thanks & Regards.

  0      
 
  0      
 
#1
Options
7 Reply
Re:Printing across VLANs
2023-09-08 12:47:34

Quick update. Actually, printing from MacOS works.

Still nothing on Windows nor AirPrint from iOS though.

  0  
  0  
#2
Options
Re:Printing across VLANs
2023-09-08 17:22:49

  @berwig check your client machines windows firewall rules, probably they are blocking inter-vlan communication.

  0  
  0  
#3
Options
Re:Printing across VLANs
2023-09-08 18:20:43

@Bonesoul, thanks for the suggestion.

 

It doesn't seem to be the case., and I could not find any firewall rules blocking inter-VLAN traffic.

As a matter of fact, I can access everything on other VLANs, including the printer's web page.

There is definitely inter-VLAN traffic going on.

 

On top of that, why isn't Airprint working as well?

Bonjour services are enabled, are there any other prerequisites missing?

  0  
  0  
#4
Options
Re:Printing across VLANs
2023-09-08 21:40:54

So, here are some interesting findings.

 

I went to the printer and disabled and re-enabled AirPrint.

The printer was immediately found by the iOS devices.

However, that only works for about 5 minutes. After that, the AirPrint doesn't find it anymore.

It is as if only the initial broadcast was transmitted across the VLANs.

 

Again, this only happens if the device is not connected to the same VLAN as the printer.

If it is on the same VLAN, no issues at all.

 

Another interesting finding... the default LAN (VLAN 1) does not suffer from that. Everything works there. All other VLANs are configure exactly as this one, except of course for Gateway/subnet, IP range, DHCP, and VLAN number.

 

Any ideas?

  0  
  0  
#5
Options
Re:Printing across VLANs
2023-09-11 02:32:10

Hi @berwig 

Thanks for posting in our business forum.

I would suggest you take a look at this: Troubleshooting mDNS Repeater on the Router Doesn't Take Effect

It's about the mDNS. But I wanna say if you can find your devices for a few minutes but disappear later, it's not about the mDNS then. Seems to be an issue with your device or software. If mDNS does not work, it shouldn't work at the very beginning. Not 5 minutes and stopped.

berwig wrote

I went to the printer and disabled and re-enabled AirPrint.

The printer was immediately found by the iOS devices.

However, that only works for about 5 minutes. After that, the AirPrint doesn't find it anymore.

It is as if only the initial broadcast was transmitted across the VLANs.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options
Re:Printing across VLANs
2023-09-11 13:38:04

Hi @Clive_A 

Thanks for the suggestion.

I feel confident enough to say the issue is with the mDNS.

I could see in the tcpdump the initial broadcast on 224.0.0.251 port 5353, but then they would disappear.

I spun up Avahi in docker in reflector mode and attached it to the desired VLANs and it is now visible across all VLANs.

 

I wish the mDNS implementation in Omada would work though, this way I could specify which Bonjour services get repeated or not, to avoid a broadcast flood, not to mention potential security concerns... Anyway, I can at least specify which devices should be accessible or not through ACLs. 

  0  
  0  
#7
Options
Re:Printing across VLANs
2023-09-12 01:23:02

Hi @berwig 

Thanks for posting in our business forum.

berwig wrote

Hi @Clive_A 

Thanks for the suggestion.

I feel confident enough to say the issue is with the mDNS.

I could see in the tcpdump the initial broadcast on 224.0.0.251 port 5353, but then they would disappear.

I spun up Avahi in docker in reflector mode and attached it to the desired VLANs and it is now visible across all VLANs.

 

I wish the mDNS implementation in Omada would work though, this way I could specify which Bonjour services get repeated or not, to avoid a broadcast flood, not to mention potential security concerns... Anyway, I can at least specify which devices should be accessible or not through ACLs. 

I am pretty sure mDNS works on both V1 and V2 ER605 because I wrote that troubleshooting article and I did tests with various captures. Pretty sure the mDNS issue would be either misconfiguration or ACL.

If that broadcast disappears, it could be the software issue. It stops repeating the broadcast and fails to discover. The only way to verify this is to Wireshark. I am using AirPlay or Spotify during the writing. AirPlay does not repeat discovery as much as Spotify when broadcasting and discovering.

If in multiple VLAN networks, you see the mDNS from another come to this VLAN, then mDNS is good. No bug or issue.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#8
Options

Information

Helpful: 0

Views: 1962

Replies: 7

Tags

VLAN & Multi-Networks
Bonjour
Related Articles
mDNS repeater across VLANS
7335 29
Sharing Devices Across VLANs
294 0
 VLANs and SG2008P
950 0
SMB sharing across inter-vlans
569 0
Sharing NAS folder across VLANs
315 0
 SMB Share across VLANS
3706 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.