Printing segregated to VLAN by itself

A number of years back, the organization I was working with undertook a Caribbean wide Cisco WAN project, with a spoke & hub VPN design linking a single location in several territories back to "head office". A junior colleague of mine was tasked with setting up the spoke in our territory and this should have required nothing more than unboxing a preconfigured Cisco SOHO firewall connecting it to a DSL modem provided by the local Telco and adding two PCs and a printer - all configuration being done by the folks in the "head office" location. Now - I have no idea how the roll out went in any territory but ours - but - ours did not go well. I believe it was the third day after the job was "completed", it came to my attention that my colleague was having trouble with the installation and had made several trips to site and could not get the VPN to stay connected for more than approximately thirty minutes - he had, as his "support resources" the "head office" team who had performed the configuration, and Cisco support. The following day I was asked to get involved as the downtime was now starting to be an issue and revenue loss was a concern - discussions with my colleague revealed that Cisco support would walk him through disabling the firewall inspection list, at which point the connection would come up, he would then be instructed to re-enable the list, the connection would stay up, he would leave the site, and roughly thirty minutes later he would get a call saying the connection had dropped. I asked him to let me have the configuration which "head office" were reluctant to make available so another day went by - and on the evening of the fifth day the requested information was emailed to me. It took me less than 10 minutes to go through it and determine that they were blocking inbound DHCP in the firewall - so what was happening was this - at power on the Cisco could not get an ip address from the Telco using DHCP, they would disable the inspection list, it would get an address and the connection would come up, they would re-enable the list and the firewall would be unable to renew the DHCP lease and when the lease timed out, the connection would go down. I called my colleague, told him which line in the config to "remark out" - he passed the suggestion to Cisco support (who he had on the phone at the time) and from what I'm told the reply went along the lines of "ahhhhh - yes - that would do it". I can give you a dozen or so similar stories - mostly Cisco related, but only because many of the projects I've worked on have used Cisco equipment - but what I'll say is this -I've been in the business for almost four decades - I'm certified by the "top three PC manufacturers" to support their products, I work on midrange computer systems, UPS power & network infrastructure, I've done WAN support on some of the largest "globe spanning" WANs and built out a few smaller "country spanning" WANs and there isn't a tech support team that I have worked with that hasn't pissed me off at some point along the way. I use Netgear equipment personally, and recommend it in most of my SMB installations, it's decent gear at an affordable price - and for what it's worth - I've just watched another of my colleagues who can be considered a Cisco fanboi (Juniper is his "second best") just spec Netgear - says he can't justify the cost of Cisco. Cost of Cisco was the reason I walked away from it - I will admit to having had more than one "head scratching" moment when Netgear equipment doesn't do what I want, the way I think it should be done, I have been "BSed" all the way up to L3 support, but the equipment generally delivers as promised, at least to a level comparable to any other similarly priced product.