Printing segregated to VLAN by itself

What's the point of having the printer on a VLAN by itself?

You're right,

It was on the default LAN (VLAN 1), I could certainly get it reckognized and printing fine on the default VLAN, BUT no VLAN members could ping it.

I can move it back to the default VLAN

How do I get it to be reckognized (being able to ping it and print to it) from the VLAN members?

Do I need to write a MAC based ACL?
(the M4100 port based VLAN switch functions as a level 2 switch)

This has got to be something simple, we're talking basic printing here.. ?? I guta be missing something very basic..

Default gateway on the printer?

The printer is a network printer set to DHCP

When on the default LAN (VLAN id 1) it picks up the default gateway of that LAN subnet

When i couldnt get any of the VLAN members to ping it (or print to it) & put it on its own port (in its own VLAN), the printer picks up the default gw of that VLAN subnet.

I think check on gateway is good idea to me too

Default gw of the printer is picked up fine by printer's dhcp, just checked.
When in the default LAN (VLAN 1) it picks up that default gw
Then put it back into port 4 of the M4100, assigned as PVid 40 with its own dhcp range and again the printer booted up fine and when i checked it had picked up the correct ip and the default gw corresponding to the settings of that VLAN, which is VLAN 4 set up on port 4 of the M4100.

Thanx for all the suggestions.

Let me ask all this tho.

Say you want to use just a single networked printer and put it on the dafault LAN (VLAN 1) for all the port based VLAN members to use, VLANs 3 thru 12.

Can i statically assign the printer an ip on the default LAN, give it the correct default gw for that LAN and have all my VLAN members print to it?
Is that a common scenario?
This is what i was trying to do originally.
Can this be done?

Yes, as long as Inter-VLAN routing is enabled, or VLAN rules are entered.

Got it, thx
I really do want to move the printers to the default LAN (VLAN 1)

And, I do not want to enable interVLAN routing on the SRX5308 for the 9 VLANs that i want to NOT see each other (meaning NOT have access to one another's resources) ,
These 9 particular VLANs are connected behind the SRX5308 thru the M4100 acting as a port based VLAN switch. They are all flat LANs after that.

So, to move the printer(s) i will have to put in some VLAN rules as you say.
I look in the M4100 config screens and can see where i can put in under VLAN routing (NOT enabling ip port routing as in L2+), a specific ip target, so if i input the static ip's i want to assign to the printers here, and as long as only the default LAN (VLAN 1) has InterVLAN routing enabled, then it goes to follow that the intended segregated VLAN members will be able to reach the networked printers and thus be able to ping and print to them?
Do i have this right?

Bcs i also saw where in ACL rules, someone can put this in, for the same intended funcionality it seems to me, , however, i just blew up my M4100 (i will have to reboot it) because i wrote a ip based ACL for anyone to be able to reach the printer as it now sits in VLAN 4 all by its lonesome self and the entire M4100 STOPPED all communications with everything as soon as i hit the "apply".

So I will have to learn ACL's at some point, but i'd rather do it the easiect way for now without busting the M4100 again as i learn the ACL way.. altho i can see the added capability that ACLs can really provide.

So pls advise and i will keep going, and now move the 1st monster printer/copier back into the default LAN and try this and THX for all good advice thus far.

I have moved the printer back into the default LAN
Of course the default LAN prints fine to it and just checked the printer's IP, subnet and deflt gw and it gets these fine from dhcp on the SRX5308

But alas i have tried all i can think of on the SRX5308 and on the M4100 to get the VLANs to be able to see it and print to it. (so far zilch, from VLANs no ping backs )

I have tried a static route on the SRX5308 pointing right to it on the default LAN (VLAN 1)

I have tried VLAN routing on the M4100, but alas the M4100 (with latest fw) tells me no VLAN routing to the management interface LAN)
I could try moving the ip addr i get to the M4100 , howver if i did i'd have to get a laptop and plug right into it in order to configure it henceforth)

I have tried MAC based traffic control under security tab on the M4100, no go

I have tried some ACL, but here i tread lightly bcs i can lock up entire building with all its VLANs as i found out earlier, if i stipulate incorrect parameters in the ACL..

So, is it really this difficcult?? so as to be able to put in some "rules" to get the VLANs to print to a single printer on the default LAN?
SOmebody out there must have a shared printer shared amongst all their VLANs, how didja get it working?

I also have a case with Netgear L2 support, but so far nuthing fruitfull, so i am plugging away at this problem both on these forums and thru support, who have taken Teamviwer remote control of both inside (and outside machines, outside of the Building itself on the general internet), so far nuthing on that end, it's been like 5 days into this case now.. I am scratching my head thinking, it cannot be this difficult to share a printer amongst all these VLANs..

Pls remember that i cannot allow interVLAN routing, except for the default VLAN which has interVLAN routing enabled. All the other VLANs work fine but must stay segregated to their own traffic, so they wont be able to snoop each other's traffic or devices..

The internet works great on all VLANS and teh default LAN, both incoming and outgoing services (by incoming i am talking about firewall port fwd rules, so users can telecommute and such)

Having said all that, as far as the building itself is concerned, i can ping from any VLAN to the default LAN, but only the SRX5308 answers back as the default gw.
Any devices on teh default LAN do not answer back
Thsi is by design i think, so the printer now doesnt answer back either.
Teh reverse is also true on teh LAN, in that there is no pingbacks for any pings sent from teh default LAN to any of the VLAN ports.
Rememebr the M4100 is being used as a portbased VLAN switch, where any single port is equal to a single VLAN.

Anyways, pls keep advice coming.

TY

UPDATE and also for the benefit of future seekers of this functionality.

After 2 marathon remote support sessions with support (over 3 hrs each session) in last 2 days i have come to some conclusions:

FIRST AND FOREMOST:
Do not waste your time with L2 tech support, poorly trained, if you are not a newbie, chances are you know more than they do, it may be that Netgear's plain old L2 support is outsourced (not even NETGEAR) and they have people that can breathe as a qualification, (and most need serious ESL training as well to be understood)

Having said that, TRY to get moved to Tier 2 tech support BUT labeled as 'Medium Enterprise Experts Level2 ' group, which is option 4 off the main 888NetGEAR main support number.
These folks are a cut above and they are what support should be! SPELLED PROFICIENT IN THEIR PRODUCT!
Diffrent experience here! Better and more positive, I coulda saved tons of time if I'd known that almost a week ago when this started. (we're pushing more than a week now)
AND these are brand new outa the box products that come with free 90 day installation support...

OK, where are we sitch wise?

Getting closer to a solution, little by little,

It seems the first approach was the right one after all, having a SEPARATE VLAN (if only for a single printer to start with) which IS NOT the default LAN (VLAN 1) that will be a shared with all others VLAN member.
So typical scenario is LEAVE your default LAN (VLAN 1) as tagged to carry internet traffic, and as I am learning the VLAN rule applies that "edge ports" (ports that end up feeding flat LANS) stay U, untagged, AND ports that carry traffic or Trunks are tagged.

This I am learning is just setting up simple port based VLANs, not setting up 802.1q VLANs here..

SO why is this so difficult,
Well it wouldnt be at all IF we just enabled "interVLAN" routing on ALL VLANs as in all being a FLAT LAN.. BUT that's not the intent. The intent is to keep the VLANs from snooping each other's traffic and resources, yet share a common printer pool (and possible future common pool resources, servers, email sharepoint etc, )

SO that's where a separate "common" VLAN comes into play.

So, Between the default LAN (VLAN 1) and the common pool VLAN which have "interVLAN" traffic enabled all works well.
It's the majority of VLANs that we wanna segregated that the problem arises, these can't ping to teh "common pool" VLAN.

Altho internet access and services such as incoming RDP and private Https servers work great. So all services mapped incoming and all users outgoing still work great and SEPARATE as intended.

So the solution with the aid of the Medium Enterprise Experts Level2 Tech Suppt group at Netgear is moving towards this:

Created the separate VLAN with all ports untagged except port 1 which is the default LAN (VLAN 1), that's tagged. ALl other member VLAN ports untagged.

They concur that writing ACLs in the M4100 port based VLAN switch is the direction.
First try they locked up the M4100 and all traffic in building site came to a halt, a hard reset fixed it because thank the stars the config had not been saved to firmware and the reboot brot back teh config that worked. Regardless I have saved working configs on both the SRX5308 and the M4100 switch.

Now, instead of writing a bunch of ACLs, (which slows down switching as a whole, from what I am told by them because more rules guta take processor time being processed), common rules would be better with a couple ACLs total.

That's the plan.

I will keep the group posted and also post the solution when we arrive there.

Hopefully another couple of days ( or anuther week at most? hopefully not).

AND I guta say this, when buying IT routing/switching eqpt, reliability and SUPPORT SUPPORT SUPPORT have been my main criteria, This experience makes me wonder about moving up to "more" name brand products JUST to take adavnatage of more readily available expert & "proficient in their product "support instead of "learning on the job" while learning type experiences with support on other end.

Also the non-escalation of support cases and taking days to even approach the correct support dept which eventually gets one to people that approach proficiency as support in their field.

I suspect other similar brands like D-link at same level.

What has people's experiences been with switching/router eqpt support from more name brand players like Cisco, Sonicwall, Juniper and such, realizing that the price diffrence is there and some of these have a standard ticket item oft times at a sizable portion of the buy price of the eqpt for pre-configuration charge?
I am scratching my head wondering if in the future that wouldnt be a much better approach than to kill entire week long periods getting nowhere on decently priced eqpt....

-signed: frustrated presently but hopefully optimistic about a resolution in the coming week... "hopefully" ...