I'm having some issues getting AirPrint Multicast to full propagate in mixed wired and WIFI access. The indications are an iPads and iPhones not seeing the printer name in the list when queried.
Simplified network setup:
2 WAX610 APs with 2 SSIDs and VLANS, client isolation is off on both SSIDs:
SSID1 is linked to VLAN1
SSID600 is linked to VLAN600
APs are connected to an MS510TXPP. Ports to which both are connected are in trunk mode.
MS510TXPP is connected to a FortiGate firewall/router that terminates and routes the VLANS to each other:
VLAN1 is defined as subnet 10.10.10.1/24
VLAN600 is defined as 10.10.106.1/24
Multicast policies have been enabled on the firewall/router to forward all multicast between the two networks, and routing policies enable all traffic.
What works:
1. AirPrint printer is connected to SSID600 and it gets a 10.10.106.x address. iPad is connected to SSID600 and gets a 10.10.106.x address. Printer is visible to the iPad and can communicate successfully.
2. AirPrint printer is wired to a switch port with a PVID of 600 and gets a 10.10.106.x address. iPad is connected to SSID600 and gets a 10.10.106.x address. Printer is visible to the iPad and can communicate successfully.
3. AirPrint printer is wired to a switch port with a PVID of 600 and gets a 10.10.106.x address. iPad is wired to a switch port with a PVID of 600 (ethernet dongle) and gets a 10.10.106.x address. Printer is visible to the iPad and can communicate successfully.
4. AirPrint printer is wired to a switch port with a PVID of 600 and gets a 10.10.106.x address. iPad is wired to a switch port with a PVID of 1 (ethernet dingle) and gets a 10.10.10.x address. Printer is visible to the iPad and can communicate successfully, which is being routed between subnets on the router.
What I can't get to work:
5. AirPrint printer is wired to a switch port with a PVID of 600 and gets a 10.10.106.x address. iPad is connected to SSID1 and gets a 10.10.10.x address. Printer is NOT visible to the iPad and can NOT communicate successfully.
Summary of printer to client connection:
1. Same SSID works
2. Wired printer to WIFI client in same VLAN works
3. Wired printer to wired client in same VLAN works
4. Wired printer to wired client in different VLAN and subnet via router works
5. wired printer to WIFI client in different VLAN and subnet fails
For #5 it seems like the multicast traffic cannot traverse both the router boundary AND the wired to WIFI boundary of the AP. I have played with the multicast settings on the router and the switch, but don't seem to have access to the same level of the AP configuration via Insight Cloud.
Each VLAN does represent it's own logical network.
Typically, one does operate dedicated IP subnetworks on each network.
The reason for having multiple VLANs is to have dedicated networks.
If you want to reach another subnet / VLAN, the technical basic answer is routing.
AirPrint and the likes are designed for a single network. Means the device and the printer must be in the same subnet.
The same applies to AirPrint and the related Bonjour based discovery, which is built on Multicast.
Multicast is used for functions like discovery or service availability, not for transporting data like printable stuff (for example) from a client to another device like a printer.
What does bring you to the impression that either the WAX610 or your security appliance should allow such a configuration - which can't be fully fRFC compliant and inherits certain security risks btw.?
