Orbi WiFi 7 RBE973
Reply

Cannot print between VLANs

KBXR
Aspirant

Cannot print between VLANs

M4100 switch, Port VLANs with routing enabled. 

 

Each VLAN has its own router attached because each VLAN services a different organization with their own External IP.  These organizations share a single central printer. Each router has a static route to the other routers on the other VLANs. 

 

-The printer is on VLAN 101.

- I can print from any node on VLAN 101.

- From all VLANs I can ping the printer. 

- From other VLANs I can login to the web interface of the printer,

- From other VLANs when I send a print job the printer sees the print job but refuses it with a very generic (i.e. meaningless) error

- If I route the printing to the external IP address of VLAN 101 or replace the M4100 with another (dumb) switch, printing works fine.

 

WTF??!! What is the printer expecting that is not being properly routed through the M4100 switch?  Anyone else had this or similar problems?

Message 1 of 8
DaneA
NETGEAR Employee Retired

Re: Cannot print between VLANs

Hi KBXR,

 

Kindly try to configure Protected Port(s).  

 

a. On the web-GUI of the M4110-26G, go to Security > Traffic Control > Protected Ports.

b. In the Group ID, select 0.  

c. On the Group Name field, you may enter any group name you want.
d. Click the orange bar to display the available ports.

e. Select the check box below on the appropriate port where the printer is connected.

f. Click Apply.

g. Check if you will be able to print from other VLANs other than VLAN 101.

 

As reference guide, read pages 319-320 of the M4100 user manual here.  Let me know if it helps.  

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 2 of 8
KBXR
Aspirant

Re: Cannot print between VLANs

No change, unfortunately. Print jobs from vlan 101 work just fine, print jobs from the other vlans fail. The printer logs the print jobs from other vlans as "Cancelled"  Not a terribly helpful log entry but it is clear that the print job gets to the printer.  The printer logs show the name of the file being printed as well as the name of the user who sent the job, but the job is "Cancelled" almost immediately and never enters the print cue. 

 

 

I was hopful.  🙂  Any other thoughts? 

 

Message 3 of 8
DaneA
NETGEAR Employee Retired

Re: Cannot print between VLANs

Hi KBXR,

 

Your existing network is kinda intricate.  Can you post an image or screenshot of your detailed network setup? 

 

You might want to consider configuring Asymmetric VLANs.  However, as per your initial post, each VLAN has its own router.  So having Asymmetric VLANs is not advisable.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 8
KBXR
Aspirant

Re: Cannot print between VLANs

Yeah, intricate might be a word for it.

I've been thinking that I might want to redesign to a single
router with multiple WAN ports, create the VLANs at the router, get rid of
all IP routing on the switch and use port defined VLANs on the switch
simply to keep the Microsoft Small Business Servers from seeing each
other's DHCP service.

After a quick look, it seems that the document you sent may hold the answer. Thanks!  If I still have
questions after I study the document and implement some changes to test, I'll post a picture of the current network.

Thanks Dane.

Message 5 of 8
KBXR
Aspirant

Re: Cannot print between VLANs

OK, so the article helps A LOT!!  Seems I was creating an asymetrical vlans already but didn't (don't) understand the rules of the game yet. 

 

I have, however, run into an issue with the rule that says for the asymetrical vlans to flow traffice between them that all the vlans must belong to the same subnet. Mine do not.  I have 192.168.10.0/24 192.168.20.0/24 and so on. 

 

(Funny thing is, though, that currently traffic routes between the /24 subnets just fine using the IP address. The printers actually see the job comming at them. I still want to know what bit of information is left out, wrong, or what protocal is blocked that does not allow the print job to complet.  But let's ignore that for the moment.)

 

I am stuck with keeping the three /24 subnets because:

- Each Microsoft Small Business Server demands that it be on a /24 network. Period. No getting around it. 

- Each Mictosoft Small Business Server demands that it be the only DHCP server on the subnet. Period. No getting around it. (that even makes sense)

- I have too many devices to put on a single /24 network

 

So I was thinking ....

- Define each of the routers as being on a 192.168.0.0/16 network.

- Each of the routers keeps its current PVID 

- mark the physical switch ports of the routers as Untagged on all of the vlans so that the routers can freely talk directly to each other but not directly to any other devices not on their vlan. 

- The only switch ports marked as Untagged on multiple vlans would be the for the routers 

- I shouldn't have to create any static routes at the routers since they all belong to the same /16 subnet 

 

Think that would work? Thoughts?

Message 6 of 8
DaneA
NETGEAR Employee Retired

Re: Cannot print between VLANs

Hi KBXR,

 

From what you have thought about, I really can't tell if it will work or not since from the article i have provided about Asymmetric VLANs, it shows there that there is only one uplink port that is connected to only one router.  

 

Going back on your existing network setup as of now, is there an Access Control List(s) or ACLs configured?  From your initial post, you mentioned that other VLANs can get replies from the printer. Are there any ACLs set up on the M4100 switch that allows other VLANs to access the printer?

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 8
KBXR
Aspirant

Re: Cannot print between VLANs

Sorry this took so long to get back to you.  The short answer.... there are no ACL entries.  I wouldn't have thought they were needed.  I did get to sniff the traffic a bit, however.

 

The result of looking at the packet traffic is that almost none of the ACKs are getting through. Print driver sends the equivilent of "Hello World", the printer sends back an ACK but it is never received. This happens ONLY with printers. The web interface of the printer is accessible from anywhere and pings respond just fine and I can print from any node on the same VLAN as the printer.

 

This happens on all three of the printers -- differnet makes of printers.

 

I'll take a look at the ACL but I don't really understand the purpose of ACLs so it may take a few days again while I study up on them enough to feel like I can change a production environment. 

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 5745 views
  • 0 kudos
  • 2 in conversation
Announcements