We have a high-quality color laser printer connected to a HP JetDirect interface on our network. We have been restricting access to the print spool on the server, but some enterprising users have found that they can print directly to the JetDirect, thus bypassing the restrictions. I tried to restrict access to the JetDirect using our Cisco 6509 by putting an ACL in place that only allows traffic to/from the server. However, when I do this, no one can print, even those users that are supposed to be able to. I would have thought that this would work, since the windows based pc's are setup to print to the server, which it turn would spool the jobs to the printer, but it doesn't. I had check with a network packet sniffer first, and the only traffic that I was seeing at the jetdirect was traffic to/from the server.
Next I tried to restrict access to specific ports, with the same result. No one can print.
For reasons that I can't get into, I can't put the printer on a seperate VLAN or network.
Does anyone have any other ideas?