Link to home
Create AccountLog in
Avatar of Michael986
Michael986

asked on

Printing over VLAN

We have a network segmented into 2 VLANs. The main network (192.168.0.x) contains all of the servers, printers etc, and VLAN2 (192.168.13.x) contains a handful of PCs. The 2 VLANs are connected using a Layer 3 cisco switch.

The VLAN2 PCs are able to access network shares, Exchange etc on the MainServer (192.168.0.10) but cannot print to the network printers. They can ping the printers, but not open the config pages (http://<printer ip> or actually print. All these things work ok on PCs on the main network.

The switch has the following config:-

interface port-channel 1
description SWITCH2
exit
vlan database
vlan 2
exit
interface range ethernet g(7-12,31-36)
switchport access vlan 2
exit
interface vlan 2
name SWITCH2
exit
interface range ethernet g(1,25)
channel-group 1 mode on
exit
ip dhcp snooping vlan 1
ip dhcp snooping vlan 2
interface vlan 1
ip address 192.168.0.20 255.255.255.0
exit
interface vlan 2
ip address 192.168.13.20 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.0.254
hostname "VLAN Switch"
username <user> password <password>
ip name-server  192.168.0.10
ip host MainServer 192.168.0.10

There is also a firewall (192.168.0.254) - would it be this that is causing the problem or is there something that I need to add to the switch config to allow connection to the printers?
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
what is the gateway of the VLAN 2 AND vlan 1...
ideally VLAN should be the gateway of the hosts.
Avatar of Michael986
Michael986

ASKER

asavener - yes, spot on, they do have that default gateway.

I've now changed one the printers to have 192.168.0.20 as the gateway and it now works fine.

What I didn't say in my original post was that it was working fine up until a couple of days ago - multiple printers, all with a gateway of 192.168.0.254 printing fine from VLAN2.

The only thing that changed was that we tidied up some firewall objects (and as far as I'm aware, it was just tidying up - removing unused objects, renaming some to more descriptive names etc).

Maybe we deleted something accidentally? But if so, what would it have been that would have the same effect as changing the gateway on the printers?
You might have removed the permit intra-interfacing routing command.

same-security-traffic permit intra-interface
Have checked that setting on the firewall - it's currently switched on

There is also a static route on the firewall (route <network> 192.168.13.0 255.255.255.0 192.168.0.20 1) - should that not be routing requests for VLAN2 back to the switch?
Like I said, if it doesn't see the SYN packet to open the connection, it will block the rest of the connection.