Link to home
Create AccountLog in
Avatar of Michael986

asked on

Printing over VLAN

We have a network segmented into 2 VLANs. The main network (192.168.0.x) contains all of the servers, printers etc, and VLAN2 (192.168.13.x) contains a handful of PCs. The 2 VLANs are connected using a Layer 3 cisco switch.

The VLAN2 PCs are able to access network shares, Exchange etc on the MainServer ( but cannot print to the network printers. They can ping the printers, but not open the config pages (http://<printer ip> or actually print. All these things work ok on PCs on the main network.

The switch has the following config:-

interface port-channel 1
description SWITCH2
vlan database
vlan 2
interface range ethernet g(7-12,31-36)
switchport access vlan 2
interface vlan 2
name SWITCH2
interface range ethernet g(1,25)
channel-group 1 mode on
ip dhcp snooping vlan 1
ip dhcp snooping vlan 2
interface vlan 1
ip address
interface vlan 2
ip address
ip route
hostname "VLAN Switch"
username <user> password <password>
ip name-server
ip host MainServer

There is also a firewall ( - would it be this that is causing the problem or is there something that I need to add to the switch config to allow connection to the printers?
Avatar of asavener
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
what is the gateway of the VLAN 2 AND vlan 1...
ideally VLAN should be the gateway of the hosts.
Avatar of Michael986


asavener - yes, spot on, they do have that default gateway.

I've now changed one the printers to have as the gateway and it now works fine.

What I didn't say in my original post was that it was working fine up until a couple of days ago - multiple printers, all with a gateway of printing fine from VLAN2.

The only thing that changed was that we tidied up some firewall objects (and as far as I'm aware, it was just tidying up - removing unused objects, renaming some to more descriptive names etc).

Maybe we deleted something accidentally? But if so, what would it have been that would have the same effect as changing the gateway on the printers?
You might have removed the permit intra-interfacing routing command.

same-security-traffic permit intra-interface
Have checked that setting on the firewall - it's currently switched on

There is also a static route on the firewall (route <network> 1) - should that not be routing requests for VLAN2 back to the switch?
Like I said, if it doesn't see the SYN packet to open the connection, it will block the rest of the connection.