cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8140
Views
5
Helpful
13
Replies

using a printer in a different vlan

roncro
Level 3
Level 3

Hello,

 

I have seen several post about this topic in the pas, but how does one have machines in one vlan use printers in another vlan. (I can see/ping both from the router, the printer as well as the work stations, workstations are in vlan1 and the printer is in vlan3)

 

Is there a way to have machines in one vlan only being able to 'touch' the printer, and nothing else? (iif there were other devices in that vlan?)

 

thanks,

 

Ron

1 Accepted Solution

Accepted Solutions

Right. If you have IP connectivity, you should be able to go from there...

View solution in original post

13 Replies 13

omz
VIP Alumni
VIP Alumni

You can configure an ACL to allow access to only printer IP.

something like - 

access-list 101 permit ip any 10.1.1.1 0.0.0.0

where 10.1.1.1 is a printer IP 

Hello,

 

not really sure what you are after...a printer is just a device with an IP address. As long as that IP address is reachable from any other Vlan, printing across Vlans should work...

 

Can you clarify ?

well there are a few devices, printer, scanner etc, that I would like to put in a different vlan and have machines from other vlans use the printer but not necessarily the rest.

 

I have the wireless printer connection through an AP, on vlan3, and I can ping it from the router. The workstations are on vlan1, and I can ping those from the router too. (would I need to put the workstations in vlan3 as well)

 

Ron

Hello,

 

what does your topology look like, which devices do you have in your network ? Is inter-Vlan routing already done somewhere ?

Hello Georg,

 

well;  physcally it is a 2900 Cisco router and two 2960s switches.  It is a router on a stick setup, with a trunk going from one switch to the router and a trunk between the two switches. (well and there's a RV320, that I just use as a switch for an access point that connects a controller that doesn't like to play well with the cisco 2900 router, but does with the rv320)

 

VLAN wise;

I have 3 vlans (4,5 and 6 over wireless access points) for 3 different type of sensors

I have one vlan (7, also over wireless, for laptops etc.)

One vlan where I want things like a printer in (vlan 3, also over wireless)

and there's vlan1,  wired.

 

Inter vlan routing, to be honest I don't know if I have done that all correctly.  I have traffic between vlans but that's all on trunks.

for example one access point is connected to a switch like:

interface GigabitEthernet1/0/12
switchport trunk native vlan 37
switchport trunk allowed vlan 1,3-7,37
switchport mode trunk

 

while I have a machine in vlan2 connected like:

interface GigabitEthernet1/0/1
description zonem.localdomain switch port
switchport trunk native vlan 2
switchport trunk allowed vlan 2,4-7
switchport mode trunk

 

probably not ideal, if not just wrong.

 

Ron

 

 

Hello,

 

if you have configured a router on a stick, there should be subinterfaces for all Vlans. If configured correctly, all Vlans should be able to talk to each other. Can you post the running configuration of the 2900 router ?

Hello Georg,

 

I have interfaces  for all vlans/subnets on the router I think.

 

Here's the running config.

 

thanks!.

 

#show run
Building configuration...

Current configuration : 6541 bytes
!
! Last configuration change at 18:30:25 UTC Mon May 18 2020 by admin
! NVRAM config last updated at 23:15:34 UTC Sun May 17 2020 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Charon
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Y6Ap$foIYqVqbcci.b9/iOKKVt/
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
ip dhcp excluded-address 192.168.7.1 192.168.7.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp ping timeout 600
!
ip dhcp pool VLAN1-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-1
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name localdomain
!
ip dhcp pool VLAN4-DCH-S
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-4
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.1.1
!
ip dhcp pool VLAN5-WMO-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-5
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.1.1
!
ip dhcp pool VLAN6-TNTN-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-6
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.6.1
!
ip dhcp pool VLAN7-THE-MATRIX-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-7
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.1.1
!
ip dhcp pool VLAN2-SERVERS
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-2
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name localdomain
!
ip dhcp pool VLAN3-DEVICES-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-3
default-router 192.168.3.1
dns-server 192.168.1.1
domain-name localdomain
!
!
!
ip domain name localdomain
ip host charon.localdomain 192.168.1.1
ip host C2960s-north.localdomain 192.168.1.2
ip host cuda.localdomain 192.168.1.116
ip host seismo.localdomain 192.168.2.4
ip host cnc.localdomain 192.168.1.115
ip host picopod.localdomain 192.168.1.107
ip host picoscope.localdomain 192.168.3.37
ip host cisco-ap7.localdomain 192.168.37.17
ip host cisco-ap8.localdomain 192.168.37.18
ip host cisco-ap2.localdomain 192.168.37.12
ip host north.localdomain 192.168.1.2
ip host cisco-ap1.localdomain 192.168.37.11
ip host cisco-ap9.localdomain 192.168.37.19
ip host cisco-ap5.localdomain 192.168.37.15
ip host C2960s-south.localdomain 192.168.1.3
ip host south.localdomain 192.168.1.3
ip host cisco-ap6.localdomain 192.168.37.16
ip host AP-TM-W-F7C033.localdomain 192.168.1.5
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO2911/K9 sn FCZ192771UU
!
!
username admin privilege 15 password 7 1500085A550A3F373D3D342F1A5441
username wwwadmin privilege 15 password 7 061118365E4D5F48251B130500
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.2.255
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/1.6
encapsulation dot1Q 6
ip address 192.168.6.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/1.7
encapsulation dot1Q 7
ip address 192.168.7.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.37
encapsulation dot1Q 37
ip address 192.168.37.1 255.255.255.0
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip forward-protocol udp discard
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns view default
domain list localdomain
ip dns server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/0 overload
ip nat inside source list 107 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.x.y 80 interface GigabitEthernet0/0 80
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 107 permit ip 192.168.7.0 0.0.0.255 any
!
control-plane
!
!
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 105C0A4F54370618190A2B262D7B64
login local
transport input ssh
line vty 5 392
password 7 131714445A2C10393E2A293E3C7144
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server time.nist.gov
!
end

Hello,

 

what if you put the printer on a switchport, configure the port as:

 

switchport mode access

switchport access vlan x

spanning-tree portfast

 

and set the printer to DHCP, does it get an IP address ? That address should be reachable from all other Vlans. The router on a stick looks correct.

well,  that printer doesn't have a regular ethernet port, it has wireless and USB

 

However, it does get an ip address and if I put a laptop in that same (wireless) vlan,  I can get to it. (I can also ping it from the router and both switches, and I see it in the association list on the AP). the IP settings seem ok (ip address 192.168.3.37, netmask is 255.255.255.0 and the default gateway is 192.168.1.1, which is the router)

 

The port (on the switch) of the access point the printer connects through looks like this:

interface GigabitEthernet1/0/12
description switch port for AP2
switchport trunk native vlan 37
switchport trunk allowed vlan 1,3-7,37
switchport mode trunk

 

thanks,

 

Ron

Hello.

 

--> ip address 192.168.3.37, netmask is 255.255.255.0 and the default gateway is 192.168.1.1, which is the router)

 

I guess you mean to say the default gateway is 192.168.37.1 ?

 

Can you ping 192.168.3.37 from any other device (laptop,PC) ?

 

I am kind of lost to be honest on what the problem actually is. You need to have IP connectivity. The router is configured correctly, the printer gets an IP address...

-->  I guess you mean to say the default gateway is 192.168.37.1 ?

 

No I meant 192.168.3.1, but somehow it was 192.168.1.1 

 

I can ping it now...     (So now it's just the standard printer hassle...)

 

thanks!

 

Ron

Right. If you have IP connectivity, you should be able to go from there...

I wonder if there's something strange going on,  since I can ping a windows laptop in vlan3 connecting through the same accesspoint from my 'regular' workstation.

 

Ron

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco