Troubleshooting VLAN Printer Sharing Issue on Meraki Network

HSHan
Here to help

Troubleshooting VLAN Printer Sharing Issue on Meraki Network

Device: Meraki MX 100


VLan ID 100: 192.168.100.x (Printer installed here)
VLan ID 200: 192.168.200.x 

VLan ID 300: 192.168.200.x 

 

Printer ID: 192.168.100.64

Test PC: 192.168.200.1

 

I have utilized the port-based VLAN feature to set up several VLANs on my network and connected the network printer. However, I am encountering an issue where I cannot print from the test PC (192.168.200.1). 
 
Do you recommend setting up a printer server to facilitate printer sharing across the VLANs?
I initially anticipated that the printer would be shared, at the very least, among VLANs connected to the same Meraki device. 

=================================== < 2nd part >===================================
I added an 'Allow' policy to the Meraki Firewall as suggested.  
 
Screenshot 2023-09-14 at 1.22.11 PM.png
To summarize, I can ping from both IP ranges (192.168.125.x and 192.168.1.x), BUT I encountered an error.

C:> Connecting To 192.168.1.64...Could not open connection to the host, on port 23: Connect failed

I'm not sure why I need to test Telnet to verify printer sharing functionality. Is this test still valid and accessible even if I don't have a printer server?
10 Replies 10
RaphaelL
Kind of a big deal
Kind of a big deal

Can you telnet the printer on some port ? 515 , 9100 or any other printing ports used by your printer ? Are you sure that you don't have any L3 firewall rules blocking that type of trafic ?

HSHan
Here to help

Hey, Raphael.
 
Thank you for taking the time to look into my issue. I attempted to connect to the printer with Telnet, but unfortunately, I was unsuccessful. Could you please let me know what settings or configurations I need to enable in Meraki to make this work?
RaphaelL
Kind of a big deal
Kind of a big deal

Go to your firewall settings of that MX100 : 

 

RaphaelL_0-1694712823774.png

 

 

Do you see any L3 firewall rules ? :

 

RaphaelL_2-1694712962950.png

 

 

You will need atleast one rule to allow the flow between your workstations on vlan 200-300 to your vlan 100. You can add an 'allow any any any' rule to see if that works , and adjust the details later.

HSHan
Here to help

Yes, currently, all sources are set to deny. I've added an 'Allow' rule for VLAN 10, which is connected to the printer. However, I'm still unable to Telnet from the other VLANs.

Screenshot 2023-09-14 at 10.57.47 AM.png

ww
Kind of a big deal
Kind of a big deal

You have set tcp 23 as source,  but clients most time use a random source port.

 

Try use protocol any port any as source first

HSHan
Here to help

Screenshot 2023-09-14 at 1.22.11 PM.png

Yes, I changed it to 'Any,' but the issue remains. The strange thing is that I can't use Telnet from 192.168.1.191, which is on the same network as the printer, but I can print from this laptop. It appears that the Telnet feature is not enabled on Meraki. Do you know how I can confirm?

leewalhovd
Meraki Employee
Meraki Employee

23 is the default telnet port but you can use any port. It's basically a basic way to check that the port is reachable without sending a print. Although telnet to 9100 can be used to spit output directly to a printer and have it print. Not every device will allow telnet from a remote network. So there could be something going on with the printer.

You would likely want to allow more ports for the printer, 9100 is a RAW port but they often have other ports or use Multicast like WDS/Airprint if you want it discoverable. If you don't know which ports you need open doing an allow-all to the printer and printing with a packet capture going filtered for the traffic might be a good idea to find which ports you need to have open. If you need the printer discoverable on other VLANs bonjour forwarding can be used. 

amabt
Building a reputation

I had to deal with a similair issue and spent hours with Meraki support. Turns out the NBar was misclasifying the traffic and blocked the communications and reset those connections. The rule in our case was detected as "webmail".

 

After upgrading the firmware to the latest. The issue is resolved.

 

What makes it frustrating is that. If you reboot the MX it works for a short while then randomly stops working until another reboot. This happens on many network all runing on the exact same firmware (part of a template).

 

Try the Event Logs under network and look for Nbar events.

HSHan
Here to help

Hey, amabt Thanks for taking time to read my question.
The firmware was updated a while ago. (Current version: MX 18.107.2)


Actually, I had no problems using the printer before with the current VLAN setup, but something happened that I don't even remember. The printer suddenly stopped communicating over the VLAN. It could be a device issue, but I want to verify whether this is a device issue or a problem with the functions.

 

I searched for 'NBar' in the event log, but found no results. Any ideas?

amabt
Building a reputation

An example of the NBar rule hit

 

amabt_1-1695167118244.png

 

 

Get notified when there are additional replies to this discussion.