Meraki

Community

Troubleshooting VLAN Printer Sharing Issue on Meraki Network

HSHan
Here to help
‎Sep 14 2023 9:52 AM
‎Sep 14 2023 9:52 AM

Troubleshooting VLAN Printer Sharing Issue on Meraki Network

Device: Meraki MX 100


VLan ID 100: 192.168.100.x (Printer installed here)
VLan ID 200: 192.168.200.x 

VLan ID 300: 192.168.200.x 

 

Printer ID: 192.168.100.64

Test PC: 192.168.200.1

 

I have utilized the port-based VLAN feature to set up several VLANs on my network and connected the network printer. However, I am encountering an issue where I cannot print from the test PC (192.168.200.1). 
 
Do you recommend setting up a printer server to facilitate printer sharing across the VLANs?
I initially anticipated that the printer would be shared, at the very least, among VLANs connected to the same Meraki device. 

=================================== < 2nd part >===================================
I added an 'Allow' policy to the Meraki Firewall as suggested.  
 
Screenshot 2023-09-14 at 1.22.11 PM.png
To summarize, I can ping from both IP ranges (192.168.125.x and 192.168.1.x), BUT I encountered an error.

C:> Connecting To 192.168.1.64...Could not open connection to the host, on port 23: Connect failed

I'm not sure why I need to test Telnet to verify printer sharing functionality. Is this test still valid and accessible even if I don't have a printer server?
Labels:
0 Kudos
10 Replies 10
RaphaelL
Kind of a big deal
Kind of a big deal
‎Sep 14 2023 10:13 AM
‎Sep 14 2023 10:13 AM

Can you telnet the printer on some port ? 515 , 9100 or any other printing ports used by your printer ? Are you sure that you don't have any L3 firewall rules blocking that type of trafic ?

In response to RaphaelL
HSHan
Here to help
‎Sep 14 2023 10:32 AM
‎Sep 14 2023 10:32 AM

Hey, Raphael.
 
Thank you for taking the time to look into my issue. I attempted to connect to the printer with Telnet, but unfortunately, I was unsuccessful. Could you please let me know what settings or configurations I need to enable in Meraki to make this work?
0 Kudos
In response to HSHan
RaphaelL
Kind of a big deal
Kind of a big deal
‎Sep 14 2023 10:35 AM
‎Sep 14 2023 10:35 AM

Go to your firewall settings of that MX100 : 

 

RaphaelL_0-1694712823774.png

 

 

Do you see any L3 firewall rules ? :

 

RaphaelL_2-1694712962950.png

 

 

You will need atleast one rule to allow the flow between your workstations on vlan 200-300 to your vlan 100. You can add an 'allow any any any' rule to see if that works , and adjust the details later.

In response to RaphaelL
HSHan
Here to help
‎Sep 14 2023 11:01 AM
‎Sep 14 2023 11:01 AM

Yes, currently, all sources are set to deny. I've added an 'Allow' rule for VLAN 10, which is connected to the printer. However, I'm still unable to Telnet from the other VLANs.

Screenshot 2023-09-14 at 10.57.47 AM.png

0 Kudos
In response to HSHan
ww
Kind of a big deal
Kind of a big deal
‎Sep 14 2023 12:08 PM
‎Sep 14 2023 12:08 PM

You have set tcp 23 as source,  but clients most time use a random source port.

 

Try use protocol any port any as source first

In response to ww
HSHan
Here to help
‎Sep 14 2023 1:27 PM
‎Sep 14 2023 1:27 PM

Screenshot 2023-09-14 at 1.22.11 PM.png

Yes, I changed it to 'Any,' but the issue remains. The strange thing is that I can't use Telnet from 192.168.1.191, which is on the same network as the printer, but I can print from this laptop. It appears that the Telnet feature is not enabled on Meraki. Do you know how I can confirm?

0 Kudos
In response to HSHan
leewalhovd
Meraki Employee
Meraki Employee
‎Sep 15 2023 3:54 PM
‎Sep 15 2023 3:54 PM

23 is the default telnet port but you can use any port. It's basically a basic way to check that the port is reachable without sending a print. Although telnet to 9100 can be used to spit output directly to a printer and have it print. Not every device will allow telnet from a remote network. So there could be something going on with the printer.

You would likely want to allow more ports for the printer, 9100 is a RAW port but they often have other ports or use Multicast like WDS/Airprint if you want it discoverable. If you don't know which ports you need open doing an allow-all to the printer and printing with a packet capture going filtered for the traffic might be a good idea to find which ports you need to have open. If you need the printer discoverable on other VLANs bonjour forwarding can be used. 

amabt
Building a reputation
‎Sep 14 2023 3:41 PM
‎Sep 14 2023 3:41 PM

I had to deal with a similair issue and spent hours with Meraki support. Turns out the NBar was misclasifying the traffic and blocked the communications and reset those connections. The rule in our case was detected as "webmail".

 

After upgrading the firmware to the latest. The issue is resolved.

 

What makes it frustrating is that. If you reboot the MX it works for a short while then randomly stops working until another reboot. This happens on many network all runing on the exact same firmware (part of a template).

 

Try the Event Logs under network and look for Nbar events.

In response to amabt
HSHan
Here to help
‎Sep 14 2023 4:03 PM
‎Sep 14 2023 4:03 PM

Hey, amabt Thanks for taking time to read my question.
The firmware was updated a while ago. (Current version: MX 18.107.2)


Actually, I had no problems using the printer before with the current VLAN setup, but something happened that I don't even remember. The printer suddenly stopped communicating over the VLAN. It could be a device issue, but I want to verify whether this is a device issue or a problem with the functions.

 

I searched for 'NBar' in the event log, but found no results. Any ideas?

0 Kudos
amabt
Building a reputation
‎Sep 19 2023 4:45 PM
‎Sep 19 2023 4:45 PM

An example of the NBar rule hit

 

amabt_1-1695167118244.png

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.