Meraki

Community

Make printers accessible on multiple VLANs

Solved
RegioEric
Here to help
‎Mar 15 2024 5:18 AM
‎Mar 15 2024 5:18 AM

Make printers accessible on multiple VLANs

Hello everybody,
We have a tiny problem with our network configuration.

 

We have three VLANs:
VLAN 1 - Secure
VLAN 2 - Unsecure
VLAN 3 - IoT

 

Our printers are in VLAN 3, and we want to make only them accessible to clients on VLANs 1 and 2. We could also create an extra VLAN for printers if required.
Our Windows clients are pretty locked down. It would be nice if the printers would appear on the client networks so that our users don't have to enter the IP manually, as this would likely overwhelm them.

As we only use IPv4, I feel like IPv4 Inbound rules could help, but it seems like there is no way to set them.

 

Ideally this should also work over the site-to-site VPN, so that everybody can see the printer at every site.

 

This kind of setup shouldn't be too uncommon, so maybe someone here knows how to configure this.

 

Thanks in advance.

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 17 2024 11:56 AM
‎Mar 17 2024 11:56 AM

Going sideways, have you considered using a printer manager? They let you deploy printers automatically based on a user's location or site in locked-down environments.

https://printerlogic.com/ 

View solution in original post

10 Replies 10
alemabrahao
Kind of a big deal
‎Mar 15 2024 5:43 AM
‎Mar 15 2024 5:43 AM

You are wrong about dicovery via network, as the printer is on a separate VLAN from the clients it means it is on a different broadcast domain, so you will have to add it manually.
 
For the printer to work via S2S VPN you need the networks to participate in auto VPN.
 
If you do not have firewall rules blocking no additional rules are needed.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RegioEric
Here to help
‎Mar 15 2024 5:48 AM
‎Mar 15 2024 5:48 AM

But even if they try to add them manually, it doesn't work. How can I allow traffic from VLAN 1 & 2 to the printers?

 

I already added Outbound Firewall rules:
Allow anything VLAN 1&2 -> VLAN 3
Allow anything VLAN 3 -> VLAN 1&2

 

but as expected it doesn't work. I think I need to set IPv4 inbound rules, but there is no way to set them.

0 Kudos
In response to RegioEric
alemabrahao
Kind of a big deal
‎Mar 15 2024 5:50 AM
‎Mar 15 2024 5:50 AM

No, you don't need inbound rule, do you have any L3 rule configured on your network?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RegioEric
Here to help
‎Mar 15 2024 5:52 AM
‎Mar 15 2024 5:52 AM

No, there is no L3 Rule except for the two I listed above. It doesn't work with or without them.

0 Kudos
In response to RegioEric
alemabrahao
Kind of a big deal
‎Mar 15 2024 5:59 AM
‎Mar 15 2024 5:59 AM

What software version are you running and model of MX?
 
In the past I had problems with printing via the network in versions 17.x.x onwards.
 
It was the reason that led me to give up using the MX as a gateway for my network and started using an L3 switch and the MX became just the default gateway for the internet.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RegioEric
Here to help
‎Mar 15 2024 6:01 AM
‎Mar 15 2024 6:01 AM

Current version: MX 18.107.2
0 Kudos
In response to RegioEric
alemabrahao
Kind of a big deal
‎Mar 15 2024 6:10 AM
‎Mar 15 2024 6:10 AM

Well, I personally haven't tested network printing in the new versions anymore, so what I suggest is that you open a support case.
 
If you don't have any rules blocking communication, it's very likely that it's an unmapped bug.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Mar 15 2024 5:49 AM
‎Mar 15 2024 5:49 AM

Just one correction, if you use a service like Bonjour or mDNS, it supports cross-VLAN discovery. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 17 2024 11:56 AM
‎Mar 17 2024 11:56 AM

Going sideways, have you considered using a printer manager? They let you deploy printers automatically based on a user's location or site in locked-down environments.

https://printerlogic.com/ 

In response to PhilipDAth
RegioEric
Here to help
‎Mar 18 2024 1:32 AM
‎Mar 18 2024 1:32 AM

I guess that is where we are heading. Thanks.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.