Hey @LTS_Tom,
Hope all is well, from a business network design perspective, what are your thoughts on putting printers in separate vlans?
Have you deployed Avahi/MDNS in a production network?
My IT department does this at work, but the bigger reason is to connect the printers to print servers so they can track the amount of printing each person does. We are supposedly under a reduce printing initiative from a larger “governing” body, though I still think that they use this as an excuse anytime they expect backlash. I’ve found no such recommendation from the other place.
I put printers in separate VLANs for some clients. Most of the time it’s if they have a guest network VLAN that needs access to the printer as well.
1 Like
+1 for what @extramile_mike said.
For anyone with more than a couple of printers or a guest net that might need to print I tend to go for a separate vlan.
I’ve not played with Avahi for aaaaages, we just install printers using the IP address via a powershell script.
I have my printers on a separate VLAN and I use a CUPS server to allow for all the printers to be managed and shared from a central server that sits on a different VLAN than the printers. Only that server can talk to the printers and the printers can only talk to that server via the firewall. Then I can allow 1 or more VLANs access to that server for printing.
The only client that needs any setup is Windows as Linux, Apple and Android systems are able to see and use the printers with Avahi that has been configured on the selected VLANs.
As a home user, we have one printer that my g/f mostly uses. We just connected it to the wifi in the generic WiFi vlan. I have other stuff on a separate network and vlan for now. More security will go into place as I build two more PCs and get a Synology NAS. Probably also a Netgate pfSense box.
My thought is that since my g/f is the type that thinks “the WiFi is fine” for everything, I’d adopt the concept that whatever she uses goes in the WiFi then and I don’t care about it. My own stuff will be secured.
I treat printers like IoT devices, so they are always on a separate VLAN.
Thanks everyone for the responses. Good feedback and insight. I have had the same issue a few times with avahi/MDNS and unifi controller. Every so often (especially at critical times) the printer will disappear from clients.
Troubleshooting used to involve restarting the avahi service on pfsense and I found that wouldn’t work. So the next step would be removing the pfsense MAC from the multicast exception list and reading it. I would do these steps with wire shark running in the background and filter for MDNS, only after the last step did I see MDNS packets which confirmed that it fixed the issue.