Duplicate printer IP address

Re: Duplicate printer IP address

One of the best managed networks I've ever seen was one where dhcp was not allowed anywhere in the building. Granted this was a relatively smaller business with perhaps 50-70 things on the network requiring ip addresses. There was a guest network set up for visitors, etc that was a seperate entity from the business network. This guy had a spreadsheet of all of the used ip's and what they went to. I remember bringing a new printer in. He was all prepared, here is the ip I want. I watched him type in the printer in his spreadsheet and delete the old printer from the spreadsheet. People with wireless laptops, he would go into the Windows settings and hardcode the ip address for them for that network. I remember asking about that.

Say what you will, but I never had printing issues, scanning issues, any sort of network glitches with that customer. He ran a tight ship. I realise that dhcp is a necessary tool in several networks, however, 90% or more of the networks we ever see are this size or smaller. I'm opening a bucket of snakes here, but too many of the IT people are just plain ass lazy when it comes to static ip setting. I'm not talking about the "designated" IT people who are a common employee who knows nothing more than some passwords. I'm talking "professional" IT. To this day, I've never seen a better running network and this guy's skill set is similar to mine "knowledgeable" not doing it for a living. He worked as accounts receivable and payable there. Interesting guy. I think a lot of "IT" professionals could learn a lot from him.

Re: Duplicate printer IP address


I was working on my Security+ and stopped also. I came to the same conclusion, I am too old to change jobs anymore and since I switched employers, I am just a wrench anymore. Don't get to work on networks like I did at previous company.

Re: Duplicate printer IP address

One possible simple scenario. Bad guy may walk in open public areas where often MFP sits unattended and steal network cable from machine as well as its IP address. Now he is inside network with his device.
Of course there are numerous ways to prevent this from happening but just a thought.

Re: Duplicate printer IP address

I have met a lot of IT people like that. Had one drive over 100 miles from Los Angeles to Taft, CA to install a jack for a printer but didn't even bring half the equipment he needed. Then there was there was the one who could not figure that when some of the computers could not access anything and some could that it just might be have something to do with the computers, like whether or not they were turned off over night. He spent over 5 hours trying to determine which router wasn't working properly when the problem was the DHCP service on the Domain Controller had stopped. When I asked the receptionist to have him call me so I could tell him what I had found he told he was too busy so she had the corporate IT supervisor in Spokane call me. He then did a remote connection to the server and restarted the service. He then had the receptionist to announce for all those having network access problems to reboot their computers.

Re: Duplicate printer IP address

Correct. That was what I had in mind anyway. I keep hearing that it's possible, but nobody does it.
=^..^=

Re: Duplicate printer IP address

I know this isn't exactly what blackcat was talking about but I'll share anyway.

Let's say that we put the printer on a VLAN. That VLAN will be tied to a range of IP addresses on the same subnet. Basic stuff. Now we can configure the switch to allow or deny printing to certain users by blocking a IP address or addresses via ACL.


The syntax would look something like this:





I think blackcat was talking about blocking unwanted network traffic at the port level??

Re: Duplicate printer IP address

What I have encountered has been blocking those ports to locations not designated for printers. Works fine as long as everyone knows about it. Had a local office of a large oil field services company where the corporate IT had setup the switches and administered the network for as number of years until they decided it would be better to have a local IT person but failed to inform her about the designated printer jacks. Got a call one Monday morning that printer in their shop office was not working. Over the weekend they had moped all the furniture including the MFP out of the office so they could paint the office. It had a link light and we could ping it but it still couldn't print. Then I noticed that the network jack it was plugged into was the one I normally used when testing. We pulled the MFP out from the wall and there was another jack next to the power outlet. Moved the connection to it and the MFP immediately started printing everything that had been cued to it.

Re: Duplicate printer IP address

You know, I've brought this up with IT folks before when they're getting non-print data hitting the printers IP, and I've always gotten that " ... it could be done ..." response. Maybe it's over the head of your average office IT guy. =^..^=

Re: Duplicate printer IP address

My apologies. slim said "managed" switch. That means it does routing.

Re: Duplicate printer IP address


Switches only deal with Mac Addresses. Ports would be done at the router. It you wanted to block/limit printing at the switch level, it would involve creating an ACL (Access Control List) and we're getting in the deep end of the pool so I'll leave it there.

Re: Duplicate printer IP address

Only that would solve a lot of issues. Port 9100 open only. Hardly anyone uses port 9101, 9102, 9103, 9104 ... maybe leave the port open for SNMP: 161, 162? Printers wouldn't need anything other than 9100, 161, & 162. =^..^=

Re: Duplicate printer IP address



You can do so many amazing things with a switch. I fell in love with Cisco switches and routers. However, learning that stuff can be grueling and after some time I realized that I was never gonna use 99% of the stuff that I was learning unless I was planning to go to work for a large corporation one day. That's not in my plans. I'm too old for a career change so I put the CCNA down. I still go back and brush up on it and play around. It really amazing.

Re: Duplicate printer IP address

One thing I have seen with local offices of large corporations is using managed switches to only allow things like printing only to specific ports.

Re: Duplicate printer IP address


That's the one that I like the best.

Re: Duplicate printer IP address

Maybe I don't understand all the variables, but "Restrict" seems like the best option to me. It allows authorized activity, it blocks unauthorized activity, and it records data on a log. I think that covers all the bases. =^..^=