Dual Network Printing

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mrfuser
    Service Manager

    Site Contributor
    1,000+ Posts
    • May 2007
    • 1586

    Dual Network Printing

    Does anyone know how to set up a device that can be printed to from two different networks? We have a client with two network strings, one secure one not, that needs to print to one device. Of course they are completely different network addresses.
    Thanks
    Kelly
  • Vulkor
    Senior Tech

    500+ Posts
    • Jun 2009
    • 942

    #2
    I've done two semesters of Cisco Networking and training and from what I can tell a STATIC Route would have to be setup in the Routers the MFP IP to each router.

    [Introduction]
    In some cases, Scan to Folder or Scan to Email might not work across network segments.
    This could be caused by a number of things. This FAQ explains one of the possible causes.

    * MTU problem:
    If the following conditions are met, then it is likely an MTU problem:

    1) VPN or ADSL is used to connect to the segment.
    2) Can ping the target host in LAN2 from LAN1 (below diagram) using:
    ping computer_name or IP_address

    But cannot ping the target host in LAN2 from LAN1 (below diagram) using:
    ping computer_name or IP_address -f -l 1472
    Note: 1472 + 28 bytes of packet headers = 1500 bytes. This is the same size as the MTU of the MFP.

    * The MTU (Maximum Transmission Unit) means the largest packet size that can be accepted by an interface. When 2 devices handshake, the MTUs of the 2 devices are compared and the lower MTU is adopted as the actual max packet size that is used for communication.


    [Problem mechanism]
    The problem occurs if the MTU of the WAN segment is smaller than that of the network segment containing the target host that is receiving the scanned data.
    This is more likely to happen if transmitting data over a WAN because when data is packaged for ADSL or VPN, extra headers are added and the packet size increases.

    In the below diagram, for example, the PC asks the MFP not to send a packet whose size is over 1500 bytes.
    The MTU size of our products is also 1500 bytes (unchangeable) and the MFP does not know that the MTU size of the WAN segment is 1480 bytes.
    So, the MFP will send 1500 byte packets. In this case, "Intermediary device 1" will fragment and reassemble the packets into 1480 byte packets so that they can pass through the WAN segment.

    However, these fragmented packets will be discarded if packet filtering of fragmented packets, is used. (This is sometimes done for security reasons.)
    Packet filtering might be performed by an intermediary device between the MFP and the PC or by a firewall on the PC.




    A computer in LAN1 will not be affected by this problem if it has a function called "Path MTU discovery" . Windows has this function. However, our MFPs do not have this function.


    [Workaround/Solution]

    Change the MTU value of the target host that is receiving the scanned data to be the same or smaller than that of the WAN segment.
    This method prevents MFPs from sending a packet whose size exceeds the MTU of a WAN segment.
    You can change the MTU value of a Windows computer by editing the registry. You can determine the MTU size of a WAN segment using the ping command.

    Please refer to the following links for more information about this solution and also contact Microsoft as there might be side effects if the MTU is changed.

    How to Troubleshoot Black Hole Router Issues
    Note: The problem explained in this FAQ is not the "Black hole router issue" shown in this link. The black hole router issue does not apply to our devices as they do not have the Path MTU discovery function.
    However, the "Locating a Black Hole Router" section shows how to determine the MTU size of a WAN segment and "Method 3" of the "Fixing or Working Around a Black Hole Router" section explains how to change the MTU value of a Windows PC.

    TCP/IP and NetBT configuration parameters for Windows 2000 or Windows NT


    Note: The description given in this FAQ is a simplified version of what actually happens. In fact, a target host does not send the MTU to a MFP. It sends something called the MSS that is similar to the MTU and can be used to derive the MTU.

    Comment

    • KenB
      Geek Extraordinaire

      2,500+ Posts
      • Dec 2007
      • 3946

      #3
      If one network (hopefully the non-secure one), only needs to print, and your printer / MFP has a USB port that can be used for printing, get a small USB print server for that side of the network. Should be about a $50 investment, plus the USB cable.

      The secure network will still have scan capabilities, and the two networks will never see each other.
      “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

      Comment

      • Vulkor
        Senior Tech

        500+ Posts
        • Jun 2009
        • 942

        #4
        Originally posted by KenB
        If one network (hopefully the non-secure one), only needs to print, and your printer / MFP has a USB port that can be used for printing, get a small USB print server for that side of the network. Should be about a $50 investment, plus the USB cable.

        The secure network will still have scan capabilities, and the two networks will never see each other.
        Haha Yes a Brilliant Idea I have once implemented and forgotten. Wire the network to the Secure and put usb wireless print server on not secure network range.

        Comment

        • blackcat4866
          Master Of The Obvious

          Site Contributor
          10,000+ Posts
          • Jul 2007
          • 22744

          #5
          I've done this on machines that have a parallel and a network port. I imagine you could add a second network interface to some MFPs with multiple option ports, but I've never tried it that way. =^..^=
          If you'd like a serious answer to your request:
          1) demonstrate that you've read the manual
          2) demonstrate that you made some attempt to fix it.
          3) if you're going to ask about jams include the jam code.
          4) if you're going to ask about an error code include the error code.
          5) You are the person onsite. Only you can make observations.

          blackcat: Master Of The Obvious =^..^=

          Comment

          • Mr Spock
            Vulcan Inventor of Death

            1,000+ Posts
            • Aug 2006
            • 2064

            #6
            I think a well designed bridge could do this. One that allows the ports to be configured individual. set each port as bi directional to the machine and not allow cross traffic to the other network. Maybe it is a gateway I am thinking of. I will have to ask one of my customers that has this type of setup done. They have a private network for company employees and a public section with access to the printers and internet but not the internal network.
            And Star Trek was just a tv show...yeah right!

            Comment

            • KenB
              Geek Extraordinaire

              2,500+ Posts
              • Dec 2007
              • 3946

              #7
              The only issue I see with both networks hitting the MFP on the network port is that the non-secure network could possibly see the jobs of the secure network, even if it can't see the secure network itself.

              Connecting on the USB (or parallel port) eliminates the possibility.
              “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

              Comment

              • Stirton.M
                All things Konica Minolta

                1,000+ Posts
                • Oct 2009
                • 1804

                #8
                In some situations, I have noted that the machine can be on one gateway address with one group of machines, while a second network gateway was also sharing the router of the first. In most cases, gateway control on both networks will prevent the devices on the different gateway addresses from seeing each other.

                However, setting up the driver with the copier/printer IP address on computers from both gateway domains should allow those computers to print to the machine, regardless of their gateway. There might be issues regarding print options on the side that does not share the same gateway.

                Virtual print daemons exist too, though I am not familiar with how those are set up. Or you could set up a print server which can serve both networks via DNS.
                "Many years ago I chased a woman for almost two years, only to discover that her tastes were exactly like mine: we both were crazy about girls."
                ---Groucho Marx


                Please do not PM me for questions related to Konica Minolta hardware.
                I will not answer requests or questions there.
                Please ask in the KM forum for the benefit of others to see the question and give their input.

                Comment

                • mrfuser
                  Service Manager

                  Site Contributor
                  1,000+ Posts
                  • May 2007
                  • 1586

                  #9
                  FYI: This MFP has only 1 network port, no usb, no parallel.

                  Kelly

                  Comment

                  • Vulkor
                    Senior Tech

                    500+ Posts
                    • Jun 2009
                    • 942

                    #10
                    Add a USB Option then perhaps? Parallel hasn't been included in a few years.

                    Comment

                    • RyanPacific
                      Linux Ninja

                      50+ Posts
                      • Feb 2008
                      • 97

                      #11
                      This is simple. Set up a static route on your router from the network not logically connected to the printer and set the clients up with a secondary router/gateway address in their ip configuration. I actually had a pretty in depth conversation about this subject in a slightly different context on ubuntuforums. Check it out here:

                      [SOLVED] Routing wired/wireless - Ubuntu Forums
                      Service Business Equipment
                      New, Used, Refurbished Copy Machines and Printers
                      Copiers in Seattle, Kent, Tacoma and Bellevue

                      Comment

                      • TheOwl
                        Service Manager

                        Site Contributor
                        1,000+ Posts
                        • Nov 2008
                        • 1733

                        #12
                        You could try setting up the printer for IPP (Internet Printing Protocol). This will still need a port forward on the router, but at least no other equipment would need to be purchased.
                        Please don't ask me for firmware or service manuals as refusal often offends.

                        Comment

                        • TheOwl
                          Service Manager

                          Site Contributor
                          1,000+ Posts
                          • Nov 2008
                          • 1733

                          #13
                          Just found this thread which has a similar situation.

                          Please don't ask me for firmware or service manuals as refusal often offends.

                          Comment

                          Working...