Dislikes: 0
Have any of you had to set one up? Most of my customers' networks are too small. I have an old cisco level 3 switch. I tried to set up a vlan or two and I was not successful. For those who set vlans up. If there is one copier, is it possible to have the vlans print to it and scan from it, or does there need to be a copier for each vlan? I may try to get that vlan working on my switch. I followed the instructions but no luck.
Originally Posted by adecanmin
VLANS are separate networks that can't communicate with each other. Unless you use a router. Generally speaking.
Multi-layer switches can perform layer 2 and 3 functions, replacing the need for dedicated routers.
---------------------------------------------------------------------------------------------------------------------------------------
A Layer 3 switch (also called a multilayer switch) is one device, but it executes logic at two layers: Layer 2 LAN switching and Layer 3 IP routing. The Layer 2 switch function forwards frames inside each VLAN, but it will not forward frames between VLANs. The Layer 3 forwarding (routing) logic forwards IP packets between VLANs.
Layer 3 switches typically support two configuration options to enable IPv4 routing inside the switch, specifically to enable IPv4 on switch interfaces. This section explains one option, an option that uses switched virtual interfaces (SVI). The final major section of the chapter deals with the other option for configuring IPv4 addresses on Layer 3 switches: routed interfaces.
https://www.ciscopress.com/articles/article.asp?p=2990405&seqNum=3
PS - To answer your question, yes you can print to one copier over multiple VLANS.
Last edited by BillyCarpenter; 03-27-2021 at 06:00 AM.
This is the video I watched months ago where I learned about inter-VLAN's. It was confusing at first and took a while for the light bulb to come on for me.
Thanks I'll check it out
Many of our larger customers are actually building out dedicated VLANs just for their printers and other devices so that they can segment traffic and device types. With printers it's especially useful as the web interfaces for a lot of devices can't use newer TLS versions or contain very old cipher suites. With a VLAN, you can grant a single PC or terminal server HTTP access to all of the devices and have a lower security setting for a single browser to access them. While I don't get directly involved in them beyond troubleshooting any odd ports that are needed, as a company we're beginning to add whether VLANs are a part of a customer network during our site surveys.
For the last customer we assisted with one, we had them allow ports 515 and 9100 for printing inbound, HTTP inbound from a management PC, SMB outbound to their file server for scan to folder, and SMTP outbound to their internal mail relay for scan to email. SNMP and the ports for their monitoring software were enabled inbound and outbound only to the specific IP of the monitoring system. All other traffic was blocked.
Their network guys further narrowed some of those down to only allowing printing from their server VLAN to ensure that users were only using print queues from their print server and other server based applications. Similarly, SMB was also limited to just the file servers to ensure no rogue shares were on any of the machines.
Sent from my BlackBerry using Tapatalk
Interesting. What kind of IP address setup might you use? I know you couldn't use 255.255.255.0 for the mask. I see this mask more than any other for my customers with a small network.
What model of Cisco switch do you have?
Do you run into many problems with customers on VLAN's who don't have the necessary ports open? If so, how do you resolve it and does your company charge for it?
Most of the VLAN issues we come across are where the routing isn't properly configured in the switch, or where a device was assigned to the wrong VLAN. Generally, it's a T&M change for it if we have to get involved, though most of our business customers are using either in-house or contract staff for their infrastructure support since we don't support much past the wall jack so they're able to figure the issue. At worst we'll do the first look at the MFP or dig into the server or workstation logs for issues. Port issues are more common with a few very restrictive customers.
Customers running VLANs seem to fall into two boats:
1. Security minded customers who want to limit traffic between network segments: they only allow exactly what needs to be transported through and everything else is dropped.
2. Customers with large networks or multiple sites on the same overall LAN that they want to break down for easier management/troubleshooting: they generally just assign a VLAN per campus building, or functional area and just permit all local network traffic through to every other VLAN.
There are also others that fall between each of these camps, and we recommend some mix of both like I put in my earlier post.
It's an old catalyst 3560g. I telnet into it. I must be missing a setting somewhere to get it to work. I may try it again this weekend. I can attempt to put my Konica Minolta on it's own vlan.
Thanks: 
Likes: 
Reply With Quote
Bookmarks