08-08-2012 10:33 AM
I want to designate Ethernet port 4 as a printer port on all our RAP5's. The printers will be statically assigned an ip address in vlan 48 which is only mapped to port 4. I do not want to have these authenticate but I want to build a firewall rule allowing traffic from this port/vlan to only go to specific places, like AD server and Print server. What would be the best way to do this?
08-08-2012 10:51 AM
Configure enet port of RAP5 where printer is connecting as untrusted. Thus printer will fall into the initial role of aaa profile configured there. In the initial role put required ACL to allow/block traffic. (No need to configure any type of authentication)
08-08-2012 12:34 PM
This is exactly what I had done to begin with but we occasionaly lost connectivity to the printers.
So now I'm thinking I might have my firewall rules wrong. I've loosened my rules and I'll reapply this and see if that solves the issues.
Thanks for the reply.
08-09-2012 04:42 AM
If it was a firewall rule I wouldn't expect the problem to happen occasionaly but you never know. On the controller, from CLI
show datapath session table
Is a good command to see the traffic flow from your printer. you can pipe it to include the ip address of your printer
show datapath session table | include <ipaddr>
08-10-2012 08:22 AM
I opened a support case. The went through the config and agreed it was fine.
Tarinelli, I think your correct it is not a firewall issue.
The thing was that when the printers lost connectivity they were not in the user table at all.
Anyway, at this point I'm looking at the printers going into power save mode as the problem. When they do this they leave the user table all together and thus the user rule allowing access to them is not active. Then new jobs from the print server can't reach them to 'wake' them back up.
I've removed or adjusted the hybernating settings on the printers and so far they are staying in the user-table.
I'm not sure what I'll do long term for this. These printers are leased and managed by a printer/copier distributer and I'm thinking they will want their printers to hybernate when not in use.
Any thought on a work around for this?
Thanks for the responses so far.
08-15-2012 05:47 PM
Can you please tell me which code are you running on the controller?
If this is happening on 188.8.131.52 or later code, I think issue is related to "supress ARP" feature.