Apple devices print issues

RickG · January 07, 2015, 01:40:34 PM

We are basically a windows shop and we have some IPads that need to print to on our network. We have a windows 2012r2 server that is set up for our windows clients. Also have all new dell printers that have airprint turned on. We cannot see the printers from the IPads (Using Airprint and Bonjour) but can see the printers via web page. My thinking is that the airprint protocol isn't being passed over the wireless network.

Anyone see this before and have a clue?

RIckG-- Master of nothing known in this world

wintermute000 · January 07, 2015, 01:57:25 PM

Are they on same vlan

srg · January 07, 2015, 02:30:44 PM

I don't know about airprint but bonjour uses link-local multicast that can't be routed. You'll need to be in the same vlan as the printers or have special bonjour features/proxys for your wifi.

sent from phone.

wintermute000 · January 07, 2015, 02:44:19 PM

Not 100% true. Can't remember if it's 3850s or the new catalyst 6ks but one of the big pitches is that they can act as helpers for fruity protocols lolol

srg · January 07, 2015, 03:16:36 PM

Quote from: wintermute000 on January 07, 2015, 02:44:19 PM
Not 100% true. Can't remember if it's 3850s or the new catalyst 6ks but one of the big pitches is that they can act as helpers for fruity protocols lolol

Yeah that would fit the proxy/whatever

. In any case you need some sort of special feature or configuration for this. I wouldn't doubt the 3850 with its WLC and XE have some support for this at least.

sent from phone.

RickG · January 08, 2015, 08:57:13 AM

Thanks for the assistance on the vlans, our entire network is segmented out the wazoo. The servers are on one vlan and the other networks are on differing vlans. We just replaced all our cisco gear with extreme. what we could do is make sure that the printers are on the same vlan as the printers. We currently have several wireless networks that are distributed throughout the campus.

More research has been indicated.

Thanks

Rick

Fred · January 10, 2015, 09:35:42 PM

I did a shallow dive into this at my former employer, but never had the time to actually fully implement it. But here's my understanding:

AirPrint, AirPlay, etc. use multicast DNS (mDNS) to register and request services. Basically, service providing devices such as printers send a link-local multicast to register their services, while clients send a link-local multicast to request services. This breaks at L3 boundaries.

To solve this, you need an mDNS server on both/all segments. These are actually really easy, almost trivial, to set up. You need a server with interfaces on each segment, and it needs to listen on each for mDNS registration and requests. On Linux, this is handled by Avahi-Daemon, and Cisco's use something similar. I'm sure there's a similar product for Windows and OSX.

Once you've got it set up, the server will register the providers and answer to the clients and resolve the requests to actual routable IP addresses. At that point it's all about firewalls and ACL's to allow the devices to talk to each other.

You'll obviously want to strongly firewall any interfaces on the mDNS server, as it would provide a route around the firewall.

I'm strong in Linux, and got the mDNS server up in about an hour, starting with server build, so it's really quite easy. I didn't get to the firewall rules, so it never actually worked.

But iOS devices were able to see the printers and apple TV's.

The other issue you may run into is that a lot of enterprise wireless gear will prevent peer-to-peer communication. This is usually a good thing, so if you can, hardwire the printers and apple TV's.

jinxer · January 11, 2015, 01:09:37 AM

If you have WLC's as of 7.4 they can handle mDNS. Create your mDNS profile and enable mDNS multicast on the SSID where you choose what profile to use.

Theres probably a guide or two if you google it.

Sent from my iPhone using Tapatalk

mynd · January 12, 2015, 09:27:07 AM

Quote from: Fred on January 10, 2015, 09:35:42 PM
AirPrint, AirPlay, etc. use multicast DNS (mDNS) to register and request services. Basically, service providing devices such as printers send a link-local multicast to register their services, while clients send a link-local multicast to request services. This breaks at L3 boundaries

Wonder if Cisco's ip-helper would help with this? If mDNS server supports it, it would be much like a centralized DHCP server. Not entirely sure how the clients would find the printers tho... Just a thought

Fred · January 15, 2015, 08:51:59 PM

Quote from: mynd on January 12, 2015, 09:27:07 AM
Wonder if Cisco's ip-helper would help with this? If mDNS server supports it, it would be much like a centralized DHCP server. Not entirely sure how the clients would find the printers tho... Just a thought

It's a nice thought, but it's not the same. ip-helper takes a UDP broadcast and turns it into a unicast request. I don't believe you can configure it to forward multicast addresses. You're welcome to try, but I'd bet against it.

Otanx · January 19, 2015, 07:21:18 PM

"ip multicast helper-map" command may work. It makes the router forward a multicast address to an unicast address. I have used this is the past to make a broken application work, but it is ugly.

-Otanx