Troubleshooting how to Restrict Printer Access per Subnet
KB Home | Troubleshooting how to Restrict Printer Access per Subnet
This was originally written by Aaron Pouliot on the PaperCut Support team, but you should know all of these steps have been incorporated into the Mobility Print Help Center. Eventually, this page may be retired or redirected to the new article in the Help Center.
“Help! We’re using Mobility Print and we want to restrict printer access per subnet but we’re running into trouble! What should we check?”
Troubleshooting Restricting Printer Access with Mobility Print
With PaperCut Mobility Print it’s possible to configure which printers users can see depending on what subnet they are connecting from. The steps to implement this are documented in this article, Restrict Printer Access per Subnet. However, what should you check if things aren’t going as expected?
Editing the printer.conf.toml file doesn’t seem to do anything
Did you remember to restart the Mobility Print service? Changes should be visible immediately when you look in the Mobility Web Interface, subnets will be listed below each printer.
“There was an error reading the printer config file” after editing printer.conf.toml
Does the printer.conf.toml revert back to the template every time you restart the Mobility Print server? Double check that rules follow the correct formatting and syntax (including spaces!). If there is any error in formatting or syntax, then this file will be reverted back to the template.
My users can’t discover the printers
Before you begin, make sure that all of the printers are visible from that particular subnet before creating subnet filtering rules. If the printers are missing, then run through the steps here to get things working first.
For subnet filtering to work for all devices, you need the right type of DNS records. The DNS Setup guide in the web interface of the Mobility Print server will ask you for a list of subnets if you intend to restrict printer access per subnet. Make sure that you have entered your subnets here and then ran the DNSCMDs generated by the Mobility Print server. This will create the Reverse Lookup Zones and Conditional Forwarder needed for MacOS and iOS clients to work with Subnet Filtering. Check the knowledge base article with DNS Record Examples to see how this should look.
Do the subnets precisely match the subnets used by the clients on the network? If creating subnet filtering rules for two subnets like 10.0.1.0/24 and 10.0.2.0/24, then 10.0.1.0/23 cannot be used as a shortcut.
Remember, only users in subnets listed in the printer.conf.toml file will see printers.
If you are having trouble, try adding only one rule at a time to test. After restarting the Mobility Print service, changes should be immediately visible in the web interface of the Mobility Print server.
If you wish to use Subnet Filtering with BIND DNS servers, then there is a different method for setting up the DNS records that requires setting up Reverse Lookup Zones. Let us know if this sounds like your situation and we can send you special instructions.
Let us know! Leave a comment below or submit a support request. Send us a copy of your printer.conf.toml file along with a description of what you are trying to achieve and we’ll see what we can do to help.
This release contains an updated Java version which no longer supports 32-bit workstations. If you have any 32-bit users launching the User Client or Release Station from a network share, see this Knowledge Base article for more information.