Troubleshooting how to Restrict Printer Access per Subnet

KB Home   |   Troubleshooting how to Restrict Printer Access per Subnet

“Help! We’re using Mobility Print and we want to restrict printer access per subnet but we’re running into trouble! What should we check?”

Troubleshooting Restricting Printer Access with Mobility Print

With PaperCut Mobility Print it’s possible to configure which printers users can see depending on what subnet they are connecting from. The steps to implement this are documented in this article, Restrict Printer Access per Subnet. However, what should you check if things aren’t going as expected?

Editing the printer.conf.toml file doesn’t seem to do anything

  • Did you remember to restart the Mobility Print service? Changes should be visible immediately when you look in the Mobility Web Interface, subnets will be listed below each printer.
  • Does the printer.conf.toml revert back to the template every time you restart the Mobility Print server? Double check that rules follow the correct formatting and syntax (including spaces!). If there is any error in formatting or syntax, then this file will be reverted back to the template.

My users can’t discover the printers

  • Before you begin, make sure that all of the printers are visible from that particular subnet before creating subnet filtering rules. If the printers are missing, then run through the steps here to get things working first.
  • For subnet filtering to work for all devices, you need the right type of DNS records. The DNS Setup guide in the web interface of the Mobility Print server will ask you for a list of subnets if you intend to restrict printer access per subnet. Make sure that you have entered your subnets here and then ran the DNSCMDs generated by the Mobility Print server. This will create the Reverse Lookup Zones and Conditional Forwarder needed for MacOS and iOS clients to work with Subnet Filtering. Check the knowledge base article with DNS Record Examples to see how this should look.
  • Do the subnets precisely match the subnets used by the clients on the network? If creating subnet filtering rules for two subnets like 10.0.1.0/24 and 10.0.2.0/24, then 10.0.1.0/23 cannot be used as a shortcut.
  • Remember, only users in subnets listed in the printer.conf.toml file will see printers.

Other Considerations

  • If you are having trouble, try adding only one rule at a time to test. After restarting the Mobility Print service, changes should be immediately visible in the web interface of the Mobility Print server.
  • If you wish to use Subnet Filtering with BIND DNS servers, then there is a different method for setting up the DNS records that requires setting up Reverse Lookup Zones. Let us know if this sounds like your situation and we can send you special instructions.

Still stuck?

Let us know! Leave a comment below or submit a support request. Send us a copy of your printer.conf.toml file along with a description of what you are trying to achieve and we’ll see what we can do to help.

For more information about Mobility Print, check out the Mobility Print Help Center.


Categories: Mobility Print


Keywords: Mobility Print, Restrict Printer Access per Subnet, Subnet Filtering, Subnet Restriction, DNS, Secret Squirrel

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on September 19, 2018, at 08:23 PM
Printable View   |   Article History   |   Edit Article