Restrict printer access per subnet

Using subnet filtering to limit the printers displayed to users in a subnet. Often with larger networks, multiple subnets are configured to help with the management and flow of network communication.

It is important to understand which subnets are being used—they're required for the DNS entries that allow you to implement printer subnet filtering. If you don't know the configured subnets and don't put reverse DNS lookups in all of the required subnets, the iOS devices won't be able to locate the printers.

Some examples of subnet filtering are:

• in a college, you might have all student devices on a different subnet to the staff devices, and want each of these groups to have access to a different set of printers
• a commercial organization might have multiple office locations with a subnet for each.

1. Remove any previously created DNS records for Mobility Print.

2. At the Mobility Print server, log into the Mobility Print Admin interface, then click Discovery Options > Configure DNS.
3. Click Add Subnets, then enter each of the subnets in your network where the devices need to discover printers.

4. On the Mobility Print server, open the following file in a text editor:

   [app-path]/data/config/printer.conf.toml

5. Delete the line starting with SubnetFilterRule = []

6. Configure your subnet filter rules using the following syntax:

   [[SubnetFilterRule]] PrinterName="<printer name>" Subnets=["<subnet 1 address>", "<subnet 2 address>"]

   Mobility Print does not support multiple entries within the quotation marks in the printer.conf file. You need to make them separate, complete entries.

   However, it does support wildcards in the printer names, which helps when the names follow a naming convention. You can use the wild card character (*) to represent any string of characters in the printer name.

   To apply a rule for...	In the PrinterName field, use ...
   a specific printer	"<printer name>"
   all printers with a common suffix	"<*suffix>"
   all printers with a common prefix	"<prefix*>"
   all printers	"<*>"

   EXAMPLE

   North Shore High would use the following configuration.

   # Rule to make Physics Lab and Physics Classroom available on the student subnet. [[SubnetFilterRule]] PrinterName="Physics*" Subnets=["192.168.1.0/24"] # Rule to make Art Room available on the student subnet. [[SubnetFilterRule]] PrinterName="Art Room" Subnets=["192.168.1.0/24"] # Rule to make Administration Printer and HR Printer available on the staff subnet. [[SubnetFilterRule]] PrinterName="*Printer" Subnets=["10.100.1.0/24"] # Rule to make Principal available on the staff subnet [[SubnetFilterRule]] PrinterName="Principal" Subnets=["10.100.1.0/24"] # Rule to make Library available on both the staff and student subnet [[SubnetFilterRule]] PrinterName="Library" Subnets=["192.168.1.0/24", "10.100.1.0/24"]

   NOTE

   If a subnet is not configured here, then no printers will be visible to that subnet. The Published printers page in the Mobility Print Admin interface will display a warning message stating that no subnet has been configured for that printer.

7. Save the file.

8. Restart the PaperCut Mobility Print service.

   If you run into any issues, take a look at the Troubleshooting section.

9. Verify that the new Subnet Filtering rules have been imported correctly by logging into your Mobility Print server web interface and checking the printers. Instead of “available on all subnets” each printer should say “available on 172.0.0.0/24.”