How to prevent users to contact printer by IP directly after print server is set

[highjo]

Hello,

I am in the process of putting a password on the printer. I thought adding it to the print server would force people to use their LDAP credentials so logs would be generated etc. But before that every one on the network already know the IP of the printer and can access it directly. Is there any way of preventing this from happening?

Best Regards,

[jbahillo]

Hello: if printer is in the same network, i'm afraid that there is no way, unless the printer software has some ACL access system  based on source IP

[highjo]

I see. I don't know yet but what it we put the printer on a separate vlan and allow only zentyal to connect to it? Can it work?

[jbahillo]

Hello: As long as traffic is on a separate network you should be able to filter using zentyal firewall (no matter if using vlans or different physical interfaces) When they are on the same network segment you can't as this traffic is managed directly through ARP , no forwarding would be involved here., and then Zentyal would not see this traffic and could not block it

[it_admin]

Why not just assign the printer a new IP Address that is unfamiliar to your users.  Then force them into the new network print server?

Kind regards,
Brian