1

I couldn't find any reference in the man page for Avahi so here is my question:

Is there a possiblity to configure one service (printer) for only one VLAN and another service (printer) for another VLAN with a single Avahi Daemon?

I don't want to run 500 Avahi daemons just for sharing one printer to one VLAN each.

Kurt Pfeifle
  • 1,796
  • 2
  • 12
  • 19
WhoAmI
  • 347
  • 2
  • 11

2 Answers2

0

No, I don't think can, (otherwise it would likely be documented in the manual pages).

You can control which interfaces Avahi listens on, but there appears to be no control for which services are advertised on which interface.

You either need to run one Avahi instance per-VLAN or one instance on a host that has an interface on every VLAN and deal with the fact that all printers would be advertised to each VLAN. If this host isn't the gateway/router for your VLANs, that introduces a bit of a security hole in your network.

bodgit
  • 4,751
  • 16
  • 27
0

You could restrict access to the respective printer to clients from a specific VLAN only, by editing the CUPS config file (in /etc/cups/cupsd.conf) accordingly and restart CUPS.

Maybe this is only a part of what you want (because Avahi may still publish that printer to all VLANs, even though the other VLANs may be blocked if they tried to print)?

Kurt Pfeifle
  • 1,796
  • 2
  • 12
  • 19
  • This is already done; but with 500 "Printers" this is still not a optimal solution. – WhoAmI Dec 28 '18 at 15:04
  • Did you also utilize the *"Deny host1.domain1.com"* and *"Allow host2.domain2.com"* instructions (and friends) in */etc/cups/cupsd.conf* to its maximum? – Kurt Pfeifle Dec 28 '18 at 19:24