I want some input on what you believe happened in this scenario.
Issues with printing came about after converting the mikrotik router into a hotspot system.
I had trouble printing on printers 1 + 2, printing from pc’s 1 + 2. Surfing the web via the hotspot on PC 1 & 2 had no problems.
All printers are static IP’ed. Printers 1 + 2 (HP CP3525 laser’s) & printer 3( Hp 1510n laser)
Basically I had the network diagram below.
Initial testing would be that the pinging from say pc 1 to printer 1 would produce a one off good ping then the sequential ping would come back from the router(10.1.1.1) saying destination unreachable.
This was also emulated on PC 2 and printer 2, same issue and same result.
PC 3 & printer 3 had no issues printing.
Now the FIX after many hours of banging my head was changing the media converters to 100Mbit versions. Now the 1 & 2 printers print properly and all is well.
So what happened ? Why was it under 10mbit m/converters that say pinging from pc1 to printer 1, only produced 1 good ping packet and either the router coming back and saying unreachable or msg from the local pc’s ping producing an destination unreachable.
It was my understanding that under the same subnet pc’s/printers would not attempt to talk out to the router unless the request came from another subnet range.
Or is this a layer 2 problem with timings by having 10mbit media converters between 2 10/100mbit switches. And the router’s does `something’ when the icmp or other packet request doesn’t get answered in a timely fashion. ??
Once you are using hotspot, it tends to take over the control of the entire routing system. The PC3 and Printer 3 does not go through the Media Converter which is the reason they are ok.
10Mbits Media converter is not a passive element and same to the MT Router (100Mbits), so both of them needs to be same say 10 or 100. This is bcos M/Converter converting 100mbps to 10mbps has to make use of some packet compression ratio, in this process, some protocol that are not explicitly define for optimisation like icmp either get lost or least preference. That is why it is best practice to use same at both side.
This is my own understanding becos i have same problem with “MUX”, Gigabit Router and the only thing we did was to use same.
When turning on the hotspot functionality, by default it will arp-poison the network. It does this so that it can reply to any guest configured default gateway and allow them to get online. Unfortunately this has a side effect of killing network printers. It does exactly like you described, you get one good ping, or one good print, and you can no longer communicate to it without rebooting the printer, or at least clearing the arp-cache of the pc.
You have a couple of options to correct this.
1.) Turn off arp-poisoning by setting address pool to none under hotspot->server, and loose the functionality that comes with that.
2.) Set up static arp entries in your PCs for those printers, on windows they do not stay after a reboot of the computer so you would need to script it to run on startup.
3.) Place a layer3 device (another router) between the hotspot, and the printer and the computers that need to talk to that printer. But then you loose the ability to see individual users behind the router and make each one sign in to gain access to the internet.
Arr, so it looked like placing 100Mbit media converters, only masked my issue(re-tested this morning).!
Arp - poisioning… Now I understand what it is I’v been seeing on the network(other oddities).!!
I didnt realize that hotspot introduced that( I guess as a security implementation ).
Anyhow for the moment I have turned off arp-poisioning(disable pool range under hotspot->server), and so far so good.
Just putting it out there, If I were to move the printers off to say another subnet IP range and re-enabled arp-poisioning for the normal(dhcp client pc’s) range would that be a work around for the arp-poisioning of the static ip’ed printers??..
I think it might in that it would force the other PCs to route to the printer, I never thought of doing that before. It would probably be best to put the printer on a different routed interface if possible, but it should still work. You would need to bypass the printers in the hotspot, and I think the client might need to be signed in before they can use the printer.
The ARP-poisoning is not a security thing, its more of a functionality. Part of a hotspot setup is that it allows a client to come in with a misconfigured computer for IP addresses and so on, and still be able to get online. That’s what the arp-poisoning helps the hotspot function do.
Thanks Feklar, I think I will do a test when I can and have a go at adding a separate subnet to the same interface for printers and use routing to get to the printer(s). I’ll post back if it was a good or bad move !!
