OK to put a wireless printers on trusted "family" VLANs?

[Michael Stora]

Should I put my wireless printers on my IoT VLAN with my thermostats, security cameras, and appliances which only communicate through a remote server, put it on a trusted VLAN, or create its own VLAN?

I'm going to want trusted folks (mostly wifi phones and laptops) to print. The upstairs printer will be close to a WiFi6 access point which is trusted only because it is not OpenWRT compatible (yet?). I can do a little LV3 switching for Guest, my personal/homelab, and Work (employer managed laptop) VLANS to print. My downstairs printers are going to be on a Pi running CUPS on trunk with all VLANs except IoT.

 

[Gerhen]

Hi Michael,

My printer is old and connected with wire. The wireless is unreliable.

I have mine set up on my main vlan with routing rules in places to let folks on the guest network print if needed.

If I were running wireless I’d probably put it on the guest network. I don’t have people over very often so it makes sense to use guest for mixed use in my case.

 

[TonyArrr]

Howdy,

I’d personally pop them on a less trusted VLAN, guest or IoT, where if they get infected it’s something they can do minimal damage, and maybe set up a print server to be visible to your client devices and forward jobs on to them.

I don’t know if many printers that get frequent (or even infrequent) security updates, aside from when manufacturers what to stop you using third party ink…
And having a print server gives the added bonus of being able to hold jobs ready if the wifi is unreliable, like Gerhen mentions

 

[MrGuvernment]

Print server is overkill and just add's overhead.

I would block internet access for said printer, just manually update firmware once in a blue moon when they release them. Me, i tend to be over the top, so wireless, guest wifi, wired, same lan most people would use it from and if any guest needs it, allow the access to the printer and specific ports and protocols it requires only.