Adding printer in large network environment

Your IT has very likely segmented the network(s) you’re allowed access onto from the segment(s) with the printer device that you want to connect to.

That separation might involve physical network separation with intervening network gateways (firewalls), or might be implemented with what’s called a vLAN in the switches.

The results are that your equipment cannot access the other equipment on the secured network.

You need a network path to the printer, which may mean vLAN access and/or gateway access, and/or might involve configuring a VPN to the printer, and you’ll need the IP address of the target printer. Or the printer needs to be reconfigured with access to multiple vLANs. Which comes from IT.

IT groups can be disinclined to provide open access to a printer on a secure network, too. That as printers can sometimes be breached, and a breached printer can make a wonderful improvised network probe.

If IT won’t budge on allowing network access to that printer, escalate this request to your management chain and let them sort it. Whether that produces network access to this printer, or produces a new printer on the vLAN segment(s) you are allowed access on, or, well, nothing? That’s a management decision.

Can you clarify something? Do you actually have the IP address of the printer? Or are you just trying to find it?

Here is what I usually do in situations like this.

1. Go find the printer itself. Since you have a MacBook, take that with you. 😄
2. This is probably a big printer with lots of controls. What you need to do is print out the configuration page. It should be in the menu somewhere. You'll just have to dig for it. Every model of every make of printer is different. Once you have a printout of the configuration page, you are ready to start.
3. Go to the manufacturer's support page for the printer and download the latest macOS drivers. Sometimes these are built-in, sometimes not. I always have good results by going to the vendor and getting the drivers there.
4. The configuration page will list all of the network endpoints available for the printer. Go through the list and start trying to create a new printer using the available endpoints. You may need to try some of the other protocols.
5. Once it finds the printer, you can use the configuration page to complete the setup. Make sure to add any extra features that are present on your particular printer, such as duplex, stapling, etc.
6. Do a few test prints while you are sitting there in the printer room to make sure it works.

If you get stuck, find a Windows computer that can print to this printer and see what its settings are. Sometimes, the above procedure won't work. You will have to connect to a network printer queue that uses this printer. The printer itself may not know about the queue. Only your IT "support" staff or an existing computer will know about the queues.

If you have to go this generic queue route, you may need to manually specify both the protocol and the printer make and model. Chances are, this is a decent printer with postscript support. There is a chance that the "driver" may be nothing more than a PPD file. If so, make sure to use the PPD file.

With any luck, you will likely wind up being the only one in the office who can staple, collate, or choose your paper bin. IT folks will often buy fancy printers with fancy options but won't configure those options properly.

Ask your IT department.

It's entirely possible that the network you're connected to does not have access to devices on the production network, or that they must be accessed by connecting to a server based print queue and may provide for secure printing that will not be accessible to you on a machine not joined to the domain.

KiltedTim wrote:

In a healthcare environment, especially a large hospital, many, if not most printers will be locked down to a secure printing system. They will not accept direct print jobs at all.

That's why it is a good idea to install the vendor's official driver, and then test hold for authentication while in the printer room itself.

As someone who works in IT in a healthcare environment, I can tell you right now that if we caught you trying to connect your personal computer to our secure production network, you would be lucky if you simply got written up for the security violation and not escorted out the door by security.

Re-think this unless you have the IT departments written permission to use your personally owned devices on their secure network.

In a healthcare environment, especially a large hospital, many, if not most printers will be locked down to a secure printing system. They will not accept direct print jobs at all.

The individual who is printing the document must log in at the printer, often using a badge or token, in order to retrieve their print jobs.

It's a HIPAA thing.

Talk to the hospital IT Support Staff.

See if you can find someone with a Mac that has successfully connected to the network for that printer and check their Mac's settings to see how they did it.

Phil McFarlane wrote:

Hehe.

I should clarify, almost all clinicians and students use Macs here, and the IT department has written policies allowing this. Some resources can only be accessed using a Citrix environment. So, Macs are allowed on, but don't ask for any help.

Cheers!

I understand. You will undoubtedly not be able to access the printer directly from your Mac. I would imagine you can print to it only from the Citrix server or from a supported, domain joined PC.

Phil McFarlane wrote:

Hehe.

I should clarify, almost all clinicians and students use Macs here, and the IT department has written policies allowing this. Some resources can only be accessed using a Citrix environment. So, Macs are allowed on, but don't ask for any help.

Cheers!

Then your option as already suggested is to talk with the IT Staff. Secure networks have policies and rules to protect the integrity of the network and the data/equipment on the network. I don't understand why you think you can connect an unapproved computer to a secure network and use network resources without the assistance of the support staff. If they don't want to allow access such as you want then they don't have to talk with you.

If I was responsible for the network I would not let random computers access the network and its resources either. Sounds like the IT staff and the network are performing as intended and needed.