While setting up my network, I was struggling to print between my VLANs. I have an HP DeskJet 4155e and these network details:

• Default VLAN, where computers and phones are
• IoT VLAN, for smart home devices, printers, etc.
• Default is allowed to communicate with devices on IoT
• IoT is denied from communicating with devices on Default (ACL Deny rule)

I was finally able to get printing to work from MacOS, iOS, and Windows.

Here are the steps that worked for me:

1. Give the printer a static IP address
2. Enable IGMP Snooping on both VLANs
3. Add an mDNS rule for the Printers service from IoT to Default
4. Add an IP-Port Profile Group for the printer’s IP address and port 631
5. Add a switch ACL rule permitting that new profile group over TCP to the Default network

I’d found a lot of resources saying to permit various TCP (80, 161, 8289, 9100) or UDP (161, 427, 5353) ports and none of them worked. The key was when I Googled “what port does ipps._tcp.local use” and found TCP port 631.

I hope this works for you!