dsterling
asked on
Create new vlan on 2 cisco switches for printers & print server, allow printing only though the print server.
I have been looking and looking for an example of this on the Internet and have not been able to find one. I have found examples of vlan acl's (vacl) put not like this.
Situation:
I want to add 10 printers and a print server to a new vlan on 2 Cisco 3550 switches, the vlan subnet should allow an addition of 5 more printers in the future.
I need to allow access only to the print server on the vlan and block access to all the printers so that users can only print to the printers through the print server.
My idea is to create a vlan access-list and apply it to the vlan the printers and print server are on. The access-list would only permit the ip of the print server (source) to the ip's of the printers (destination) and block everything else and allow the print server access to the printers.
Plan of action:
-Create a new vlan – vlan 10 on Switch A and Switch B
-Vlan subnet – 192.168.10.0/27 max of 30 host allowing for adding printers in the future.
-Users should only be able to access the printers though the print server only and not be able to access the printers without the print server.
Not sure how to do this or if this is the best or correct way?
Thank you,
Dave
Situation:
I want to add 10 printers and a print server to a new vlan on 2 Cisco 3550 switches, the vlan subnet should allow an addition of 5 more printers in the future.
I need to allow access only to the print server on the vlan and block access to all the printers so that users can only print to the printers through the print server.
My idea is to create a vlan access-list and apply it to the vlan the printers and print server are on. The access-list would only permit the ip of the print server (source) to the ip's of the printers (destination) and block everything else and allow the print server access to the printers.
Plan of action:
-Create a new vlan – vlan 10 on Switch A and Switch B
-Vlan subnet – 192.168.10.0/27 max of 30 host allowing for adding printers in the future.
-Users should only be able to access the printers though the print server only and not be able to access the printers without the print server.
Not sure how to do this or if this is the best or correct way?
Thank you,
Dave
ASKER
How would you do the vacl for this?
How would not providing the default gateway on the printers solve this problem?
How would not providing the default gateway on the printers solve this problem?
Hi,
If you do not provide default gateway to printers they cannot send traffic back to your clients.
P.
If you do not provide default gateway to printers they cannot send traffic back to your clients.
P.
ASKER
What about the print server, how will no providing a default gateway on the printers allow the print server to work with the printers?
Are you planning to put the server in the same subnet as clients or printers ?
ASKER
yes that is the plan and to only allow the print server to access the printers so as to require all uses to go through the print server and not directly to the printer.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Great!
The easiest way is to create an incoming access-list to the printer vlan interface to deny traffic from client vlan to all printers except the print server. Additionally what you can do is not provide default gateway to printers and resolve the problem more easy.
Regards,
P.