Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
10
Helpful
2
Replies

Limited authorization policy for printers

Go to solution
BigK
Level 1
Level 1

‎12-30-2019 03:35 PM

Expert ! I have a question as I am still learning about ISE. If malicious user is successful in spoofing the MAC address of the printer and gains network access. What can I do to limit access to the network so the the authorization policy for printers will not  provide full network access but still allow the users to print on TCP port 9100/9600 with very limited access to the network.

 

any examples are appreciated.

 

Thanks again!

BigK

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎12-30-2019 04:18 PM

Hi,

When you authorise the printers you could apply a Downloadable ACL (DACL) to the session to restrict access. Example here.

 

You also have the option to use trustsec to achieve the same, it's more complex to setup and depends on whether your hardware supports it. Example here.

 

HTH

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎12-30-2019 04:18 PM

Hi,

When you authorise the printers you could apply a Downloadable ACL (DACL) to the session to restrict access. Example here.

 

You also have the option to use trustsec to achieve the same, it's more complex to setup and depends on whether your hardware supports it. Example here.

 

HTH

Go to solution
BigK
Level 1
Level 1
In response to Rob Ingram

‎12-31-2019 07:43 AM

Thanks! RJI
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents