cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
352
Views
3
Helpful
4
Replies

NAC for printers

manvik
Level 3
Level 3

Is it possible to do NAC for HP Color Laser printers. Printers are connected to Cisco switches.
Requirement is only these printers should be permitted to connect to the switch. Any other switch connecting, should not be permitted in the network.

4 Replies 4

@manvik yes you can certainly do NAC on printers, most printers support 802.1X.

You can either configure the printer with a username/password and perform PEAP/MSCHAPv2 authentication or configure a certificate for EAP-TLS authentication.

If you do not wish to use 802.1X you could perform MAB, based on the MAC address of the printer.

the HP Color Laser printer do not support 802.1x. If MAB is to be used what should be the switch port configuration.

@manvik ok. It's standard switchport configuration, nothing special for printers.

interface range GigabitEthernet w/x/y-z
 description ## 802.1x enabled access port ##
 switchport access vlan <VLAN ID>
 switchport mode access
 authentication event fail action next-method
 authentication event server dead action authorize vlan <VLAND ID>
 authentication event server alive action reinitialize
 authentication host-mode multi-auth
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server dynamic
 mab
 dot1x pae authenticator
 dot1x timeout tx-period 7
 dot1x max-reauth-req 3
 spanning-tree portfast
 spanning-tree bpduguard enable

Refer to the ISE guide for more information https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

 

liana corner
Level 1
Level 1

Yes, it is possible to implement NAC (Network Access Control) for your HP Color Laser printers connected to Cisco switches. You can achieve this by configuring MAC address-based filtering on your switches, allowing only the printers' MAC addresses to connect. This ensures that any other devices trying to connect will be denied network access. If you're interested in other specialized hardware, like the Prusa MK3S+ 3D printer, it's important to ensure similar security measures to protect your network and devices.