Re: To VLAN or not to VLAN that is the question...

ryandouglas · ‎07-25-2002

I would like to protect a printer from being printed to, by only 2 source MAC address's if possible. This printer is connected to a new addition -Cat6509 with no MSFC card in either of the supervisors. I am led to believe this switch is unable to do layer 3 routing (inter VLAN routing)? Can anyone confirm. Will i need to involve another router?

I am reluctant to setup up VLANs and associated routing just for this problem. Is port security an option?

TIA

Prashanth Krishnappa · ‎07-25-2002

You are correct. With no MSFC or an external router, you cannot route between VLANs. Port security locks a MAC address to a particular port and will not help you in preventing users from accessing printer.

You could have your printer and users who you want access printer in a different vlan than the users who you do not want to give printer access, but the two VLANs will be isolated without an MSFC or a router

Frederic Vanderbecq · ‎07-25-2002

Without MSFCs, you will indeed not be able to do L3 switching. In this case, to protect the printer, you can either setup VLANs or configure "filtering" on the cat6k if it has a PFC (you can verify that using the show mod command).

With the PFC, you can configure MAC address access-list to decide which devices can access the printer for instance. More information can be found at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm

mfaust · ‎07-26-2002

Let me suggest another approach. What NOS are you using? Netware and Windows both allow you to create groups and assign rights. In this case you would create a group that is allowed to print to the printer in question and assign only the 2 users. This would not be by MAC address, though. It would be by user. Will this work for you?

bootlegcraig · ‎07-26-2002

Ditto, I would try to do this via Netware / Windows NT / 2000 and leave the "switch fabric" out of it.