03-27-2019 10:40 PM
I need some help with access-list !
i have a subnet 172.16.1.0 255.255.250.0 (VLAN 1)
In the same subnet, I have a Network Printer 172.16.1.153
I need to deny all users to connect to network printer except for 2 users 172.16.1.36 and 172.16.1.115
Please see below picture for your reference.
Thanks!
Solved! Go to Solution.
03-28-2019 12:18 AM
Hello,
if all your clients are in VLAN 1, you could also use a VLAN ACL. This would look as below:
ip access-list extended PRINTER_ACL
permit ip host 172.16.1.36 host 172.16.1.153
permit ip host 172.16.1.115 host 172.16.1.153
!
vlan access-map PRINTER_VACL 10
match ip address PRINTER_ACL
action forward
!
vlan filter PRINTER_VACL vlan-list 1
03-28-2019 02:37 AM - edited 03-28-2019 03:21 AM
Hi,
My concern with the solution is that do you have fixed IP on the Client's machine?
ip access-list extended Printer_Allow permit ip host 172.16.1.36 host 172.16.1.153 permit ip host 172.16.1.115 host 172.16.1.153 deny ip 172.16.1.0 0.0.0.255 host 172.16.1.153 permit ip any any ! vlan access-map Printer_Allow_VACL 10 match ip address Printer_Allow action forward ! vlan filter Printer_Allow_VACL vlan-list 1
You have to configure this where Printer is connected.
Regards,
Deepak Kumar
03-27-2019 11:42 PM
Hi,
is it possible to keep Printer in another VLAN?
Regards,
Deepak Kumar
03-27-2019 11:58 PM
03-28-2019 12:10 AM - edited 03-28-2019 03:22 AM
Hi,
Please share the Printer IP address, switch port where printer is connected, Client's mac address which you want to allow and VLAN number.
I will make acl for you.
Edit: MAC was the typo
Regards,
Deepak Kumar
03-28-2019 02:22 AM
Printer MAC: 1860.2468.718c
Printer switchport on layer2 switch: f0/5
Client1 Mac address: 8C-16-45-89-52-x1
Client1 Mac address: 8C-16-45-89-52-x2
03-28-2019 03:23 AM
03-28-2019 12:18 AM
Hello,
if all your clients are in VLAN 1, you could also use a VLAN ACL. This would look as below:
ip access-list extended PRINTER_ACL
permit ip host 172.16.1.36 host 172.16.1.153
permit ip host 172.16.1.115 host 172.16.1.153
!
vlan access-map PRINTER_VACL 10
match ip address PRINTER_ACL
action forward
!
vlan filter PRINTER_VACL vlan-list 1
03-28-2019 01:24 AM
@Georg Pauwen Thanks!
Where should I configure the VLAN ACL? layer2 switch or layer 3 switch?
03-28-2019 02:37 AM - edited 03-28-2019 03:21 AM
Hi,
My concern with the solution is that do you have fixed IP on the Client's machine?
ip access-list extended Printer_Allow permit ip host 172.16.1.36 host 172.16.1.153 permit ip host 172.16.1.115 host 172.16.1.153 deny ip 172.16.1.0 0.0.0.255 host 172.16.1.153 permit ip any any ! vlan access-map Printer_Allow_VACL 10 match ip address Printer_Allow action forward ! vlan filter Printer_Allow_VACL vlan-list 1
You have to configure this where Printer is connected.
Regards,
Deepak Kumar
03-28-2019 06:17 PM
Thanks @Deepak Kumar and @Georg Pauwen VACL resolved the issue! Many thanks to both of you. :)
03-28-2019 09:24 PM
Hi,
We are happy that the solution has worked for you.
Regards,
Deepak Kumar
03-28-2019 05:26 AM
Hello,
apply the VACL on the layer 2 switch...
03-28-2019 03:21 AM
Hi!
On layer3, if your switch have license LANBASE, to trying extended access-list to interface Fe0/5:
(config) access-list 101 permit ip any host 172.16.1.115
(config) access-list 101 permit ip any host 172.16.1.36
(config) interface Fe0/5
(config-if) ip access-group 101 in
The printer will receive all traffic, but will only be able to send for two hosts.
It's workaround, no more.
03-28-2019 03:31 AM
Hello
alvin.baro@gmail.com wrote:
I need some help with access-list !
i have a subnet 172.16.1.0 255.255.250.0 (VLAN 1)
In the same subnet, I have a Network Printer 172.16.1.153
I need to deny all users to connect to network printer except for 2 users 172.16.1.36 and 172.16.1.115
Now does this mean also any users in any other vlans , if so VACL;s wont perform that action you will need to apply a RACL
03-28-2019 03:49 AM
Hi,
As per her message. there is only one VLAN (1).
Regards,
Deepak Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide