12-30-2010 07:07 AM - edited 03-06-2019 02:45 PM
Realize that the title might not make a whole lot of sense but here is my scenario. I have a guest VLAN that is completely blocked off from our Company's VLAN by use of ACLs. One of our guest needs access to a printer that is on our Co. VLAN. I don't want to open that printer to all the guest on the VLAN. So here is what I was hoping to do. The guest uses one of our meeting rooms. That meeting room has a port connecting to our c2960 switch. I was wondering if there is any way to only allow access to the specific port, without creating a new VLAN or moving the port to the Co. VLAN. I thought about doing this with static IPs but I don't want to configure her laptop with a static IP. So is there a way to setup DHCP to only give that PC connected to that switchport in the meeting room the same IP address each time she connects? Again realize that this may not make a whole lot of sense the way I described. But it's early and I haven't had my coffee yet so please bear with me. Thanks, Derrick
Hardware and IOS in use:
Router: (C870-ADVIPSERVICESK9-M), Version 15.1(1)T
Switch: (C2960-LANBASEK9-M), Version 12.2(55)SE,
12-30-2010 07:23 AM
Hi,
So is there a way to setup DHCP to only give that PC connected to that switchport in the meeting room the same IP address each time she connects
Yes this feature is called manual binding: you must create a separate DHCP pool.
ip dhcp pool GUEST
host 192.168.1.2 /24
client-identifier 01b7.0813.8811.66 or hardware-address b708.1388.1166
Regards.
Alain.
12-30-2010 07:49 AM
So this will only bind it by MAC address? Is it possible to bind to the switchport? Because I would like to have it so that any guest that goes into that meet room can use the printer.
12-30-2010 08:16 AM
Hi,
So this will only bind it by MAC address?
yes or client-identifier
Is it possible to bind to the switchport?
No.
Why not just do a regular pool for thes machines connecting to your printer?
Can you explain exactly what you want to achieve.
Regards.
Alain.
12-30-2010 08:38 AM
If I create a regular pool how will that work? Because I can't create anymore VLANs I'm already using the max that is supported with my router. What I'm trying to do is have a reserved IP within that guess VLAN that will have access to the printer. So my ACL will look something like:
access-list 100 permit ip host 192.168.2.2 host 192.168.1.20
access-list 100 deny deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
192.168.2.2 = Host on guest vlan
192.168.1.20 = Printer on Co. Vlan
I hope this helps clarify what I'm wanting. And thanks for the responses.
12-30-2010 10:08 AM
Hi,
if you can't create a guest vlan separate from other vlans then I don't see how you can do this.
But if you can create a guest vlan then maybe take a look at dot1x technology.
Regards.
Alain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide