Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1653
Views
0
Helpful
3
Replies

PRINTER ACCESS!

Go to solution
anirudh.wna
Level 1
Level 1

‎10-27-2013 01:48 AM - last edited on ‎03-25-2019 04:27 PM by Community Manager

hi everybody,

                  we have a print server 2008r2 set up in our network, and the shared  path is \\172.20.1.85\printer.

the printer ip is 172.20.5.134. all other access rules are working fine except the one highlighted below in red. we want to block direct acess to this printer but only allow printing through the print server.. there is perfect connectivity between the 172.20.1.x lan and 172.20.5.x lan. any suggestions please.

Extended IP access list 101

    10 permit ip host 172.20.5.15 host 172.20.1.135

    20 permit ip host 172.20.5.15 host 172.20.1.140

    30 permit ip host 172.20.5.15 host 172.20.1.145

    40 permit ip host 172.20.5.20 host 172.20.1.135

    50 permit ip host 172.20.5.20 host 172.20.1.140

    60 permit ip host 172.20.5.20 host 172.20.1.145

    70 permit ip host 172.20.5.129 host 172.20.1.135

    80 permit ip host 172.20.5.129 host 172.20.1.140

    90 permit tcp host 172.20.5.130 host 172.20.1.145 eq www

    100 permit tcp host 172.20.5.130 host 172.20.1.145 eq 443

    110 permit tcp host 172.20.5.10 host 172.20.1.145 eq www

    120 permit tcp host 172.20.5.10 host 172.20.1.145 eq 443

    125 deny ip any host 172.20.5.134

    140 deny ip any 172.20.1.128 0.0.0.127 (178 matches)

    150 deny ip any 172.20.2.0 0.0.0.127 (4 matches)

    160 deny ip any 172.20.2.128 0.0.0.127 (319 matches)

    170 deny ip any 172.20.3.0 0.0.0.63

    180 deny ip any 172.20.3.64 0.0.0.63

    190 deny ip any 172.20.3.128 0.0.0.127

    200 deny ip any 172.20.4.0 0.0.0.127

    210 deny ip any 172.20.4.128 0.0.0.127

    220 permit udp any any eq bootpc

    230 permit udp any any eq bootps (727 matches)

    240 permit udp host 0.0.0.0 host 255.255.255.255

    250 permit ip any any (29978 matches)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎10-28-2013 05:12 AM

Where is this applied? In lines above it, you state to permit hosts on the 172.20.5.x subnet going to something, but this lines states to deny anything going to 172.20.5.134. I'm assuming that this is either inbound on an svi that has the 172.20.5.x subnet? Check the direction of the line. You may need to change it to "deny ip host 172.20.5.134 any".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Guru Mysoruu
Level 1
Level 1

‎10-28-2013 12:11 AM

Direct access means,Printer will be accessed through http or https console right ?

If it is the case,then put a access list blocking http or https packet.

Can you share the direct access concept of printer in your Environment

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎10-28-2013 05:12 AM

Where is this applied? In lines above it, you state to permit hosts on the 172.20.5.x subnet going to something, but this lines states to deny anything going to 172.20.5.134. I'm assuming that this is either inbound on an svi that has the 172.20.5.x subnet? Check the direction of the line. You may need to change it to "deny ip host 172.20.5.134 any".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
anirudh.wna
Level 1
Level 1
In response to John Blakley

‎10-28-2013 11:58 AM

thanks john.. got it working finally..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card