Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17147
Views
0
Helpful
3
Replies

Sharing a printer between 2 VLANS

bilskya666
Level 1
Level 1

‎07-16-2012 08:19 PM - edited ‎03-07-2019 07:48 AM

We have a SGE2010 48 port POE switch and need to share a printer with a subtennant.  We do not want to give them access to any other resources.

Our LAN is 192.168.17.0/24  - the printer is at 192.168.17.50

The sub-tennats LAN is 10.0.1.0/24.

I belive I need to setup 3 VLANs -

10 - Us

20 - Subtennant

30 - Printer.

Is this correct and if so, how do we setup the VLANS?   Many thanks in advance for your suggsestions.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

jan.janovic.sk
Level 1
Level 1

‎07-17-2012 03:15 PM

Hello there,

According to documentation for this switch it can be configured only via web interface. I'm not sure if it wont be too limiting for this scenario.

However, the thing is when you want to use several VLANs, you will need a routing between them. It would be sufficient to make only 2 VLAN(because your printer is in the same network as you) - VLAN 10 for you and VLAN 20 for subtenant. Now you should try to configure static routing between them(your switch should support it) and then use an extended ACL on interfaces in subtenant VLAN. With this ACL you can permit only trafic from network 10.0.1.0 to printer 192.168.17.50, nothing else.

I have no experiences with configuring cisco devices without IOS, so i cant tell you more exact procedure how to configure all this. Take it only as a theoretical hint and try it yourself. I believe there is no way to go wrong

Best Regards

Jan Janovic

0 Helpful

Alessio Andreoli
Level 5
Level 5

‎07-18-2012 07:00 AM

If your printer is in the same subnet than yours, then you can't set up 3 vlans

To set 3 vlan you should have for example:

192.168.16.0/24 -subtenants

192.168.17.0/24- printer

192.168.18.0/24- your own vlan

Jan, just above was right to suggest a layer 3 point (static route), because in this way the 3 subnets can have a communication and the subtenants can contact the printer. Access-list and filters can be applied to deny traffic to elsewhere but printer and Internet.

HTH

Alessio

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to Alessio Andreoli

‎07-20-2012 08:50 AM

Hi bill,

You can keep userlan and printer on the same vlan. for subtenants you can create a seperate vlan and put an access-list like the below.

ip access-list subtenants_block

permit tcp any host 192.168.17.50

deny ip any 192.168.17.0 255.255.255.0

permit ip any any

!

int vlan 20 (subtenants)

ip access-group subtenants_block

!

Please do rate if the given information helps.

By

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card