Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
10
Helpful
4
Replies

Different VLANs for Wireless users

Asfandyar70754
Level 1
Level 1

‎10-06-2020 10:39 PM - edited ‎07-05-2021 12:36 PM

Hello everyone,

Currently I am using CIsco 3k switches and Cisco Meraki APs in my environment. We have few printers too.

We have 4 departments in our office and about 50 users.

I wanted to make 4 Vlans for each department and assign 1 printer to each department, currently I don't have an AD(but I am planning to get one soon).

I need suggestions how do I implement this.

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎10-07-2020 12:12 AM

Are you looking for all the users to connect Wireless and print?  how many SSID you have?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Asfandyar70754
Level 1
Level 1
In response to balaji.bandi

‎10-07-2020 12:27 AM

Right now all users are on wireless in single vlan and they can use any printer.

I want to separate users and printers department wise.

For eg: users of vlan 10 can use only Printer A, and users of vlan 20 can use Printer B.

 

I have 4 SSIDs right now I can add more to if needed.

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Asfandyar70754

‎10-08-2020 01:15 PM

The much better solution would be to use a radius server and then push the VLAN to the WLC when the user authenticates (with username+password). Here an example with a free Linux based radius server:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211263-Configure-802-1x-PEAP-with-FreeRadius.html

Or Windows NPS: 

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-07-2020 01:09 AM

If they are 4 SSID, and you can create 4 VLAN so printer stay respecteer VLAN, but any user can reach any IP address in the LAN.

Other option if you have different SSID with different IP address spool. ACL is best option to block other IP block to contact non authorise printing services.

 

take example

 

create an ACL printer 1  - only x.x.x.x /24 can acces x.x.x.10 (printer IP) rest deny so on

 

is this make sense ?

since you do not have any print server in place or AD based available now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card