Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

To VLAN or not to VLAN that is the question...

I would like to protect a printer from being printed to, by only 2 source MAC address's if possible. This printer is connected to a new addition -Cat6509 with no MSFC card in either of the supervisors. I am led to believe this switch is unable to do layer 3 routing (inter VLAN routing)? Can anyone confirm. Will i need to involve another router?

I am reluctant to setup up VLANs and associated routing just for this problem. Is port security an option?

TIA

4 REPLIES
Cisco Employee

Re: To VLAN or not to VLAN that is the question...

You are correct. With no MSFC or an external router, you cannot route between VLANs. Port security locks a MAC address to a particular port and will not help you in preventing users from accessing printer.

You could have your printer and users who you want access printer in a different vlan than the users who you do not want to give printer access, but the two VLANs will be isolated without an MSFC or a router

Cisco Employee

Re: To VLAN or not to VLAN that is the question...

Without MSFCs, you will indeed not be able to do L3 switching. In this case, to protect the printer, you can either setup VLANs or configure "filtering" on the cat6k if it has a PFC (you can verify that using the show mod command).

With the PFC, you can configure MAC address access-list to decide which devices can access the printer for instance. More information can be found at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm

New Member

Re: To VLAN or not to VLAN that is the question...

Let me suggest another approach. What NOS are you using? Netware and Windows both allow you to create groups and assign rights. In this case you would create a group that is allowed to print to the printer in question and assign only the 2 users. This would not be by MAC address, though. It would be by user. Will this work for you?

New Member

Re: To VLAN or not to VLAN that is the question...

Ditto, I would try to do this via Netware / Windows NT / 2000 and leave the "switch fabric" out of it.

104
Views
0
Helpful
4
Replies