Access to Printer from WLAN

SOLVED
american_nisei
Getting noticed

Access to Printer from WLAN

Hi Community!!  

 

Have a location with 3 SSIDs using Meraki DHCP.  I've set "Clients Blocked from using LAN" to "Yes", so WLAN users cannot get to the LAN.  So WLAN users access to LAN-based printers is disabled.  

 

So the client wants to have only their employees to have access to printers from the WLAN.  I can easily do that by changing the "Clients Blocked from using LAN" from Yes to No.  But the three SSIDs are used by both the users clients and employees.  

 

I have a full Meraki stack.  Is there anyway to set this up so that only certain people have access to the LAN?  I don't want to create a separate "employee" SSID.  

 

Thanks!

~Doug

1 ACCEPTED SOLUTION
DavidH
Meraki Alumni (Retired)

Hi Doug,

As already mentioned, firewall rules are the right tool for this job. If you have two groups of users on the same SSID(s), you could use Group Policies to restrict printer access to only one group of users. You could then use tags to assign particular users to groups (or even use existing Active Directory groups, if that's applicable to your environment). You can find all the details on Group Policies in our documentation.

 

Cheers,

David

View solution in original post

9 REPLIES 9
PhilipDAth
Kind of a big deal

I can only come up with complex solutions to your exact requirements.

 

However if you can relax the requirements so that anyone can access the printers, instead of just employees, then add a wireless firewall rule above the "deny" rule, permitting access to only the printers IP address.

 

Here is a screenshot of a pretend configuration.

Screenshot from 2017-10-11 11-08-08.png

golisz
Conversationalist

Hello,

The easiest way for you is to create rule that will allow access to local network (printer)

Screen Shot 2017-10-10 at 5.08.28 PM.png

For Example:

Allow - Any - 192.168.100.102 - Any

DavidH
Meraki Alumni (Retired)

Hi Doug,

As already mentioned, firewall rules are the right tool for this job. If you have two groups of users on the same SSID(s), you could use Group Policies to restrict printer access to only one group of users. You could then use tags to assign particular users to groups (or even use existing Active Directory groups, if that's applicable to your environment). You can find all the details on Group Policies in our documentation.

 

Cheers,

David

PhilipDAth
Kind of a big deal

Group policy can not override WiFi firewall rules.

DavidH
Meraki Alumni (Retired)

Hi @PhilipDAth

 

Actually they can. Please see the documentation I referenced above. I also just tested this to confirm.

 

Cheers,

David

PhilipDAth
Kind of a big deal

I stand corrected.  Then this makes it much simpler.

DavidH!
This looks perfect. I will try this out tomorrow!

This worked for my PC but my android device sees it, but times out adding it.  Anyone have success adding a printer through an MX?  Mines a mx65w if it matters. 

DW
Conversationalist

@Ponch, Hey did you ever get a solution for your android devices?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.