Meraki

Community

Access to Printer from WLAN

Solved
american_nisei
Getting noticed
‎Oct 10 2017 12:24 PM
‎Oct 10 2017 12:24 PM

Access to Printer from WLAN

Hi Community!!  

 

Have a location with 3 SSIDs using Meraki DHCP.  I've set "Clients Blocked from using LAN" to "Yes", so WLAN users cannot get to the LAN.  So WLAN users access to LAN-based printers is disabled.  

 

So the client wants to have only their employees to have access to printers from the WLAN.  I can easily do that by changing the "Clients Blocked from using LAN" from Yes to No.  But the three SSIDs are used by both the users clients and employees.  

 

I have a full Meraki stack.  Is there anyway to set this up so that only certain people have access to the LAN?  I don't want to create a separate "employee" SSID.  

 

Thanks!

~Doug

0 Kudos
1 Accepted Solution
DavidH
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Oct 11 2017 12:56 AM
‎Oct 11 2017 12:56 AM

Hi Doug,

As already mentioned, firewall rules are the right tool for this job. If you have two groups of users on the same SSID(s), you could use Group Policies to restrict printer access to only one group of users. You could then use tags to assign particular users to groups (or even use existing Active Directory groups, if that's applicable to your environment). You can find all the details on Group Policies in our documentation.

 

Cheers,

David

View solution in original post

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 10 2017 3:08 PM
‎Oct 10 2017 3:08 PM

I can only come up with complex solutions to your exact requirements.

 

However if you can relax the requirements so that anyone can access the printers, instead of just employees, then add a wireless firewall rule above the "deny" rule, permitting access to only the printers IP address.

 

Here is a screenshot of a pretend configuration.

Screenshot from 2017-10-11 11-08-08.png

golisz
Conversationalist
‎Oct 10 2017 3:10 PM
‎Oct 10 2017 3:10 PM

Hello,

The easiest way for you is to create rule that will allow access to local network (printer)

Screen Shot 2017-10-10 at 5.08.28 PM.png

For Example:

Allow - Any - 192.168.100.102 - Any

DavidH
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Oct 11 2017 12:56 AM
‎Oct 11 2017 12:56 AM

Hi Doug,

As already mentioned, firewall rules are the right tool for this job. If you have two groups of users on the same SSID(s), you could use Group Policies to restrict printer access to only one group of users. You could then use tags to assign particular users to groups (or even use existing Active Directory groups, if that's applicable to your environment). You can find all the details on Group Policies in our documentation.

 

Cheers,

David

In response to DavidH
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 11 2017 12:58 AM
‎Oct 11 2017 12:58 AM

Group policy can not override WiFi firewall rules.

0 Kudos
In response to PhilipDAth
DavidH
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Oct 11 2017 2:08 AM
‎Oct 11 2017 2:08 AM

Hi @PhilipDAth

 

Actually they can. Please see the documentation I referenced above. I also just tested this to confirm.

 

Cheers,

David

0 Kudos
In response to DavidH
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 11 2017 11:36 AM
‎Oct 11 2017 11:36 AM

I stand corrected.  Then this makes it much simpler.

0 Kudos
In response to DavidH
american_nisei
Getting noticed
‎Oct 11 2017 7:46 PM
‎Oct 11 2017 7:46 PM

DavidH!
This looks perfect. I will try this out tomorrow!
0 Kudos
In response to american_nisei
Ponch
New here
‎Dec 3 2017 3:57 PM
‎Dec 3 2017 3:57 PM

This worked for my PC but my android device sees it, but times out adding it.  Anyone have success adding a printer through an MX?  Mines a mx65w if it matters. 

0 Kudos
In response to Ponch
DW
Conversationalist
‎Dec 19 2018 1:53 PM
‎Dec 19 2018 1:53 PM

@Ponch, Hey did you ever get a solution for your android devices?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.