Last active
September 28, 2018 22:16
-
-
Save jschlackman/71b4882c4addcd10de6b749e479e21f2 to your computer and use it in GitHub Desktop.
IOS configuration snippet showing how to allow an otherwise isolated guest VLAN 99 (172.16.0.0/16) to be able to communicate to IP printers on VLAN 1 (10.0.0.0/8) with enough access for Windows to be able to automatically configure them by IP address.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| object-group network Guest_Access_Printers | |
| range 10.0.50.51 10.0.50.61 | |
| host 10.0.50.90 | |
| ! | |
| interface GigabitEthernet0/1.99 | |
| encapsulation dot1Q 99 | |
| ip address 172.16.0.1 255.255.0.0 | |
| ip access-group Guest_Restrictions in | |
| ! | |
| ip access-list extended Guest_Restrictions | |
| permit icmp any object-group Guest_Access_Printers | |
| permit tcp any object-group Guest_Access_Printers eq www | |
| permit udp any object-group Guest_Access_Printers eq 161 | |
| permit tcp any object-group Guest_Access_Printers eq 9100 | |
| deny ip any 10.0.0.0 0.255.255.255 | |
| deny ip any 192.168.0.0 0.0.255.255 | |
| permit ip any any | |
| ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment