https://community.cisco.com/t5/network-security/help-configuration/m-p/2064441#M397789 <HTML><HEAD></HEAD><BODY><P> Hello Omer,</P><P></P><P>In Normal routed mode ASA, there is no native way of mac filtering. If you want the client to access http/ftp/telnet traffic through MPLS, then you can use cut through proxy and give mac excemption for you specific PC..</P><P></P><P>If that solution in place, it will ask for an authentication if other PC's trying to access and the pc with mac excemption configred will bypass the authentication and can access</P><P></P><P></P><P>the following link provide you information on the solution</P><P></P><P><A href="http://hanlinag.blogspot.com/2011/10/how-to-block-out-going-traffic-by-mac.html">http://hanlinag.blogspot.com/2011/10/how-to-block-out-going-traffic-by-mac.html</A></P><P></P><P>Harish.</P></BODY></HTML> Wed, 10 Oct 2012 07:05:26 GMT Harish Balakrishnan 2012-10-10T07:05:26Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064436#M397782 <P>Hi All,</P><P></P><P>my current network layout is attached.</P><P>The service provider will be preparing an MPLS-VPN network as per our request.</P><P></P><P>The required scenario is:</P><P></P><P>Only one PC from the 10.50.10.0/24 subnet is required to connect to mpls network directly. Other PCs should remain the same.</P><P>Is that possible? if yes, what configuration that can be done?</P><P></P><P>Note: PCs of the 10.50.10.0/24 subnet got the ip addresses from dhcp server which managed by other department (same building), and they can cooperate.</P><P></P><P>Please advise.</P> Tue, 12 Mar 2019 00:06:57 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064436#M397782 omer_babiker 2019-03-12T00:06:57Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064437#M397784 <HTML><HEAD></HEAD><BODY><P> Hello Omer,</P><P></P><P>You meant to say only 1 PC at a time or a specific defined PC but the IP address may change since it is DHCP </P><P></P><P>regards</P><P>Harish.</P></BODY></HTML> Wed, 10 Oct 2012 06:38:05 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064437#M397784 Harish Balakrishnan 2012-10-10T06:38:05Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064438#M397785 <HTML><HEAD></HEAD><BODY><P>Hi Harish,</P><P></P><P>It is specific defined PC but ip address may change.</P><P></P><P>Regards,</P></BODY></HTML> Wed, 10 Oct 2012 06:42:18 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064438#M397785 omer_babiker 2012-10-10T06:42:18Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064439#M397786 <HTML><HEAD></HEAD><BODY><P> Hello Omer,</P><P></P><P>thanks for the info.. What type of firewall are you using and the OS version if it is Cisco</P><P></P><P>regards</P><P>Harish</P></BODY></HTML> Wed, 10 Oct 2012 06:44:09 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064439#M397786 Harish Balakrishnan 2012-10-10T06:44:09Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064440#M397788 <HTML><HEAD></HEAD><BODY><P>Hi Harish,</P><P></P><P>It's ASA5510, and the version is 8.0 (4).</P><P></P><P>Thanks,</P></BODY></HTML> Wed, 10 Oct 2012 06:48:20 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064440#M397788 omer_babiker 2012-10-10T06:48:20Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064441#M397789 <HTML><HEAD></HEAD><BODY><P> Hello Omer,</P><P></P><P>In Normal routed mode ASA, there is no native way of mac filtering. If you want the client to access http/ftp/telnet traffic through MPLS, then you can use cut through proxy and give mac excemption for you specific PC..</P><P></P><P>If that solution in place, it will ask for an authentication if other PC's trying to access and the pc with mac excemption configred will bypass the authentication and can access</P><P></P><P></P><P>the following link provide you information on the solution</P><P></P><P><A href="http://hanlinag.blogspot.com/2011/10/how-to-block-out-going-traffic-by-mac.html">http://hanlinag.blogspot.com/2011/10/how-to-block-out-going-traffic-by-mac.html</A></P><P></P><P>Harish.</P></BODY></HTML> Wed, 10 Oct 2012 07:05:26 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064441#M397789 Harish Balakrishnan 2012-10-10T07:05:26Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064442#M397790 <HTML><HEAD></HEAD><BODY><P>Hello Harish,</P><P></P><P>Thank you so much for your help.</P><P></P><P>do you think it's possible to define static ip address for that specific PC?</P><P>If that possible, the traffic from that pc can easily be routed to go to mpls network. please correct me if I'm wrong.</P><P></P><P>Regards,</P></BODY></HTML> Wed, 10 Oct 2012 07:20:31 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064442#M397790 omer_babiker 2012-10-10T07:20:31Z https://community.cisco.com/t5/network-security/help-configuration/m-p/2064443#M397791 <HTML><HEAD></HEAD><BODY><P> Hello Omer,</P><P></P><P></P><P>Thant is the ideal solution,, give the static IP for that PC and exclude that IP in DHCP server..</P><P></P><P>Create ACL in ASA so that only that IP is permitted to MPLS network and deny complete subnet to MPLS network as second line and permit ip any any as the third line of the ACL</P><P></P><P>regards</P><P>Harish.</P></BODY></HTML> Wed, 10 Oct 2012 07:28:39 GMT https://community.cisco.com/t5/network-security/help-configuration/m-p/2064443#M397791 Harish Balakrishnan 2012-10-10T07:28:39Z