10-09-2012 11:28 PM - edited 03-11-2019 05:06 PM
Hi All,
my current network layout is attached.
The service provider will be preparing an MPLS-VPN network as per our request.
The required scenario is:
Only one PC from the 10.50.10.0/24 subnet is required to connect to mpls network directly. Other PCs should remain the same.
Is that possible? if yes, what configuration that can be done?
Note: PCs of the 10.50.10.0/24 subnet got the ip addresses from dhcp server which managed by other department (same building), and they can cooperate.
Please advise.
10-09-2012 11:38 PM
Hello Omer,
You meant to say only 1 PC at a time or a specific defined PC but the IP address may change since it is DHCP
regards
Harish.
10-09-2012 11:42 PM
Hi Harish,
It is specific defined PC but ip address may change.
Regards,
10-09-2012 11:44 PM
Hello Omer,
thanks for the info.. What type of firewall are you using and the OS version if it is Cisco
regards
Harish
10-09-2012 11:48 PM
Hi Harish,
It's ASA5510, and the version is 8.0 (4).
Thanks,
10-10-2012 12:05 AM
Hello Omer,
In Normal routed mode ASA, there is no native way of mac filtering. If you want the client to access http/ftp/telnet traffic through MPLS, then you can use cut through proxy and give mac excemption for you specific PC..
If that solution in place, it will ask for an authentication if other PC's trying to access and the pc with mac excemption configred will bypass the authentication and can access
the following link provide you information on the solution
http://hanlinag.blogspot.com/2011/10/how-to-block-out-going-traffic-by-mac.html
Harish.
10-10-2012 12:20 AM
Hello Harish,
Thank you so much for your help.
do you think it's possible to define static ip address for that specific PC?
If that possible, the traffic from that pc can easily be routed to go to mpls network. please correct me if I'm wrong.
Regards,
10-10-2012 12:28 AM
Hello Omer,
Thant is the ideal solution,, give the static IP for that PC and exclude that IP in DHCP server..
Create ACL in ASA so that only that IP is permitted to MPLS network and deny complete subnet to MPLS network as second line and permit ip any any as the third line of the ACL
regards
Harish.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide