Filtering MPLS traffic through a PIX?

Unanswered Question
Jul 1st, 2007

I have an MPLS connection running through a pix (7.1.1) running in transparent mode but am unable to filter any of the MPLS traffic. I can ping and telnet through the pix but never see anything in my logs or connection table apart from the UDP/711 and BGP/179 traffic. Is there a way to have the pix filter MPLS-unicast traffic? I have 2 ACL's applied one that permits all ip/icmp and another to allow the MPLS-Unicast ethertype to pass. Any guidance would be greatly appreciated.


Rob Floyd

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bstremp Fri, 07/06/2007 - 08:28

Try this:

use EtherType ACE, eg..

hostname(config)# access-list ETHER ethertype deny mpls-unicast.

rob.floyd Fri, 07/06/2007 - 09:35

I got confirmation that what I was attempting to do is not supported. I want to allow the MPLS unicast through but want to filter higher up the stack into specific VRF's. Not supported at this time.



This Discussion