Hi!
Follwoing problem, my customer wants to connect a phone to port 1 of the RAP! Laptop will be connected to the integrated phone-switch! So two clients on a single port.
Special about that, the phone should get its IP address from the internal network but the DHCP request from the PC should already be bridged out to the local Fritzbox! So no NAT included....!
I've created a rule like this:
Action: Permit
Host MAC: 00:80:9f:00:00:00
Subent bits: 00:00:00:ff:ff:ff
So everything coming from MAC range 00:80:9f:00:00:00 to 00:80:9f:ff:ff:ff should be permitted and forwarded through the tunnel!
I have created a user role with this MAC rule as a first statement, second statement was:
source user destination any service any route
But this doesn't work! I can see matches on the MAC policy and the phones gets connected, but the PC is not getting it's IP address from the local device...!
Do I need the "source NAT" statement anyway although that doesn't make sense to me? Or have I forgotten something? or is a mix of layer 2 and layer 3 rules not possible? And is the MAC-range config correct like this?
Any idea on how to solve that would be very much appreciated!!
Thanks!!
Markus