Solved

Require authentication for network access ASA.

Posted on 2010-08-24
4
625 Views
Last Modified: 2012-05-10
Hello Experts,

I have an internal network of about 25 computers behind an ASA 5505.  The ASA assigns DHCP to whatever connects to the network via LAN or Wireless.  I would like to restrict network access to authenticated users.  Ideally, I would like to provide a list of authenticated MAC addresses and require username and password for for any device not on the list.  My question is:  Is this possible with the ASA, and can anyone point me in the right direction to get started?  Thank you in advance for your time.
0
Comment
Question by:kwilliams123
  • 2
4 Comments
 
LVL 3

Expert Comment

by:DeltaR7
ID: 33510319
Yes I think this is possible.
 try following:
Configuration > Properties > Bridging > MAC Learning
disable mac learning on inside interface, add all mac manually.
The MAC Learning pane lets you disable MAC address learning on an interface. By default, each interface automatically learns the MAC addresses of entering traffic, and the security appliance adds corresponding entries to the MAC address table. You can disable MAC address learning if desired; however, unless you statically add MAC addresses to the table, no traffic can pass through the security appliance.  
0
 
LVL 9

Expert Comment

by:DanJ
ID: 33510354
To authenticate the users you need to configure cut-through proxy. You will need a Radius/tacacs server for that. To bypass the authentication for some MAC addresses use mac access list:

something like this:
mac-list MACLIST permit 0003.470d.61aa ffff.ffff.ffff
mac-list MACLIST permit 0003.470d.61bb ffff.ffff.ffff
aaa mac-exempt match MAC
0
 
LVL 9

Accepted Solution

by:
DanJ earned 500 total points
ID: 33510374
this is a cut-through proxy configuration guide with mac list exemption http://www.cisco.com/warp/public/480/tacacs-radius-config.pdf
0
 

Author Closing Comment

by:kwilliams123
ID: 33511093
Thank you for your prompt response
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now