Solved

Require authentication for network access ASA.

Posted on 2010-08-24
4
629 Views
Last Modified: 2012-05-10
Hello Experts,

I have an internal network of about 25 computers behind an ASA 5505.  The ASA assigns DHCP to whatever connects to the network via LAN or Wireless.  I would like to restrict network access to authenticated users.  Ideally, I would like to provide a list of authenticated MAC addresses and require username and password for for any device not on the list.  My question is:  Is this possible with the ASA, and can anyone point me in the right direction to get started?  Thank you in advance for your time.
0
Comment
Question by:kwilliams123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Expert Comment

by:DeltaR7
ID: 33510319
Yes I think this is possible.
 try following:
Configuration > Properties > Bridging > MAC Learning
disable mac learning on inside interface, add all mac manually.
The MAC Learning pane lets you disable MAC address learning on an interface. By default, each interface automatically learns the MAC addresses of entering traffic, and the security appliance adds corresponding entries to the MAC address table. You can disable MAC address learning if desired; however, unless you statically add MAC addresses to the table, no traffic can pass through the security appliance.  
0
 
LVL 9

Expert Comment

by:DanJ
ID: 33510354
To authenticate the users you need to configure cut-through proxy. You will need a Radius/tacacs server for that. To bypass the authentication for some MAC addresses use mac access list:

something like this:
mac-list MACLIST permit 0003.470d.61aa ffff.ffff.ffff
mac-list MACLIST permit 0003.470d.61bb ffff.ffff.ffff
aaa mac-exempt match MAC
0
 
LVL 9

Accepted Solution

by:
DanJ earned 500 total points
ID: 33510374
this is a cut-through proxy configuration guide with mac list exemption http://www.cisco.com/warp/public/480/tacacs-radius-config.pdf
0
 

Author Closing Comment

by:kwilliams123
ID: 33511093
Thank you for your prompt response
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question