Solved

Require authentication for network access ASA.

Posted on 2010-08-24
4
628 Views
Last Modified: 2012-05-10
Hello Experts,

I have an internal network of about 25 computers behind an ASA 5505.  The ASA assigns DHCP to whatever connects to the network via LAN or Wireless.  I would like to restrict network access to authenticated users.  Ideally, I would like to provide a list of authenticated MAC addresses and require username and password for for any device not on the list.  My question is:  Is this possible with the ASA, and can anyone point me in the right direction to get started?  Thank you in advance for your time.
0
Comment
Question by:kwilliams123
  • 2
4 Comments
 
LVL 3

Expert Comment

by:DeltaR7
ID: 33510319
Yes I think this is possible.
 try following:
Configuration > Properties > Bridging > MAC Learning
disable mac learning on inside interface, add all mac manually.
The MAC Learning pane lets you disable MAC address learning on an interface. By default, each interface automatically learns the MAC addresses of entering traffic, and the security appliance adds corresponding entries to the MAC address table. You can disable MAC address learning if desired; however, unless you statically add MAC addresses to the table, no traffic can pass through the security appliance.  
0
 
LVL 9

Expert Comment

by:DanJ
ID: 33510354
To authenticate the users you need to configure cut-through proxy. You will need a Radius/tacacs server for that. To bypass the authentication for some MAC addresses use mac access list:

something like this:
mac-list MACLIST permit 0003.470d.61aa ffff.ffff.ffff
mac-list MACLIST permit 0003.470d.61bb ffff.ffff.ffff
aaa mac-exempt match MAC
0
 
LVL 9

Accepted Solution

by:
DanJ earned 500 total points
ID: 33510374
this is a cut-through proxy configuration guide with mac list exemption http://www.cisco.com/warp/public/480/tacacs-radius-config.pdf
0
 

Author Closing Comment

by:kwilliams123
ID: 33511093
Thank you for your prompt response
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSG50 Firewall Rules 17 30
Cisco Trunk question 4 30
NAT/PAT unable to config correctly 7 17
CISCO wireless controller & AP 2 10
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question