• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 633
  • Last Modified:

Require authentication for network access ASA.

Hello Experts,

I have an internal network of about 25 computers behind an ASA 5505.  The ASA assigns DHCP to whatever connects to the network via LAN or Wireless.  I would like to restrict network access to authenticated users.  Ideally, I would like to provide a list of authenticated MAC addresses and require username and password for for any device not on the list.  My question is:  Is this possible with the ASA, and can anyone point me in the right direction to get started?  Thank you in advance for your time.
0
kwilliams123
Asked:
kwilliams123
  • 2
1 Solution
 
DeltaR7Commented:
Yes I think this is possible.
 try following:
Configuration > Properties > Bridging > MAC Learning
disable mac learning on inside interface, add all mac manually.
The MAC Learning pane lets you disable MAC address learning on an interface. By default, each interface automatically learns the MAC addresses of entering traffic, and the security appliance adds corresponding entries to the MAC address table. You can disable MAC address learning if desired; however, unless you statically add MAC addresses to the table, no traffic can pass through the security appliance.  
0
 
DanJCommented:
To authenticate the users you need to configure cut-through proxy. You will need a Radius/tacacs server for that. To bypass the authentication for some MAC addresses use mac access list:

something like this:
mac-list MACLIST permit 0003.470d.61aa ffff.ffff.ffff
mac-list MACLIST permit 0003.470d.61bb ffff.ffff.ffff
aaa mac-exempt match MAC
0
 
DanJCommented:
this is a cut-through proxy configuration guide with mac list exemption http://www.cisco.com/warp/public/480/tacacs-radius-config.pdf
0
 
kwilliams123Author Commented:
Thank you for your prompt response
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now