Solved

Require authentication for network access ASA.

Posted on 2010-08-24
4
627 Views
Last Modified: 2012-05-10
Hello Experts,

I have an internal network of about 25 computers behind an ASA 5505.  The ASA assigns DHCP to whatever connects to the network via LAN or Wireless.  I would like to restrict network access to authenticated users.  Ideally, I would like to provide a list of authenticated MAC addresses and require username and password for for any device not on the list.  My question is:  Is this possible with the ASA, and can anyone point me in the right direction to get started?  Thank you in advance for your time.
0
Comment
Question by:kwilliams123
  • 2
4 Comments
 
LVL 3

Expert Comment

by:DeltaR7
ID: 33510319
Yes I think this is possible.
 try following:
Configuration > Properties > Bridging > MAC Learning
disable mac learning on inside interface, add all mac manually.
The MAC Learning pane lets you disable MAC address learning on an interface. By default, each interface automatically learns the MAC addresses of entering traffic, and the security appliance adds corresponding entries to the MAC address table. You can disable MAC address learning if desired; however, unless you statically add MAC addresses to the table, no traffic can pass through the security appliance.  
0
 
LVL 9

Expert Comment

by:DanJ
ID: 33510354
To authenticate the users you need to configure cut-through proxy. You will need a Radius/tacacs server for that. To bypass the authentication for some MAC addresses use mac access list:

something like this:
mac-list MACLIST permit 0003.470d.61aa ffff.ffff.ffff
mac-list MACLIST permit 0003.470d.61bb ffff.ffff.ffff
aaa mac-exempt match MAC
0
 
LVL 9

Accepted Solution

by:
DanJ earned 500 total points
ID: 33510374
this is a cut-through proxy configuration guide with mac list exemption http://www.cisco.com/warp/public/480/tacacs-radius-config.pdf
0
 

Author Closing Comment

by:kwilliams123
ID: 33511093
Thank you for your prompt response
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question