topic Re: MAC Authentication on ASA in Network Security https://community.cisco.com/t5/network-security/mac-authentication-on-asa/m-p/1726801#M557887 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The ASA currently does not have the ability to do filtering based on MAC-address. However, if your intention is to block internet access Based on MAC-address, you can implement AAA with local Usernames and passwords matching an mac-list. </P><P></P><P>It will work by authenticating the user located at the specific mac-address that you allow on the list. If the mac-address is not listed, the traffic on port 80 will be permitted to go out to the internet, if the mac-address entry is listed, the user will have to authenticate in order to do web browsing.</P><P></P><P>Hope this helps.</P><P></P><P>Mike.</P></BODY></HTML> Thu, 14 Apr 2011 18:00:01 GMT Maykol Rojas 2011-04-14T18:00:01Z MAC Authentication on ASA https://community.cisco.com/t5/network-security/mac-authentication-on-asa/m-p/1726800#M557884 <P>Hello,</P><P></P><P>Can an ASA allow or deny Internet access based on MAC addresses of the hosts in a standalone fashion? Without ACS or any other server or software.&nbsp; I am pretty sure it is a better practice to to MAC authentication on the switches but this is the requirement this time around.</P><P></P><P></P><P>Thanks in advance!&nbsp; All replies rated.</P> Mon, 11 Mar 2019 20:20:53 GMT https://community.cisco.com/t5/network-security/mac-authentication-on-asa/m-p/1726800#M557884 angel-moon 2019-03-11T20:20:53Z Re: MAC Authentication on ASA https://community.cisco.com/t5/network-security/mac-authentication-on-asa/m-p/1726801#M557887 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The ASA currently does not have the ability to do filtering based on MAC-address. However, if your intention is to block internet access Based on MAC-address, you can implement AAA with local Usernames and passwords matching an mac-list. </P><P></P><P>It will work by authenticating the user located at the specific mac-address that you allow on the list. If the mac-address is not listed, the traffic on port 80 will be permitted to go out to the internet, if the mac-address entry is listed, the user will have to authenticate in order to do web browsing.</P><P></P><P>Hope this helps.</P><P></P><P>Mike.</P></BODY></HTML> Thu, 14 Apr 2011 18:00:01 GMT https://community.cisco.com/t5/network-security/mac-authentication-on-asa/m-p/1726801#M557887 Maykol Rojas 2011-04-14T18:00:01Z