Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
4
Helpful
1
Replies

MAC Authentication on ASA

angel-moon
Level 3
Level 3

‎04-14-2011 06:28 AM - edited ‎03-11-2019 01:20 PM

Hello,

Can an ASA allow or deny Internet access based on MAC addresses of the hosts in a standalone fashion? Without ACS or any other server or software.  I am pretty sure it is a better practice to to MAC authentication on the switches but this is the requirement this time around.

Thanks in advance!  All replies rated.

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎04-14-2011 11:00 AM

Hello,

The ASA currently does not have the ability to do filtering based on MAC-address. However, if your intention is to block internet access Based on MAC-address, you can implement AAA with local Usernames and passwords matching an mac-list.

It will work by authenticating the user located at the specific mac-address that you allow on the list. If the mac-address is not listed, the traffic on port 80 will be permitted to go out to the internet, if the mac-address entry is listed, the user will have to authenticate in order to do web browsing.

Hope this helps.

Mike.

Mike
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card