Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
1
Replies

Mac-exempt int cut through proxy

andrewdipta
Level 1
Level 1

‎07-22-2011 02:02 AM - edited ‎03-11-2019 02:02 PM

Hi,

I'm using cut through proxy in my customer firewall. And I want to user mac-exempt for some PC to bypass authentication, but after I put PC's mac-address into mac-exempt, the PC still challenge by cut through proxy authentication.

mac-list aaa_mac_exempt permit 0021.5e53.119e ffff.ffff.ffff

mac-list aaa_mac_exempt permit 0005.9a3c.7800 ffff.ffff.ffff

aaa mac-exempt match aaa_mac_exempt

Anybody ever succeed using mac-exempt in cut through proxy configuration? As far as I known If we used mac-address filtering with multi hop neighbor, the source of mac-address will be changed everytime the packet crossed a neighbor right?

So how come this configuration could work?

thanks for your assistance.

Labels:
0 Helpful
1 Reply 1

Nicolas Fournier
Cisco Employee
Cisco Employee

‎07-27-2011 01:00 AM

Hi Andrew,

The source mac-address of the packet is indeed changed at each L3 hop.

If you want to use the mac-list for bypassing proxy-auth, you'll need the hosts to be in the same L3 network as one of the ASA interfaces.

Regards,

Nicolas

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card