Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3764
Views
0
Helpful
7
Replies

can i Deny user on the basis of mac-address on cisco asa firewall

Go to solution
Madhuraj singh kushwah
Level 1
Level 1

‎02-27-2014 01:47 AM - edited ‎03-07-2019 06:26 PM

Hi All,

I want to deny internet for some user on the basis of mac-address at cisco asa firewall .

My dhcp configuration is at ASA firewall.Is this possible that can i bind mac address with ip on asa firewall.

Please suggest .

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Madhuraj singh kushwah

‎02-27-2014 06:08 AM

Hi,

ASA doesn't support manual bindings like on IOS devices. You won't be able to use MAC ACLs either if you are in routed mode and MFP QoS only supports IP access-lists for class-maps.

Is there a Cisco router as edge device ? If so then you can then filter traffic  with a MQC QoS policy with drop action  without the need for manual DHCP bindings based on source MAC and an ACL for web traffic.

If you migrate your DHCP server to do manual leases then on your ASA you can use a simple L3 IP ACL applied ingress on the inside interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Dragan Ilic
Level 4
Level 4

‎02-27-2014 02:15 AM

Don't know if this is going to work on ASA DHCP implementation but you can give a try:

http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html#wp1017385

HTH,
Dragan

HTH,
Dragan
0 Helpful

Go to solution
Madhuraj singh kushwah
Level 1
Level 1
In response to Dragan Ilic

‎02-27-2014 02:27 AM

Hi Dragan,

Thanks ,

Actually I have total 50 mac-address of the users so according to this method I have to create 50 dchp pool means for every individual user as per document.Is there any other way ...can i perform the above mention configuration on asa firewall.

0 Helpful

Go to solution
Dragan Ilic
Level 4
Level 4
In response to Madhuraj singh kushwah

‎02-27-2014 02:29 AM

Using this method - yes 50 DHCP pools...

You can try with some test DHCP pool on your ASA and some test PC to check if it's going to work fine...

HTH,
Dragan

HTH,
Dragan
0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Madhuraj singh kushwah

‎02-27-2014 06:08 AM

Hi,

ASA doesn't support manual bindings like on IOS devices. You won't be able to use MAC ACLs either if you are in routed mode and MFP QoS only supports IP access-lists for class-maps.

Is there a Cisco router as edge device ? If so then you can then filter traffic  with a MQC QoS policy with drop action  without the need for manual DHCP bindings based on source MAC and an ACL for web traffic.

If you migrate your DHCP server to do manual leases then on your ASA you can use a simple L3 IP ACL applied ingress on the inside interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Madhuraj singh kushwah
Level 1
Level 1
In response to cadet alain

‎02-27-2014 09:58 PM

Hi Cadet Alain ,

Thanks for your suggestion .I am Agree with you....

0 Helpful

Go to solution
Nish Vamadevan
Level 1
Level 1

‎02-27-2014 06:38 AM

No, It is not possible as far as I know.

Have you tried creating a static ARP and then use ACL to block the IP?

0 Helpful

Go to solution
Madhuraj singh kushwah
Level 1
Level 1
In response to Nish Vamadevan

‎02-27-2014 09:57 PM

Thanks Sir ,

Now i will configure the dhcp lease as unlimited then i will try to configure access rule .

0 Helpful
Customers Also Viewed These Support Documents