1-23
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Rules for Network Access
Using MAC Addresses to Exempt Traffic from Authentication and Authorization
hostname(config-aaa-server-host)# exit
hostname(config)# access-list TELNET_AUTH extended permit tcp any any
eq telnet
hostname(config)# access-list SERVER_AUTH extended permit tcp any host 209.165.201.5 eq
telnet
hostname(config)# aaa authentication match TELNET_AUTH inside AuthOutbound
hostname(config)# aaa authorization match SERVER_AUTH inside AuthOutbound
hostname(config)# aaa accounting match SERVER_AUTH inside AuthOutbound
Using MAC Addresses to Exempt Traffic from
Authentication and Authorization
The ASA can exempt from authentication and authorization any traffic from specific MAC addresses.
For example, if the ASA authenticates TCP traffic originating on a particular network, but you want to
allow unauthenticated TCP connections from a specific server, you would use a MAC exempt rule to
exempt from authentication and authorization any traffic from the server specified by the rule.
This feature is particularly useful to exempt devices such as IP phones that cannot respond to
authentication prompts.
To Next Page
Loading...
Need help?
General
