Cisco Systems ASA 5585-X Manual De Usuario
7-25
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 7 Configuring AAA Rules for Network Access
Feature History for AAA Rules
The following example bypasses authentication for a a group of MAC addresses except for
00a0.c95d.02b2. Enter the deny statement before the permit statement, because 00a0.c95d.02b2
matches the permit statement as well, and if it is first, the deny statement will never be matched.
00a0.c95d.02b2. Enter the deny statement before the permit statement, because 00a0.c95d.02b2
matches the permit statement as well, and if it is first, the deny statement will never be matched.
ciscoasa(config)# mac-list 1 deny 00a0.c95d.0282 ffff.ffff.ffff
ciscoasa(config)# mac-list 1 permit 00a0.c95d.0000 ffff.ffff.0000
ciscoasa(config)# aaa mac-exempt match 1
Feature History for AAA Rules
Table 7-1
Feature History for AAA Rules
Feature Name
Platform
Releases
Releases
Feature Information
AAA Rules
7.0(1)
AAA Rules describe how to enable AAA for network
access.
access.
We introduced the following commands:
aaa authentication match, aaa authentication include |
exclude, aaa authentication listener http[s], aaa local
authentication attempts max-fail, virtual http, virtual
telnet, aaa authentication secure-http-client, aaa
authorization match, aaa accounting match, aaa
mac-exempt match.
exclude, aaa authentication listener http[s], aaa local
authentication attempts max-fail, virtual http, virtual
telnet, aaa authentication secure-http-client, aaa
authorization match, aaa accounting match, aaa
mac-exempt match.
Authentication using Cut-Through Proxy
9.0(1)
You can authenticate using AAA rules in conjunction with
the Identity Firewall feature.
the Identity Firewall feature.
We modified the following command:
aaa authentication match.