38-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter38 Configuring AAA Rules for Network Access
Feature History for AAA Rules
Examples
The following example bypasses authentication for a single MAC address:
hostname(config)# mac-list abc permit 00a0.c95d.0282 ffff.ffff.ffff
hostname(config)# aaa mac-exempt match abc
The following example bypasses authentication for all Cisco IP Phones, which have the hardware ID
0003.E3:
hostname(config)# mac-list acd permit 0003.E300.0000 FFFF.FF00.0000
hostname(config)# aaa mac-exempt match acd
The following example bypasses authentication for a a group of MAC addresses except for
00a0.c95d.02b2. Enter the deny statement before the permit statement, because 00a0.c95d.02b2
matches the permit statement as well, and if it is first, the deny statement will never be matched.
hostname(config)# mac-list 1 deny 00a0.c95d.0282 ffff.ffff.ffff
hostname(config)# mac-list 1 permit 00a0.c95d.0000 ffff.ffff.0000
hostname(config)# aaa mac-exempt match 1
Feature History for AAA Rules
Table38-1 lists each feature change and the platform release in which it was implemented.
Table38-1 Feature History for AAA Rules
Feature Name
Platform
Releases Feature Information
AAA Rules 7.0(1) AAA Rules describe how to enable AAA for network
access.
We introduced the following commands:
aaa authentication match, aaa authentication include |
exclude, aaa authentication listener http[s], aaa local
authentication attempts max-fail, virtual http, virtual
telnet, aaa authentication secure-http-client, aaa
authorization match, aaa accounting match, aaa
mac-exempt match.