15-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 15 Managing Firewall AAA Rules
AAA Firewall Settings Policies
Firewall AAA MAC Exempt Setting Dialog Box
Use the Firewall AAA MAC Exempt Setting dialog box to add and edit exemption entries in the MAC
Exempt List table. The security appliance skips authentication and authorization for hosts associated
with permitted MAC addresses.
Navigation Path
Go to the AAA Firewall Page, MAC-Exempt List Tab, page 15-23 and click the Add Row button beneath
the MAC Exempt List table, or select an item in the table and click the Edit Row button.
Field Reference
MAC Exempt List table The MAC exempt rules that you want to implement. The table shows
the MAC addresses and masks (in hexadecimal) and whether you are
permitting them (exempting them from authentication and
authorization) or denying them (making them go through standard
authentication and authorization). The device processes the entries in
order and uses the first match (not the best match).
To add an exemption rule, click the Add Row button and fill in the
Firewall AAA MAC Exempt Setting Dialog Box, page15-24.
To edit an exemption rule, select it and click the Edit Row button.
To delete an exemption rule, select it and click the Delete Row
button.
Table15-6 MAC-Exempt List Tab, AAA Firewall Settings Page (Continued)
Element Description
Table15-7 Firewall AAA MAC Exempt Setting Dialog Box
Element Description
Action The action you want to take for the hosts that use the specified MAC
addresses:
Permit—Exempts the host from authentication and authorization.
Deny—Forces the host to go through authentication and
authorization.
MAC Address The MAC address of the hosts in standard 12-digit hexadecimal format,
such as 00a0.cp5d.0282. You can enter complete MAC addresses or
partial addresses.
For partial addresses, you can enter 0 for digits you are not matching.
MAC Mask The mask to apply to the MAC address. Use f to match a digit exactly,
0 to match any digit at that place:
To specify an exact match of t he address, e nter ffff.ffff.ffff.
To match an address pattern, enter 0 for any digit for which you
want to match any character. For example, ffff.ffff.0000 matches all
addresses that have the same first 8 digits.