1-23
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring AAA Rules for Network Access
  Using MAC Addresses to Exempt Traffic from Authentication and Authorization
hostname(config-aaa-server-host)# exit
hostname(config)# access-list TELNET_AUTH extended permit tcp any any
 eq telnet
hostname(config)# access-list SERVER_AUTH extended permit tcp any host 209.165.201.5 eq 
telnet
hostname(config)# aaa authentication match TELNET_AUTH inside AuthOutbound
hostname(config)# aaa authorization match SERVER_AUTH inside AuthOutbound
hostname(config)# aaa accounting match SERVER_AUTH inside AuthOutbound
Using MAC Addresses to Exempt Traffic from 
Authentication and Authorization
The ASA can exempt from authentication and authorization any traffic from specific MAC addresses. 
For example, if the ASA authenticates TCP traffic originating on a particular network, but you want to 
allow unauthenticated TCP connections from a specific server, you would use a MAC exempt rule to 
exempt from authentication and authorization any traffic from the server specified by the rule.
This feature is particularly useful to exempt devices such as IP phones that cannot respond to 
authentication prompts.