Cisco ASA Series Cli Configuration Manual page 1053

Chapter 1 Configuring AAA Rules for Network Access
The following example bypasses authentication for a a group of MAC addresses except for
00a0.c95d.02b2. Enter the deny statement before the permit statement, because 00a0.c95d.02b2
matches the permit statement as well, and if it is first, the deny statement will never be matched.
hostname(config)# mac-list 1 deny 00a0.c95d.0282 ffff.ffff.ffff
hostname(config)# mac-list 1 permit 00a0.c95d.0000 ffff.ffff.0000
hostname(config)# aaa mac-exempt match 1
Feature History for AAA Rules
Table 1-1
Table 1-1 Feature History for AAA Rules
Feature Name
AAA Rules
Authentication using Cut-Through Proxy
lists each feature change and the platform release in which it was implemented.
Platform
Releases
7.0(1)
9.0(1)
Feature Information
AAA Rules describe how to enable AAA for network
access.
We introduced the following commands:
aaa authentication match, aaa authentication include |
exclude, aaa authentication listener http[s], aaa local
authentication attempts max-fail, virtual http, virtual
telnet, aaa authentication secure-http-client, aaa
authorization match, aaa accounting match, aaa
mac-exempt match.
You can authenticate using AAA rules in conjunction with
the Identity Firewall feature.
We modified the following command:
aaa authentication match.
Cisco ASA Series CLI Configuration Guide
Feature History for AAA Rules
1-25