09-20-2010 05:06 AM - edited 02-21-2020 04:51 PM
Hi,
I have been configuring anyconnect VPN. The requirement from customer is to configure MAC address based authentication for anyconnect clients. I have gone through various cisco documents. I couldnot find this option explained. Is MAC address based authentication possible in anyconnect vpn without having AAA server in place?
There is an option to select end point attribute as MAC address, while creating Dynamic access policies. But at the host scan configuration of Cisco secure desktop, there are no options for performing MAC retrieval.
My ASA is running on version 8.2(1) and ASDM version 6.3(1) and a memory of 512 MB RAM.
Please suggest a way for MAC based authentication in cisco anyconnect VPN.
Thanks and Regards,
Madhan kumar G
10-05-2010 02:44 PM
Host scan will include the mac address by default, so you do not need to configure this explicitly.
If you have tried to create a DAP policy matching on a MAC address, and it doesn't work, let us know.
04-23-2012 05:41 PM
Can the DAP and policy be made to check AAA for mac addresss?
04-26-2012 02:42 AM
Not 100% sure as I can't try it out right now but I think it might work using an "advanced" DAP condition like
EVAL(endpoint.device.MAC[aaa.ldap.macaddress],"EQ","true","caseless")
(if you have an LDAP server that sends the MAC address as an attribute named "macaddress").
hth
Herbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide