ASA 5505 DHCP Reservation list

tstrosnider · ‎11-15-2013

Hi Guys -

I'm wondering how others out there are addressing remote offices/users with asa 5505's at the location and offering DHCP locally from the asa itself instead of across the vpn tunnel.

I am trying to set DHCP Reservations by MAC Address for my "approved" devices such as laptops instead of having to assign static ip's in the office; so the user does not have to remember to switch from dhcp to static, etc.

The only way I know how to acomplish this is to have a dedicated dhcp server outside of the asa running mac reservations; which is what I am trying to advoid having to do and let the ASA provide the addresses.

All asa's are loaded with current software 9.1(3)

Many Thanks

-Trevor

Joshua Koch · ‎11-18-2013

Trevor,

Thank you for using the SRCUG forum and posting your question. The ASA only supports DHCP reservations when connecting a client via VPN and not on the internal network. A work around could be to use your intenral switch if it supports layer 3 and manually bind the IP address to MAC address withing the DHCP Pool configuration:

ip dhcp pool {client name}

 host {static IP address}

 hardware-address {client MAC} ieee802

 client-name {name of client}

However, there is a caveat to this, you will need to create a DHCP Pool for each manual bind, you can only have one manul bind per DHCP pool.

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/config-dhcp-server.html#GUID-68D87544-7C6F-48C9-9DFE-56F5B7E4A89D

Configuring Manual Bindings

An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server.

Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database. Manual bindings are stored in NVRAM on the DHCP server. Manual bindings are just special address pools. There is no limit on the number of manual bindings, but you can configure only one manual binding per host pool.

Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Because the bindings are stored in volatile memory on the DHCP server, binding information is lost in the event of a power failure or upon router reload for any other reason. To prevent the loss of automatic binding information in such an event, store a copy of the automatic binding information on a remote host called a DHCP database agent. The bindings are periodically written to the database agent. If the router reloads, the bindings are read back from the database agent to the DHCP database on the DHCP server.

Joshua Koch
Systems Engineer

Cisco Systems

tstrosnider · ‎11-18-2013

Thanks Josh for your reply.

Unfortunately I am only using the ASA5505 itself and maybe an AP for the switching and not any additional switches.

Trevor Strosnider

Von Housen Automotive Group

Jay Johnston · ‎02-20-2020

This feature is now supported on ASA in version 9.13(1) and later

Example:

Magnus-5506-Desk# sh run dhcpd
dhcpd dns 192.168.1.22
dhcpd domain cisco.com
dhcpd option 4 ip 172.18.124.1
!
dhcpd address 192.168.100.100-192.168.100.200 inside
dhcpd enable inside
dhcpd reserve-address 192.168.100.199 ecb5.fa0f.988b inside
!
Magnus-5506-Desk#

arthurbarrett · ‎02-24-2020

Do you have any reference for "dhcpd reserve-address"?

I can't see it in the release notes for 9.13(1):

https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html

I'm looking at upgrading from ASA5505 to FirePower 1010 (which I believe runs 9.13(1)and this feature would be really nice...

PacoMiralles · ‎03-23-2020

Hi arthurbarrett,

there is a reported bug regarding the lack of documentation about the "dhcpd reserve-address" command.

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvt14298

Best regards