Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1626
Views
0
Helpful
1
Replies

Multiple MAC addresses for 1 VLAN interface

HubertMaier
Level 1
Level 1

‎01-20-2015 04:05 AM - edited ‎03-11-2019 10:22 PM

Hello,

we have a Internet connection with static IP addresses, to get the IP, you enter the MAC address of the interface on the website of the provider and you get via DHCP your static IP address.

 

We are using a ASA 5505 as firewall between the internet and our company network.

 

How can I set / emulate multiple MAC addresses on a VLAN interface to have the ability to use all the static IP addresses?

 

Andreas

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎01-20-2015 05:49 AM

Hi,

 

To my understanding your first problem is already the fact that you want to get multiple public IP addresses to the ASA with DHCP. To my understanding its not possible to get more than the interface IP address via DHCP so that would already mean that the above is not possible.

 

Furthermore to my undertanding you can only do as much as change the Vlan interfaces MAC address to something else than the default MAC address but you are not able to configure multiple MAC addresses to the single interface. This is again problem considering your above setup.

 

There was a discussion long time ago here on the forums about a similiar situation. The difference in that situation was if I remember right that the user just wanted to define the IP addresses staticly but wanted to define different MAC addresses for each IP address. In that case we came to the conclusion that with Cisco Router you could use a HSRP configuration (gateway redundancy) configure the public IP address as the HSRP virtual IP address and also define a certain MAC address for that virtual IP address. You could then continue to configure the amount of public IP addresses you needed. In this case there was no other Router to be in the HSRP so the only purpose of the HSRP configuration was to implement multiple different public IP/MAC addresses on a single interface.

 

In that situation it did mean that you had to have the Cisco Router and a Cisco ASA behind it. IF you still wanted to handle the firewalling on the ASA you had to simply allow traffic through the Router (but not to the router itself ofcourse) and then handle the Access Control on the ASA. NAT would naturally be handled on the Router in that case.

 

My first solution in these sort of cases would be to ask the ISP for an actual public IP address block or some other solution that does not force you to implement something that is not really officially recomended and/or supported. Naturally other solution would be to handle this with some device that could do it. I would assume that your ISP could give you the options in this case. That is depending how good their customer service is.

 

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card