cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
147099
Views
97
Helpful
52
Replies

Static DHCP IP to Mac-address reservation in ASA

AGINetworkGroup
Level 1
Level 1

Hi,

I am finding it difficult to suggest my management for replacing the present Netscreen firewall which ASA as it does the static dhcp ip to mac-address mapping.

Is there any facility where ASA does static DHCP IP to Mac-address reservation in ASA.

I have seen some notes on cisco which states the utilisation of option 61 to specify the client identifier as we do in Cisco routers How can I use this in ASA with DHCPD option.

Can anyone help me doing this and send me a sample configuration if this can be done using ASA.

Regards,

Krissh

52 Replies 52

P_Tone ATG
Level 1
Level 1

@Cisco You should be embarrassed about this. How is this still not supported?

We absolutely have not forgotten about this feature. Stay tuned.

Configuring DHCP Reservations for VPN users terminating on ASA 5540 | VPN | Cisco Support Community

We would like to know the solution to this MAC reservation issue? Federal Gov. and compliance network scenarios require this. This is related to this bug also. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsw72963/?referring_site=bugquickviewredir

My company has purchased 2 ASA 5525-x machines to run remote client vpn services.  We should be able set this. We just asked are premier cisco partner  if there will help us when implementing our ISE project, they have declined. Why is ASA so different then IOS/WLC ?

Posted by u Jay Johnston Cisco 4 years ago

This functionality is currently not supported on the ASA. There is no known way to implement this functionality (The static ARP idea doesn't work, I just tried it in the lab).

An enhancement bug has been filed requesting this support:

CSCsw72963 ASA local address pools should support DHCP reservations/assignments

Is there a remote DHCP workaround? What is the workaround to use IOS or a VPN concentrator ? 

So what has happened in the four years since this shortcoming was pointed out?

Staying tuned is all fine and good for those who aren't trying to operate a business.  I just had my business partner shell out for three ASAs thinking they'd be adequate, now I find out I can't reserve IPs.  Any update?

-m

Adding a static ARP entry actually creates an issue as the ASA will not be able to reserve the IP.  When the ASA assigns the supposedly reserved IP address to another device, you will end up with ARP collision. 

Received ARP request collision from 192.168.5.6/aaaa.aaaa.aaaa on interface Inside with existing ARP entry 192.168.5.6/xxxx.xxxx.xxxx

 

 

 

Another YEAR later - perhaps you can update the bugs report at least?  Very disappointed in Cisco, and will never recommend their products again.

Still looking for a solution to this problem.

So when? We have been staying tuned for years now. This is a really needed feature ASAP.

any chance that this is done this day & age ?

itnovocure
Level 1
Level 1

What about this?

https://www.youtube.com/watch?v=GDwERO0e3zU

 

That shows adding a static  ARP entry.  See the post from Jay Johnston below

jasonmadruga84
Level 1
Level 1

Hi all,

Static ARP didn't work on my ASA 5505 with asa924-20-k8.bin (9.2(4)20) even though the command was entered, shows in config, and reboot performed... No success.

This person said he did Static ARP on his 5505 with command alias at the end.

https://cyruslab.net/2014/07/09/adding-static-arp-to-asa5505/

I tried this, cleared ARP, rebooted... No success.

This does look like a bug/flaw on at least the 5505. Online documentations shows it as a feature and ASDM leads you to believe it works as well.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/bridgarp.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/about.html

I guess one way to implement the Static ARP / DHCP Reservation on a device where it does work and configure DHCP Relay (if that works!) on the ASA. The feature is available even on old Linksys Wirless G routers that came out in 2003... this does not make you look good Cisco!

-Jason

Sheraz_35
Level 1
Level 1

Hi Cisco,

 

Any update on this feature? It is really needed.

 

 

Review Cisco Networking for a $25 gift card