cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
137447
Views
97
Helpful
52
Replies

Static DHCP IP to Mac-address reservation in ASA

AGINetworkGroup
Level 1
Level 1

Hi,

I am finding it difficult to suggest my management for replacing the present Netscreen firewall which ASA as it does the static dhcp ip to mac-address mapping.

Is there any facility where ASA does static DHCP IP to Mac-address reservation in ASA.

I have seen some notes on cisco which states the utilisation of option 61 to specify the client identifier as we do in Cisco routers How can I use this in ASA with DHCPD option.

Can anyone help me doing this and send me a sample configuration if this can be done using ASA.

Regards,

Krissh

52 Replies 52

That's unfortunate.  Will it be something that might be added in the future?

We currently use RSA for AAA and I don't think RSA has that capability.

 

Thanks for the response.

any chance the Client ID will be also supported in dhcpd reserve-address command?

Ubuntu 18.04 netplan by default sends Client ID:

------

sh dhcpd binding

IP address Client Identifier Lease expiration Type

10.23.23.101 ff1f.cbe6.4e00.0200. 2634 seconds Automatic
             00ab.119f.47a7.4105.
             40eb.09

 

but seems like dhcpd reserve-address only accepts the MAC addresses as a parameter and any arbitrary client id is not supported, so there is no way to actually reserve an IP, or I'm doing something wrong.

 

Even if I add to Ubuntu netplan dhcp-identifier: mac, it still modifies the actual MAC by adding 2 numbers:

 

ip addr

eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 20:c9:d0:29:e3:ce brd ff:ff:ff:ff:ff:ff
inet 10.23.23.102/24 brd 10.23.23.255 scope global dynamic eth1

 

netplan ip leases eth1

# This is private data. Do not parse.
ADDRESS=10.23.23.102
NETMASK=255.255.255.0
ROUTER=10.23.23.1
SERVER_ADDRESS=10.23.23.1
T1=1800
T2=3150
LIFETIME=3600
DNS=8.8.8.8 8.8.4.4
DOMAINNAME=local.domain
HOSTNAME=ubnt03
CLIENTID=0120c9d029e3ce

 

I mean just to be clear if I use the actual MAC address of the Ubuntu network card in the ASA dhcpd reserve-address command, the DHCP client on Ubuntu sends some different Client ID and ASA doesn't reply with reserved address, but assigns a new available address from the pool.

Jay, hi!

Can it be done via ADSM? I've been looking through it but cannot find the reserve area of the pool.

Thanks!

 

Hello Jay,

as you have mention here example for Ip address reservation host mac address . is this feature available in cisco firepower 1010 .

Arjun Surwade

 

 

 

It's been 10 years, what are they doing that it is taking it so long?  

++Tried it on my ASA at home and it worked for me - Using ASA 5505 with IOS 9.2.4

ASA# sh arp

inside 10.151.48.127 a056.f37e.c188 3

inside 10.151.48.126 50bc.96ba.f32c 4

inside 10.151.48.107 1420.5ea5.f77f 27

inside 10.151.48.108 704c.a570.7cb0 33

 

++Select the line in blue above - From cli:

ASA(config)#arp inside 10.151.48.108 704c.a570.7cb0

 

Now, every time i reboot the device with Mac:704c.a570.7cb0 , it will always get the same IP: 10.151.48.108.

 

 

 

You should probably provide more info about your config. I think the issue is users that have ipam installed and use it to control names and addresses. They need a solution that will management dynamic the ip reservations within that database and network. 

 

Setting hundreds of arps on the unit is not going to be a great scale able solution. Please correct me if I am wrong.

I think the original problem and it's been awhile, is the headend needs to not replace the mac address with it's own. Other dhcp products won't do that. Again correct me if I am wrong.

 

 

 

 

armert

 

 

The problem is not DHCP reservation. The problems is binding a static IP to a mac address. The CLI command is available but the ASA ignores the static ARP configuration, and keeps assigning a different IP from the DHCP pool.

static arp may be a "hack" to obtian the same IP, but its NOT the same as a DHCP reservation. 
For one, you cant provide different DHCP-options, which is one usecase for using DHCP reservation.

Agree - So there still no solution yet ?

Doesn't appear that there is, the solution the community is hoping for seemingly is different then what Cisco's product path plan is. Apparently. No other way to read this. IMO.


https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsw72963/

does show an update:

Last Modified: Sep 7,2016
Status: Fixed
Severity: 6 Enhancement
will the feature become available in some future releases? - in which versions?
- Marcus

The detail and config on using a IPAM type name server using static reservations (and options) is still not crystal clear.  My .org has over 400 mac reservations configured on the DNS ip server.  Are we missing something?

That workaround works in 9.16(3).  Thank you.

Lannar Dean
Level 1
Level 1

Cisco are you fking kidding me with this?  Unable to create DHCP reservations?  Come on......

Review Cisco Networking for a $25 gift card