Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3256
Views
0
Helpful
6
Replies

WAN IP assigned by ISP via DHCP (no static)

Go to solution
Michael Bartholomæussen
Level 1
Level 1

‎01-20-2018 05:56 AM - edited ‎03-05-2019 09:48 AM

Hi all,

 

I have a fixed IP address assigned by my ISP, using DHCP on my ASA5510. The IP is public, and therefore does not change.

But, if I change the config on the WAN interface on the ASA to STATIC, same IP, subnet and default gateway connectivity is lost...

 

What ISP/carrier feature controls WAN access combined with DHCP? Is there a MAC ACL on the next-hop device that works together via DHCP?

 

Cheers

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Michael Bartholomæussen

‎01-22-2018 12:19 AM

You wont be able to - unless the ISP is prepared to turn off IP Source Guard.  Perhaps they have an alternative service that will do what you want.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎01-20-2018 06:11 AM

typically with dsl ppp does this, using like ipcp. not sure how your FW is configured. do you just have and ethernet drop from your ISP and DHCP on your outside interface?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-20-2018 12:32 PM

I'll guess they are using a function that only allows packets from an IP address that have been assigned by DHCP only.  So if you don't get an IP address via DHCP it simple does not accept your packets.

 

A common way of doing this is to use "IP Source Guard".

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

0 Helpful

Go to solution
Michael Bartholomæussen
Level 1
Level 1
In response to Philip D'Ath

‎01-22-2018 12:06 AM

Source guard would be the correct answer. I emailed a former employee with the ISP, and he told me that they use source guard. Didn't expect him to reply :)

 

How am I then able to get a static IP on my ASA for active/failover setup. The HA setup does not allow DHCP on interfaces for failover???

 

Michael

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to Michael Bartholomæussen

‎01-22-2018 12:19 AM

You wont be able to - unless the ISP is prepared to turn off IP Source Guard.  Perhaps they have an alternative service that will do what you want.

0 Helpful

Go to solution
Michael Bartholomæussen
Level 1
Level 1
In response to Philip D'Ath

‎01-22-2018 06:13 AM

Or, I could talk my ISP into adding a static entry on the switch :)

 

Thanks alot for helping!

0 Helpful

Go to solution
Muhammad Uzair
Level 1
Level 1

‎01-20-2018 02:38 PM

How you are connected with your ISP ? is it DSL (PPPoE or PPPoA) GPON or IPoE ?

 

If you configured dialer interface you mention "ip address negotiated " in configuration and once LCP negotiation is done IPCP send broadcast to dhcp server to request an IP address and DHCP server assigned a single /32 IP address. in case of Fixed one ISP billing software fix this IP so you will always get the same.

 

In above mentioned case you can remove "ip address negotiated " and provide direct public IP with subnet and dns details, it should work.

 

 

HTH

 

Kindest regards,

Uzzi

 



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
0 Helpful
Top