cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2760
Views
0
Helpful
6
Replies

WAN IP assigned by ISP via DHCP (no static)

Hi all,

 

I have a fixed IP address assigned by my ISP, using DHCP on my ASA5510. The IP is public, and therefore does not change.

But, if I change the config on the WAN interface on the ASA to STATIC, same IP, subnet and default gateway connectivity is lost...

 

What ISP/carrier feature controls WAN access combined with DHCP? Is there a MAC ACL on the next-hop device that works together via DHCP?

 

Cheers

1 Accepted Solution

Accepted Solutions

You wont be able to - unless the ISP is prepared to turn off IP Source Guard.  Perhaps they have an alternative service that will do what you want.

View solution in original post

6 Replies 6

Dennis Mink
VIP Alumni
VIP Alumni

typically with dsl ppp does this, using like ipcp. not sure how your FW is configured. do you just have and ethernet drop from your ISP and DHCP on your outside interface?

Please remember to rate useful posts, by clicking on the stars below.

Philip D'Ath
VIP Alumni
VIP Alumni

I'll guess they are using a function that only allows packets from an IP address that have been assigned by DHCP only.  So if you don't get an IP address via DHCP it simple does not accept your packets.

 

A common way of doing this is to use "IP Source Guard".

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

Source guard would be the correct answer. I emailed a former employee with the ISP, and he told me that they use source guard. Didn't expect him to reply :)

 

How am I then able to get a static IP on my ASA for active/failover setup. The HA setup does not allow DHCP on interfaces for failover???

 

Michael

You wont be able to - unless the ISP is prepared to turn off IP Source Guard.  Perhaps they have an alternative service that will do what you want.

Or, I could talk my ISP into adding a static entry on the switch :)

 

Thanks alot for helping!

Muhammad Uzair
Level 1
Level 1

How you are connected with your ISP ? is it DSL (PPPoE or PPPoA) GPON or IPoE ?

 

If you configured dialer interface you mention "ip address negotiated " in configuration and once LCP negotiation is done IPCP send broadcast to dhcp server to request an IP address and DHCP server assigned a single /32 IP address. in case of Fixed one ISP billing software fix this IP so you will always get the same.

 

In above mentioned case you can remove "ip address negotiated " and provide direct public IP with subnet and dns details, it should work.

 

 

HTH

 

Kindest regards,

Uzzi

 



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: