cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1372
Views
0
Helpful
6
Replies
Beginner

WAN IP assigned by ISP via DHCP (no static)

Hi all,

 

I have a fixed IP address assigned by my ISP, using DHCP on my ASA5510. The IP is public, and therefore does not change.

But, if I change the config on the WAN interface on the ASA to STATIC, same IP, subnet and default gateway connectivity is lost...

 

What ISP/carrier feature controls WAN access combined with DHCP? Is there a MAC ACL on the next-hop device that works together via DHCP?

 

Cheers

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: WAN IP assigned by ISP via DHCP (no static)

You wont be able to - unless the ISP is prepared to turn off IP Source Guard.  Perhaps they have an alternative service that will do what you want.

View solution in original post

6 REPLIES 6
VIP Advisor

Re: WAN IP assigned by ISP via DHCP (no static)

typically with dsl ppp does this, using like ipcp. not sure how your FW is configured. do you just have and ethernet drop from your ISP and DHCP on your outside interface?

Please remember to rate useful posts, by clicking on the stars below.

VIP Advisor

Re: WAN IP assigned by ISP via DHCP (no static)

I'll guess they are using a function that only allows packets from an IP address that have been assigned by DHCP only.  So if you don't get an IP address via DHCP it simple does not accept your packets.

 

A common way of doing this is to use "IP Source Guard".

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

Beginner

Re: WAN IP assigned by ISP via DHCP (no static)

Source guard would be the correct answer. I emailed a former employee with the ISP, and he told me that they use source guard. Didn't expect him to reply :)

 

How am I then able to get a static IP on my ASA for active/failover setup. The HA setup does not allow DHCP on interfaces for failover???

 

Michael

VIP Advisor

Re: WAN IP assigned by ISP via DHCP (no static)

You wont be able to - unless the ISP is prepared to turn off IP Source Guard.  Perhaps they have an alternative service that will do what you want.

View solution in original post

Highlighted
Beginner

Re: WAN IP assigned by ISP via DHCP (no static)

Or, I could talk my ISP into adding a static entry on the switch :)

 

Thanks alot for helping!

Beginner

Re: WAN IP assigned by ISP via DHCP (no static)

How you are connected with your ISP ? is it DSL (PPPoE or PPPoA) GPON or IPoE ?

 

If you configured dialer interface you mention "ip address negotiated " in configuration and once LCP negotiation is done IPCP send broadcast to dhcp server to request an IP address and DHCP server assigned a single /32 IP address. in case of Fixed one ISP billing software fix this IP so you will always get the same.

 

In above mentioned case you can remove "ip address negotiated " and provide direct public IP with subnet and dns details, it should work.

 

 

HTH

 

Kindest regards,

Uzzi

 



Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards