192.168.1.69. We want to add that to the pool and make sure it is given the same IP address each time. So connect to the Cisco ASA/PIX. There’s no user name only a password, so enter the user level password:
host# telnet 192.168.1.254 User Access Verification Password: *** Type help or ‘?’ for a list of available commands. cisco>Once logged in we need to switch to the administration mode.
cisco> enable Password: ***The user told us the printer was currently switched on so we can read the router’s Address Resolution Protocol table which lists the mappings between IP addresses and Media Access Control address (MAC address or address network card address). We’ll need the MAC address as it is the reference the router talks to whereas the IP address is only an abstraction.
cisco# show arp inside 192.168.1.69 0c1b.ae43.bd21Now we can check that the
192.168.1.69address is in the pool of DHCP addresses
cisco# show running-config dhcpd dhcpd address 192.168.1.20-192.168.1.70 inside dhcpd dns 22.214.171.124 126.96.36.199 interface inside dhcpd domain 360inspire.com interface inside dhcpd enable inside !which it is and we can check that the MAC address is not currently assigned to anything else.
cisco# show running-config arp cisco#Our sanity checks are ok so we are ready to proceed with the update. We must enter the configuration section by specifying that we will change the configuration from the terminal.
cisco# configure terminal cisco(config)#Once in the configuration section we can start changing the settings. The following line says that when we see the MAC address 0c1b.ae43.bd21 we are going to statically refer to it with the IP address of
192.168.1.69. The Cisco ASA/PIX knows that this is already in the DHCP pool and won’t allocate it again.
cisco(config)# arp inside 192.168.1.69 0c1b.ae43.bd21We can check the change has been added with the following command:
cisco(config)# show running-config arp arp inside 192.168.1.69 0c1b.ae43.bd21 cisco(config)#If you have miss-typed or you would like to remove an old entry you can do so by prefixing the existing command with
no. For example:
no arp inside 192.168.1.69 0c1b.ae43.bd21The changes are currently only made in memory, so we need to write the current running configuration down to disk.
cisco(config)# write mem Building configuration… Cryptochecksum: 389f1812 7c29dd7b 50ad4ca0 4ce3fd5e 4396 bytes copied in 1.480 secs (4396 bytes/sec) [OK] cisco(config)#And finally the job is done so we exit cleanly
cisco(config)# cisco(config)# exit cisco# exit Logoff Connection closed by foreign host.Rebooting the printer will result in the printer coming back with the same IP address. Many thanks to goldplated for his original article.
Comment from: Hellbent [Visitor]
Comment from: Dan [Visitor]
Did your Host B get then another IP or does the ASA fall in a Loop?
That´s also does not work for me :
#sh running-config arp arp lan_corp 10.11.254.180 4c80.933c.faff
sh dhcpd binding all | include ff
10.11.254.151 014c.8093.3cfa.ff 3420 seconds Automatic
I have set the below arp related configs : arp lan_corp 10.11.254.180 4c80.933c.faff arp timeout 14400 no arp permit-nonconnected
Have also tried with the permit-nonconnected enabled but nothing.
The version of the ASA software is 9.1(3)
Comment from: Ryan [Visitor]
Comment from: mick [Visitor]
Ive been looking for this solution myself. I also tested this and it doesnt seem to work.
test config: arp inside 10.6.0.75 001b.38be.c7fa dhcpd address 10.6.0.70-10.6.0.80 inside
connect the laptop and look at dhcp binding and arp: show dhcpd binding IP address Client Identifier
inside 10.6.0.70 001b.38be.c7fa 517 inside 10.6.0.75 001b.38be.c7fa -
the firewall shows the reserved arp but still issues the laptop the first ip from the dhcp pool.
Comment from: Peter Dornauer [Visitor]
Comment from: Marr [Visitor]
This will work,but you have to set you dhcp scope high and give static IP addresses to your devices from below the dhcp scope. For example:
dhcpd address 192.168.1.50-192.168.1.100 inside
Give your routers, switches, and host static IP addresses in the range of: 192.168.1.1 - 192.168.1.49
arp inside 192.168.1.10 0c1b.ae43.bd21 arp inside 192.168.1.11 0c1b.ae43.bd22 arp inside 192.168.1.12 0c1b.ae43.bd23 etc……
Comment from: EINAR HONEGGER THOME [Visitor]
This tutorial is useless because entering a mac adderess associated to an IP at the ARP table wont make DHCP assign that IP to that specific MAC address.
MARR, IF I use static IPs on those Devices, DHCP will have no influence on those IPs settings! ASA still lacks this functionality!
Comment from: Rudolf [Visitor]
Unfortunately, indeed this tutorial provides a solution that doesn’t solve what it claims to do.
It is really a shame that the ASA can’t give a fixed IP to a MAC address, something most routers in the price range of 30 dollar can already do…
Comment from: [Member]
Comment from: Networker [Visitor]
Comment from: Bryan [Visitor]
Comment from: Michael [Visitor]
There is an alias option to the arp command that prevents the entry from expiring, would that solve the issue, I have not bothered to test it, but I read from the remarks that an issue would be that the reservation will expire, add alias at the end and it will not?
Comment from: Michael [Visitor]
Naa, 4get that, that also does not work.
Form is loading...