«  
  »

How To: Configure MAC Address on Cisco ASA WAN Interface

Recently, I setup a new Cisco ASA for a customer who is stuck using a cable-modem in their office. Their particular ISP assigns a DHCP address to all clients, and makes that IP sticky to the MAC Address it is initially assigned to. If a different MAC address requests an IP through that modem, it is assigned a different address.

Since this customer’s public mail-exchanger is hosted at this address, if the IP changes, e-mail will stop arriving until we resolve the situation. To prevent this I configured the ASA to present the MAC address from the existing router when it made its initial DHCP request to the cable-company.


Since the ASA 5505 has an integrated switch, you won’t actually be assigning the MAC to the physical interface on the device. On a Cisco switch, IP addresses aren’t assigned to physical interfaces, but to a virtual interface for each VLAN. The “outside” interface is in a different VLAN than the “inside” interface(s). By default, the this is Vlan2 on an ASA 5505, but if its not in default configuration, you can figure out which it is pretty quickly with a “show run interface”.

labASA# show run interface
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7

In this case, the interface for Vlan 2 is denoted as the “outside” interface–so you’ll want to make your changes to the Vlan2 interface.

Next, you’ll want to assign the MAC address you want to use to the Vlan2 interface, and then instruct the DHCP client to use a MAC address as the unique identifier–this step is critical: By default, the ASA presents a different (Cisco-unique) value to the DHCP server instead of the universal de facto standard of registering the MAC address.

labASA# conf t
labASA(config)# interface Vlan2
labASA(config-if)#mac-address 0004.5ae0.8fd8
labASA(config-if)# exit
labASA(config)#dhcp-client client-id interface outside
labASA(config)# ^Z
labASA#

Now when your ASA requests a DHCP address it will present the MAC address you specified to the DHCP server as its unique ID.

July 9th, 2009 | Tags: , , | Category: How To, Networking

You must be logged in to post a comment.