cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2180
Views
0
Helpful
7
Replies

Quick question about assigning Gateways to Ethernet Interfaces

joseph
Level 1
Level 1

I am at a remote location and need to change the Gateway for our wireles

s Vlan.  I did not see where I can do this so I am hoping someone can tell me.

I have a Cisco ASA 5510

I have a Wireless Vlan on ethernet interface 0/0.2

It has an IP of 192.168.103.1 255.255.255.0

Our wireless hands out DHCP between 192.168.103.100 and 192.168.103.150

The current Gateway is 192.168.103.1

I need to change it to 192.168.103.8

How do I do it?

Thanks

--Joe

1 Accepted Solution

Accepted Solutions

joseph@sec.state.vt.us

Jon,

Thanks for the quick response.  I changed the interface address to 192.168.103.8 and it sure gave me the desired gateway of 192.168.103.8 but then I had IP conflicts because the node I am trying to reach also has that IP address.

So to refine my question...

How do I change the gateway for the Wireless network WITHOUT changing the gateway for all the other Vlans?

I saw the dhcpd option 3 ip you sent me but I was afraid that if I did something like that I might change the gateway for all the vlans.

Don't give up on me just yet

Thanks

--Joe

Joe

Don't give up on me just yet  

No worries, we'll keep on going till we get an answer

Unfortunately some more bad news. As you rightly say the dhcpd options are global on the ASA so if you have multiple DHCP pools on the ASA you cannot use it for just one pool.

So your options are -

1) configure the wireless IP settings manually on each client - suspect you really don't want to do that

2) use something else for DHCP - do you have a windows server in your network ?

I suspect by now you are not a big fan of ASA firewalls. The problem is that you are trying to do things on them that weren't really designed for. They are primarily designed to be firewalls, whereas the sort of things you want to do are far more suited to a router.

Jon

View solution in original post

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

joseph@sec.state.vt.us

I am at a remote location and need to change the Gateway for our wireles

s Vlan.  I did not see where I can do this so I am hoping someone can tell me.

I have a Cisco ASA 5510

I have a Wireless Vlan on ethernet interface 0/0.2

It has an IP of 192.168.103.1 255.255.255.0

Our wireless hands out DHCP between 192.168.103.100 and 192.168.103.150

The current Gateway is 192.168.103.1

I need to change it to 192.168.103.8

How do I do it?

Thanks

--Joe

Joe

Is it the wireless AP itself which is handing out IPs ?

If so what make/model is the AP and do you manage it via the CLI or via the web interface ?

Or is the ASA handing out the IP addresses ?

Jon

Jon,

The WAP does not hand out the IP Addresses, The ASA does.  The 5510 issues DHCP addresses to wireless nodes that connect to the WAP.

The ASA issues IPs between 192.168.103.100 and 192.168.103.150 with a Gateway of 192.168.103.1 that also happens to be the Interface ethernet 0/0.2 IP address.  My first thought was that the Gateway is the same as the Interface's IP address but I am not sure and I don't want to make a mistake chaning the ASA configuration.

Hope that answers the question.

Thanks

--Joe

joseph@sec.state.vt.us

Jon,

The WAP does not hand out the IP Addresses, The ASA does.  The 5510 issues DHCP addresses to wireless nodes that connect to the WAP.

The ASA issues IPs between 192.168.103.100 and 192.168.103.150 with a Gateway of 192.168.103.1 that also happens to be the Interface ethernet 0/0.2 IP address.  My first thought was that the Gateway is the same as the Interface's IP address but I am not sure and I don't want to make a mistake chaning the ASA configuration.

Hope that answers the question.

Thanks

--Joe

Joe

The ASA does indeed use the interface address as the default-gateway. So if you changed the interface address to 192.168.103.8 then iit would work but i'm assuming 192.168.103.8 is another device ?

There is a DHCP option you can configure on the ASA firewall -

ASA(config)# dhcpd option 3 ip

According to the docs this only works if the ASA is in transparent mode but i have read some posts on these forums that suggest it will work in normal routed mode as well. Worth a try.

Jon

Jon,

Thanks for the quick response.  I changed the interface address to 192.168.103.8 and it sure gave me the desired gateway of 192.168.103.8 but then I had IP conflicts because the node I am trying to reach also has that IP address.

So to refine my question...

How do I change the gateway for the Wireless network WITHOUT changing the gateway for all the other Vlans?

I saw the dhcpd option 3 ip you sent me but I was afraid that if I did something like that I might change the gateway for all the vlans.

Don't give up on me just yet :)

Thanks

--Joe

joseph@sec.state.vt.us

Jon,

Thanks for the quick response.  I changed the interface address to 192.168.103.8 and it sure gave me the desired gateway of 192.168.103.8 but then I had IP conflicts because the node I am trying to reach also has that IP address.

So to refine my question...

How do I change the gateway for the Wireless network WITHOUT changing the gateway for all the other Vlans?

I saw the dhcpd option 3 ip you sent me but I was afraid that if I did something like that I might change the gateway for all the vlans.

Don't give up on me just yet

Thanks

--Joe

Joe

Don't give up on me just yet  

No worries, we'll keep on going till we get an answer

Unfortunately some more bad news. As you rightly say the dhcpd options are global on the ASA so if you have multiple DHCP pools on the ASA you cannot use it for just one pool.

So your options are -

1) configure the wireless IP settings manually on each client - suspect you really don't want to do that

2) use something else for DHCP - do you have a windows server in your network ?

I suspect by now you are not a big fan of ASA firewalls. The problem is that you are trying to do things on them that weren't really designed for. They are primarily designed to be firewalls, whereas the sort of things you want to do are far more suited to a router.

Jon

Jon,

Actually I like ASAs, normally this is not my responsibility so I am struggling however I am learning alot abot the ASA capabilities and limitations.

I had thought the same as you suggest.  192.168.103.8 is a linux box and I am going to set up a DHCP server on that box.

I guess I'll then need to somehow remove the DHCP function for the wireless netowrk on the ASA.  I am going to look up how to do that since I have no Idea.  I imagine it will be something like

no dhcp 192.168.103.100 192.168.103.150 wireless

Thanks for the support

--Joe

Jon,

I have set up a DHCP server on my Linux box and have the service running.  How do I disable DHCP on the ASA.

I see the command dhcpd enable wireless

I assume that enables the wireless dhcp but I do not see a dhcpd disable wireless command

Thanks

--Joe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco