×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Blocking a MAC from getting IP from ASA DHCP

Unanswered Question
Dec 30th, 2013
User Badges:

WE use ASA as remote VPN and use DHCP pool on this ASA. Is it possible to block a specific MAC from getting IP from this pool?


thanks,

Han

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 12/30/2013 - 09:34
User Badges:
  • Purple, 4500 points or more

If you block it from getting DHCP from a pool then where do you want it to get an IP from? Another pool? Local?

hanwucisco Mon, 12/30/2013 - 10:44
User Badges:

Collin,

We simply dont want it get to the VPN to the network. Any method that we can block this mac would be great, but login here is not an option.


thanks,

Han

Collin Clark Mon, 12/30/2013 - 18:57
User Badges:
  • Purple, 4500 points or more

Hmmmm, I guess what I would do is create a static reservation with an IP that's not valid, like 169.254.254.

abcdrohan Wed, 01/01/2014 - 19:01
User Badges:

How about creating an arp entry for the ip

For e.g. The ip is 1.1.1.1 on the inside with Mac address xxxx and 1.1.1.0/24 is the dhcp pool. You don't want to hand out 1.1.1.1 via dhcp

Then you add an entry

Arp inside 1.1.1.1 xxxx

So that Asa excludes 1.1.1.1 from being handed out via dhcp

Sent from Cisco Technical Support iPad App

Actions

This Discussion