CCIE or Null!

So the Cisco ASA 5505 is the smallest ASA firewall in the ASA family, only designed for SOHO and real small branch office. It’s even cheaper than most of the current 800 series routers, can provide IPSec VPN access, AnyConnect access, and basic routing sounds like a great deal right? Well, it is however after a while you will notice some functionality is missing from this nice ASA that we take for granted in our normal everyday ISR Routers.

One of those of features is the ability to setup a DHCP reservation, the 5505 can run a DHCP server with various scope options but the ability to setup reservations has been left out. We can only speculate as to why such a simple feature would be excluded. However setting up a static ARP entry provides a quick work around for this feature. Somehow when the static ARP entry is configured, the ASA apparently knows not to hand out the address to a different host. I tested this out with a scope handing out a single IP address and a scope handing out multiple addresses with the same result. The end device configured with the static entry got the IP address in the static ARP entry configuration. When the scope was configured with a single address and a static ARP entry, I connected a different PC and the ASA would not hand out that single IP address to a different host.

However, one small caveat this feature is not supported by Cisco TAC so if you put in a ticket about DHCP reservations and static ARP entries you won’t get too far. I tested this on a few different 8.4 versions with success but since it isn’t a supported feature I wouldn’t really rely on this for anything mission critical but it something to keep in mind if you are in a pinch.