||To set the IP address, use one of the following options.
For use with failover, you must set the IP address and standby
address manually; DHCP and PPPoE are not supported. Set the standby IP
addresses on the
Configuration > Device Management > High Availability >
Failover > Interfaces tab. If you do not set the standby IP address, the
active unit cannot monitor the standby interface using network tests; it can
only track the link state.
To set the IP address manually, click the
Use Static IP radio button and enter the IP address and
For point-to-point connections, you can specify a 31-bit subnet
mask (255.255.255.254). In this case, no IP addresses are reserved for the
network or broadcast addresses. You cannot set the standby IP address in this
To obtain an IP address from a DHCP server, click the
Obtain Address via DHCP radio button.
force a MAC address to be stored inside a DHCP request packet for option 61,
Use MAC Address radio
ISPs expect option 61 to be the interface MAC address. If the MAC address is
not included in the DHCP request packet, then an IP address will not be
To use a generated string for option 61, click
(Optional) To obtain the default route from the DHCP server,
Obtain Default Route Using
(Optional) To assign an administrative distance to the learned
route, enter a value between 1 and 255 in the
DHCP Learned Route
Metric field. If this field is left blank, the administrative distance for
the learned routes is 1.
(Optional) To enable tracking for DHCP-learned routes, check
Enable Tracking for DHCP
Learned Routes. Set the following values:
Track ID—A unique identifier for the route tracking process.
Valid values are from 1 to 500.
Track IP Address—Enter the IP address of the target being
tracked. Typically, this would be the IP address of the next hop gateway for
the route, but it could be any network object available off of that interface.
Route tracking is only available in single, routed mode.
SLA ID—A unique identifier for the SLA monitoring process.
Valid values are from 1 to 2147483647.
Monitor Options—Click this button to open the
Options dialog box. In the
Route Monitoring Options
dialog box you can configure the parameters of the
tracked object monitoring process.
(Optional) To set the broadcast flag to 1 in the DHCP packet
header when the DHCP client sends a discover requesting an IP address, check
Enable DHCP Broadcast flag
for DHCP request and discover messages.
The DHCP server listens to this broadcast flag and broadcasts
the reply packet if the flag is set to 1.
(Optional) To renew the lease, click
Renew DHCP Lease.
(Single mode only) To obtain an IP address using PPPoE, check
Group Name field,
specify a group name.
PPPoE Username field,
specify the username provided by your ISP.
PPPoE Password field,
specify the password provided by your ISP.
Confirm Password field,
retype the password.
PPP authentication, click either the
MSCHAP radio button.
PAP passes cleartext username and password during authentication
and is not secure. With CHAP, the client returns the encrypted [challenge plus
password], with a cleartext username in response to the server challenge. CHAP
is more secure than PAP, but it does not encrypt data. MSCHAP is similar to
CHAP but is more secure because the server stores and compares only encrypted
passwords rather than cleartext passwords as in CHAP. MSCHAP also generates a
key for data encryption by MPPE.
(Optional) To store the username and password in flash memory,
Store Username and Password
in Local Flash check box.
The ASA stores the username and password in a special location
of NVRAM. If an Auto Update Server sends a
clear configure command
to the ASA, and the connection is then interrupted, the ASA can read the
username and password from NVRAM and re-authenticate to the Access
(Optional) To display the
PPPoE IP Address and Route
Settings dialog box where you can choose addressing and tracking options,
IP Address and Route
||(Optional) In the
Description field, enter a description for this
The description can be up to 240 characters on a single line,
without carriage returns. In the case of a failover or state link, the
description is fixed as “LAN Failover Interface,” “STATE Failover Interface,”
or “LAN/STATE Failover Interface,” for example. You cannot edit this
description. The fixed description overwrites any description you enter here if
you make this interface a failover or state link.