The "outside" vlan seems to be misconfigured, and I've tried so many permeations, that I am sure I am overlooking something major, and obvious. When I am able to ping 8.8.8.8, from the ASA, I'll be happy!
Basic Config
As others have mentioned, your configuration is "suboptimal"... the biggest problem you have is that you're not using DHCP on the outside Vlan interface the biggest problem is that your default gw address is assigned to Vlan2... to recover, login to the console and...
copy runn flash:foobar.cfgconfig tconfigure factory-default 10.1.10.100 255.255.255.0
While you're in config mode, use this configuration...
hostname DTS-ASA
password ChangeMeNow
enable password ChangeMeNow
!
interface Ethernet0/0
switchport access vlan 2
!
interface Vlan2
! I don't think you need this, since it's an SMC MAC addr
! However, this illustrates how you can manually change the mac
! on your outside Vlan, if Comcast is restricting you
! to one mac (and now refuses to change it)
! mac-address 78cd.8ed9.fb37
nameif outside
security-level 0
ip address 74.xx.xx.225 255.255.255.248
!
route outside 0.0.0.0 0.0.0.0 74.xx.xx.230
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
end
wr mem
Please change the password :-)... now you need fw rules, but that's a different issue
WAN Validation
Make sure you really do have the Comcast modem attached to Eth0/0... After you're up and running, you should be able to check the address you got from Comcast like this...
DTS-ASA# sh int vlan2
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 0030.dead.beef, MTU 1500
IP address 74.xx.xx.225, subnet mask 255.255.255.248 <------------
Traffic Statistics for "outside":
108703406 packets input, 119199091796 bytes
69134254 packets output, 8083775282 bytes
1654709 packets dropped
1 minute input rate 2 pkts/sec, 280 bytes/sec
1 minute output rate 3 pkts/sec, 414 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 3 pkts/sec, 716 bytes/sec
5 minute output rate 4 pkts/sec, 520 bytes/sec
5 minute drop rate, 0 pkts/sec
DTS-ASA#
Then check your ping to google's DNS...
DTS-ASA# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/18/20 ms
DTS-ASA#
If not, be sure you can ping your default-gw...
DTS-ASA# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 74.xx.xx.230 to network 0.0.0.0
C 74.xx.xx.230 255.255.255.248 is directly connected, outside
C 10.1.10.0 255.255.255.0 is directly connected, inside
d* 0.0.0.0 0.0.0.0 [1/0] via 74.xx.xx.230, outside <------
DTS-ASA#
DTS-ASA# ping 74.xx.xx.230
I am assuming you want the devices to be in the same network.
If so, you already have all that set up. Just set the static IP addresses on the servers/printers/..., and connect them to the same VLAN as your dynamic devices. Since your DHCP range is .100-.254, using addresses below .100 as on statically set up devices, won't cause any problems (collisions).
If you wish, you can connect them to the same switch as DHCP devices, or just set the port3 to vlan1 and connect them there.
Best Answer
The ASA does not have a means of excluding addresses (or adding reservations.) The only option is to use addresses outside the DHCP scope (i.e. adjust the range to not include your statics.)
This suggests a static arp entry may steer dhcp assignments, but a) it's not a documented/supported feature, and b) others report it not working.