Method used to configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses

You can configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses as follows:
Two methods are available:
1. If the switch interconnected to the firewall has only one interface, configure two IP addresses for the interface, set the primary IP address as the dynamic IP address and the secondary IP address (sub address) as the static IP address.
The key configuration is as follows:
[USG] interface GigabitEthernet0/0/1
[USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0
[USG-GigabitEthernet0/0/1] ip address 192.168.1.1 255.255.255.0 sub
[USG-GigabitEthernet0/0/1] quit
[USG] dhcp server ip-pool 0
[USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0
[USG-dhcp-0] dns-list 192.168.2.3
[USG-dhcp-0] quit
IP addresses in network segment 192.168.2.0 can be dynamically allocated.
IP addresses in network segment 192.168.1.0 are static IP addresses set on the PC.
2. If the switch is interconnected with the firewall over interfaces in different network segments, the addresses can be configured flexibly.
a. Configure the DHCP address pool by configuring the L3 interface.
[USG] interface GigabitEthernet0/0/1
[USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0
[USG-GigabitEthernet0/0/1] quit
[USG]interface GigabitEthernet0/0/2
[USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0
[USG-GigabitEthernet0/0/2] quit
[USG] dhcp server ip-pool 0 Configure an address pool for network segment 192.168.2.0 instead of network segment 192.168.1.0, and configure static IP addresses on the PC.
[USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0
[USG-dhcp-0] dns-list 192.168.2.2
[USG-dhcp-0] quit
b. Configure the DHCP address pool based on interfaces.
[USG] interface GigabitEthernet1/0/1
[USG-GigabitEthernet1/0/1] ip address 192.168.0.1 255.255.255.0 Configure the interface IP address.
[USG-GigabitEthernet1/0/1] dhcp select interface //Configure the interface-based DHCP.
[USG-GigabitEthernet1/0/1] dhcp server ip-range 192.168.0.1 192.168.0.254 //Configure the range of IP addresses that can be allocated.
[USG-GigabitEthernet1/0/1] dhcp server gateway-list 192.168.0.1
[USG-GigabitEthernet1/0/1] dhcp server dns-list 192.168.0.253
[USG-GigabitEthernet1/0/1] quit
[USG] interface GigabitEthernet0/0/2
[USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 Configure the interface IP address and configure static IP addresses in this network segment instead of DHCP.

Scroll to top