Method used to avoid the intranet IP address conflict on USG firewalls

You can avoid the intranet IP address conflict on the USG2000, USG5000, and USG6000 as follows:
1. Configure the IP and MAC address binding. In this way, packets of a user even with the same IP address cannot pass through the interface, and therefore avoiding the IP address conflict.
The key configuration is as follows:
[USG] firewall mac-binding 202.38.169.2 0001-0002-0003
[USG] firewall mac-binding enable
2. The DHCP snooping function can prevent other terminals from obtaining addresses from other servers. If addresses are the same, the address conflict occurs. The DHCP snooping is commonly used for anti-attack instead of avoiding intranet IP address conflict.
The key configuration is as follows:
[DHCP-Relay] interface GigabitEthernet 0/0/1
[DHCP-Relay-GigabitEthernet0/0/1] dhcp snooping enable
[DHCP-Relay-GigabitEthernet0/0/1] quit
[DHCP-Relay-GigabitEthernet0/0/2] dhcp snooping trusted
[DHCP-Relay-GigabitEthernet0/0/2] quit
For specific configurations, click USG Firewalls Limiting IP Address Conflict.

Scroll to top