Method used to configure DHCP to bind an IP address and an MAC address on USG firewalls

29

On the USG2000, USG5000, and USG6000, you can configure DHCP to bind the IP address and the MAC address as follows:
Configuration on the CLI:
Configure address pool 3, and bind the IP address and the MAC address in this address pool.
[USG] dhcp server ip-pool 3
[USG-dhcp-3] static-bind ip-address 10.1.1.5 mask 255.255.255.128
[USG-dhcp-3] static-bind mac-address 0021-97cf-2238
[USG-dhcp-3] quit
Configuration on the web UI:
Choose Network > DHCP Server > Service.
Click New.
In Advanced, configure a static binding in Static Address Binding.

Other related questions:
Method used to view the IP address and MAC address obtained by a DHCP user on USG firewalls
On the USG2000, USG5000, and USG6000, you can view the IP address and MAC address obtained by a DHCP user as follows: Checking on the web UI: Choose Network > DHCP Server > Monitoring. In Address Leases, view the IP address and MAC address allocated by the DHCP server to the DHCP client. As shown in the figure, the IP address allocated by the DHCP server to the DHCP client is 192.168.0.2. Checking on the CLI: On the PC, run the cmd command to enter the DOS environment. Run the ipconfig command to view the IP address of the PC. As shown in the figure, the IP address of the PC is 192.168.0.2. C:\Documents and Settings\Administrator> ipconfig /all Physical Address. . . . . . . . . : 00-21-97-c7-4a-18 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.253 Primary WINS Server . . . . . . . : 192.168.0.254 On the device, run the display arp command to view the MAC address corresponding to the IP address. [USG]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -------------------------------------------------------------------------- 192.168.0.1 00e0-fceb-0377 I - GE0/0/0 192.168.0.2 5489-9870-670d 20 D-0 GE0/0/0 ------------------------------------------------------------------------------ Total:2 Dynamic:1 Static:0 Interface:1

Method used to configure the reserved IP address of DHCP on USG firewalls
On the USG2000, USG5000, and USG6000, you can configure the reserved IP address of DHCP as follows: 1. Run the system-view command to enter the system view. 2. Run the dhcp server forbidden-ip start-ip-address [ end-ip-address ] command to configure a reserved IP address. By default, except for the interface IP address of the DHCP server, all IP addresses in the DHCP address pool are used for automatic allocation. To reserve an IP address, set start-ip-address. For example, IP address 10.1.1.3 is used as the DNS server address and needs to be reserved. [USG] dhcp server forbidden-ip 10.1.1.3 To reserve an IP address segment, set start-ip-address and end-ip-address. Ensure that start-ip-address is not equal to or larger than end-ip-address and they are in the same network segment. For example, IP addresses from 10.1.1.4 to 10.1.1.9 are used as fixed IP addresses and need to be reserved. [USG] dhcp server forbidden-ip 10.1.1.4 10.1.1.9

Method used to view the mapping between the IP address and the MAC address on USG firewalls
Method used to view the mapping between the IP address and the MAC address on the USG2000, USG5000, and USG6000: You can run the display arp command to view the mapping between the IP address and the MAC address. [USG]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/PVC --------------------------------------------------------------------------- 1.1.2.2 3400-a3d8-f023 I Vlanif300 100.1.1.1 3400-a3d8-f023 I Vlanif200 6.6.6.6 3400-a3d8-f023 I Vlanif2 192.168.108.111 3400-a3d8-f01f I GE0/0/0 192.168.108.222 3400-a3d8-f01f I GE0/0/0 192.168.108.100 d46a-b330-c311 6 D GE0/0/0 192.168.108.113 3400-a3da-e1b0 12 D GE0/0/0 192.168.108.115 200b-c73b-6300 16 D GE0/0/0 192.168.108.114 200b-c73b-5b00 16 D GE0/0/0 I indicates the MAC address of the interface. You can learn the local interface address in I, including the VLANIF interface and L3 interface. D indicates a dynamic entry obtained using the ARP packet. Based on the IP address and MAC address learned by the corresponding interface, you can identify the interface that interworks with a lower-layer device, and determine the MAC address of the device using the IP address. For example, if the IP address of a computer is available, you can determine the MAC address based on the corresponding MAC option. Note: You can view only ARP entries learned by a local device. If devices are far apart from each other, the local device does not need to learn the ARP of the device on the lowest level. In such a case, you cannot view the IP address and MAC address on the local device.

Method used to modify the MAC address on USG firewalls
Method used to modify the MAC address on the USG2000, USG5000, and USG6000: USG firewalls do not support modification of the MAC address.

Method used to bind an L2TP user and an IP address on the USG2000 and USG5000
The method used to bind an L2TP user and an IP address on the USG2000 and USG5000 is as follows: You can bind an L2TP user and an IP address on the USG firewall only when the USG firewall serves as an LNS on the network. [USG5500-aaa]local-user wutest ? access-limit Access limit acl-number Configure ACL number ftp-directory Set user FTP directory permitted idle-cut Configure idle cut l2tp-ip Configure binding ip of l2tp for user/Select this parameter to bind the L2TP user and the IP address. level Configure user privilege password Indicate the password service-type Service types for authorized users state Activate/block the user(s) valid-period Indicate user valid period vpn-instance Specify a VPN-Instance [USG5500-aaa]local-user wutest l2 [USG5500-aaa]local-user wutest l2tp-ip ? X.X.X.X The ip of l2tp/Configure the IP address to be bound. [USG5500-aaa]local-user wutest l2tp-ip 1.1.1.1

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top