Method used to configure the reserved IP address of DHCP on USG firewalls

53

On the USG2000, USG5000, and USG6000, you can configure the reserved IP address of DHCP as follows:
1. Run the system-view command to enter the system view.
2. Run the dhcp server forbidden-ip start-ip-address [ end-ip-address ] command to configure a reserved IP address.
By default, except for the interface IP address of the DHCP server, all IP addresses in the DHCP address pool are used for automatic allocation.
To reserve an IP address, set start-ip-address.
For example, IP address 10.1.1.3 is used as the DNS server address and needs to be reserved.
[USG] dhcp server forbidden-ip 10.1.1.3
To reserve an IP address segment, set start-ip-address and end-ip-address. Ensure that start-ip-address is not equal to or larger than end-ip-address and they are in the same network segment.
For example, IP addresses from 10.1.1.4 to 10.1.1.9 are used as fixed IP addresses and need to be reserved.
[USG] dhcp server forbidden-ip 10.1.1.4 10.1.1.9

Other related questions:
Method used to configure DHCP to bind an IP address and an MAC address on USG firewalls
On the USG2000, USG5000, and USG6000, you can configure DHCP to bind the IP address and the MAC address as follows: Configuration on the CLI: Configure address pool 3, and bind the IP address and the MAC address in this address pool. [USG] dhcp server ip-pool 3 [USG-dhcp-3] static-bind ip-address 10.1.1.5 mask 255.255.255.128 [USG-dhcp-3] static-bind mac-address 0021-97cf-2238 [USG-dhcp-3] quit Configuration on the web UI: Choose Network > DHCP Server > Service. Click New. In Advanced, configure a static binding in Static Address Binding.

Method used to configure the USG firewall to release an IP address allocated by DHCP to the PC
On the USG2000, USG5000, and USG6000, you can release the IP address allocated by DHCP to the PC using the following commands: Clear address 10.110.1.1 reset dhcp server ip-in-use ip 10.110.1.1 The commands can clear both expired and valid address binding information.

Method used to view the IP address and MAC address obtained by a DHCP user on USG firewalls
On the USG2000, USG5000, and USG6000, you can view the IP address and MAC address obtained by a DHCP user as follows: Checking on the web UI: Choose Network > DHCP Server > Monitoring. In Address Leases, view the IP address and MAC address allocated by the DHCP server to the DHCP client. As shown in the figure, the IP address allocated by the DHCP server to the DHCP client is 192.168.0.2. Checking on the CLI: On the PC, run the cmd command to enter the DOS environment. Run the ipconfig command to view the IP address of the PC. As shown in the figure, the IP address of the PC is 192.168.0.2. C:\Documents and Settings\Administrator> ipconfig /all Physical Address. . . . . . . . . : 00-21-97-c7-4a-18 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.253 Primary WINS Server . . . . . . . : 192.168.0.254 On the device, run the display arp command to view the MAC address corresponding to the IP address. [USG]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -------------------------------------------------------------------------- 192.168.0.1 00e0-fceb-0377 I - GE0/0/0 192.168.0.2 5489-9870-670d 20 D-0 GE0/0/0 ------------------------------------------------------------------------------ Total:2 Dynamic:1 Static:0 Interface:1

Method used to configure the check of a source IP address on USG firewalls
The check of a source IP address indicates that an interface checks the source IP address upon receiving an IP packet. If the source IP address of the packet is not in the network segment of the interface, the interface discards the packet; if the source IP address of the packet is in the network segment of the interface, the interface can forward the packet. The IP masquerading is effectively prevented by means of the check of a source IP address. To configure the check of a source IP address, run the ip verify source-address command in the interface view. By default, the interface does not verify the source address of a received packet.

Method used to configure two IP addresses for an interface on the USG firewall and set the primary IP address as the dynamic IP address allocated by the DHCP gateway
You can configure two IP addresses for an interface on the USG2000, USG5000, and USG6000 and set the primary IP address as the dynamic IP address allocated by the DHCP gateway as follows: Note: The SUB address can only be configured as a static IP address of the PC. [USG]interface GigabitEthernet0/0/1 [USG-GigabitEthernet0/0/1]ip address 192.168.2.1 255.255.255.0 [USG-GigabitEthernet0/0/1]ip address 192.168.1.1 255.255.255.0 sub [USG-GigabitEthernet0/0/1]quit [USG] dhcp server ip-pool 0 [USG-dhcp-0]network 192.168.2.0 mask 255.255.255.0 [USG-dhcp-0]dns-list 192.168.2.3 [USG-dhcp-0] quit IP addresses in network segment 192.168.2.0 can be dynamically allocated. IP addresses in network segment 192.168.1.0 are static IP addresses set on the PC.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top