DHCP configuration for USG subinterfaces

36

The USG2000, USG5000, and USG6000 subinterfaces support the DHCP function.

Other related questions:
Method used to configure the router-on-a-stick on USG firewalls

The router-on-a-stick can address the limited physical interface resources issue. By configuring multiple subinterfaces, corresponding to different VLANs, for a physical interface, a physical interface can enable different VLANs to communicate with each other. For example, you can configure the router-on-a-stick on the USG2000, USG5000, and USG6000 as follows: [USG] interface GigabitEthernet1/0/3.1//Configure subinterface 1. [USG-GigabitEthernet1/0/3.1] vlan-type dot1q 10//Terminate VLAN 10. [USG-GigabitEthernet1/0/3.1] ip address 10.3.1.1 255.255.255.0//Configure the IP address for the subinterface. [USG-GigabitEthernet1/0/3.1] quit [USG] interface GigabitEthernet1/0/3.2//Configure subinterface 2. [USG-GigabitEthernet1/0/3.2] vlan-type dot1q 20//Terminate VLAN 20. [USG-GigabitEthernet1/0/3.2] ip address 10.3.1.1 255.255.255.0//Configure the IP address for the subinterface.


Configuring an Ethernet subinterface on the firewall
Configure the Layer 3 Ethernet subinterface as follows: 1. Run the system-view command to access the system view. 2. Run the interface interface-type interface-number.subinterface-number command to access the Ethernet subinterface view. 3. Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the Ethernet subinterface. 4. Run the vlan-type dot1q vlan-id command to configure the encapsulation type for the Ethernet subinterface and associate a VLAN ID with the subinterface. Configure the Layer 2 Ethernet subinterface as follows: 1. Run the system-view command to access the system view. 2. Run the interface interface-type interface-number command to enter the interface view. 3. Run the portswitch command to configure a Layer 3 Ethernet interface to work in Layer 2 mode. 4. Run the quit command to return to the system view. 5. Run the interface interface-type interface-number.subinterface-number command to create a subinterface and access the subinterface view. 6. Run the vlan-type dot1q vlan-id command to configure the encapsulation type for the subinterface and associate a VLAN ID with the subinterface. 7. Run the portswitch command to configure the subinterface as a Layer 2 subinterface.

Configure DHCP server on S series switch based on the interface address pool
To configure the DHCP server based on the interface address pool for the S series switches (excluding the S1700), configure an IP address for the interface and the switch allocates addresses that are on the same network segment as the interface IP address to clients. This configuration mode is simple and applies only to scenarios where the DHCP server and clients are on the same network segment. That is, no DHCP relay exists.The configuration is as follows: [HUAWEI] dhcp enable //Enable DHCP. [HUAWEI] interface gigabitethernet 2/0/0 //Enter the view of the interface connected to the DHCP client. [HUAWEI-GigabitEthernet2/0/0] port link-type access [HUAWEI-GigabitEthernet2/0/0] port default vlan 10 [HUAWEI-GigabitEthernet2/0/0] quit [HUAWEI] interface vlanif 10 [HUAWEI-Vlanif10] ip address 10.1.1.1 24 //Configure the network segment where the DHCP client resides. The IP address range of the interface-based DHCP server is: 10.1.1.2 to 10.1.1.254. [HUAWEI-Vlanif10] dhcp select interface //Enable the DHCP server function based on the interface address pool. [HUAWEI-Vlanif10] dhcp server dns-list 114.114.114.114 //Specify the DNS server address in the interface address pool. [HUAWEI-Vlanif10] dhcp server lease day 2 //Set the lease of IP addresses to 2 days. [HUAWEI-Vlanif10] quit

Method used to configure VLAN communications through L3 subinterfaces on USG firewalls
To enable different VLANs to communicate with each other, you can connect different VLANs to different interfaces of an L3 device. In this way, a router can exchange data between different VLANs. However, this method wastes limited physical interface resources of the device. The Ethernet subinterfaces can be used to address this issue. Currently, the Ethernet subinterfaces can be configured for the Ethernet interfaces and Eth-Trunk interfaces. By configuring multiple subinterfaces, corresponding to different VLANs, for a physical interface, a physical interface can enable different VLANs to communicate with each other. The method for enabling VLANs to communicate with each other through L3 subinterfaces is only applicable to the scenario in which hosts in each VLAN are in different network segments. If hosts in a VLAN are in the same network segment, you can configure L2 subinterfaces to enable VLANs to communicate with each other. To configure VLAN communications through L3 subinterfaces, perform the following steps: 1. Run the system-view command to enter the system view. 2. Run the interface interface-type interface-number.subinterface-number command to create a subinterface and enter the subinterface view. 3. Run the vlan-type dot1q vlan-id command to configure the encryption type and associated VLAN ID for the subinterface. 4. Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address for the subinterface. The IP addresses of the subinterface and the main interface can be in the same network segment, but the subnet masks of the subinterface and the main interface must different.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top