Method used to increase the number of IP addresses that can be allocated in the current network segment on the USG firewall

1

On the USG2000, USG5000, and USG6000, you can increase the number of IP addresses that can be allocated in the current network segment as follows:
You can increase the number of IP addresses in two ways:
1. Expand the mask.
For example, expand 24-bit mask 255.255.255.0 to 16-bit mask 255.255.0.0.
a. For dynamic address allocation, modify the mask in the address:
[FW]dhcp server ip-pool pool1
[FW-dhcp-pool1]gateway-list 10.1.1.1
[FW-dhcp-pool1]network 10.1.0.0 mask 16
b. If PCs on the network adopt static IP addresses, modify the mask on each PC.
2. Add a network segment.
This method involves the entire network, especially the route configuration, to enable the new network segment to interwork with the original network segment.

Other related questions:
Method used to configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses
You can configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses as follows: Two methods are available: 1. If the switch interconnected to the firewall has only one interface, configure two IP addresses for the interface, set the primary IP address as the dynamic IP address and the secondary IP address (sub address) as the static IP address. The key configuration is as follows: [USG] interface GigabitEthernet0/0/1 [USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0 [USG-GigabitEthernet0/0/1] ip address 192.168.1.1 255.255.255.0 sub [USG-GigabitEthernet0/0/1] quit [USG] dhcp server ip-pool 0 [USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0 [USG-dhcp-0] dns-list 192.168.2.3 [USG-dhcp-0] quit IP addresses in network segment 192.168.2.0 can be dynamically allocated. IP addresses in network segment 192.168.1.0 are static IP addresses set on the PC. 2. If the switch is interconnected with the firewall over interfaces in different network segments, the addresses can be configured flexibly. a. Configure the DHCP address pool by configuring the L3 interface. [USG] interface GigabitEthernet0/0/1 [USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0 [USG-GigabitEthernet0/0/1] quit [USG]interface GigabitEthernet0/0/2 [USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 [USG-GigabitEthernet0/0/2] quit [USG] dhcp server ip-pool 0 Configure an address pool for network segment 192.168.2.0 instead of network segment 192.168.1.0, and configure static IP addresses on the PC. [USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0 [USG-dhcp-0] dns-list 192.168.2.2 [USG-dhcp-0] quit b. Configure the DHCP address pool based on interfaces. [USG] interface GigabitEthernet1/0/1 [USG-GigabitEthernet1/0/1] ip address 192.168.0.1 255.255.255.0 Configure the interface IP address. [USG-GigabitEthernet1/0/1] dhcp select interface //Configure the interface-based DHCP. [USG-GigabitEthernet1/0/1] dhcp server ip-range 192.168.0.1 192.168.0.254 //Configure the range of IP addresses that can be allocated. [USG-GigabitEthernet1/0/1] dhcp server gateway-list 192.168.0.1 [USG-GigabitEthernet1/0/1] dhcp server dns-list 192.168.0.253 [USG-GigabitEthernet1/0/1] quit [USG] interface GigabitEthernet0/0/2 [USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 Configure the interface IP address and configure static IP addresses in this network segment instead of DHCP.

Method used to configure the L2TP over IPSec user address segment on the USG2000 and USG5000
The method used to configure the L2TP over IPSec user address segment on the USG2000 and USG5000 is as follows: Configure the L2TP over IPSec user address segment using the CLI: # Define an address pool and allocate an IP address to the dial-up user. [LNS] aaa [LNS-aaa] ip pool 1 10.1.1.1 10.1.1.100 # Set the user name and password (consistent with those configured on the PC of the employee on a business trip). [LNS-aaa] local-user vpdnuser password cipher Hello123 [LNS-aaa] quit # Allocate an address in the IP address pool to the peer interface. [LNS] interface virtual-template 1 [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] quit Configure the L2TP over IPSec user address segment using the web UI: Configure the L2TP parameters. 1. Choose Network > L2TP > L2TP. 2. In Configure L2TP, select Enable and click Apply. 3. In L2TP Group List, click New. 4. Set Group Type to LNS. 5. Configure the L2TP parameters. The server address shall be in the same network segment as the address in the address pool. In this way, you do not need to configure a route. Peer Tunnel Name must be consistent with Local Tunnel Name configured on the LAC. Group Type: LNS Peer Tunnel Name: LAC Tunnel Password Authentication: Enable Password Type: Ciphertext Tunnel password: Hello123 Confirm Tunnel password: Hello123 User Group: default Set the user address allocation parameters as follows: Server Address/Subnet Mask: 10.2.1.1/255.255.255.0 User Address Pool: 10.2.1.2-10.2.1.100 6. Click OK.

Method used to configure the USG firewall to release an IP address allocated by DHCP to the PC
On the USG2000, USG5000, and USG6000, you can release the IP address allocated by DHCP to the PC using the following commands: Clear address 10.110.1.1 reset dhcp server ip-in-use ip 10.110.1.1 The commands can clear both expired and valid address binding information.

Method used to configure the DHCP server on USG firewalls when multiple network segments need to obtain IP addresses
You can configure the DHCP server on the USG2000, USG5000, and USG6000 when multiple network segments need to obtain IP addresses as follows: If multiple network segments need to dynamically obtain IP addresses, configure multiple address pools, and map these network segments to one address pool. For example: In address pool 0, configure the address pool range of DHCP address pool 0 and set common attributes (domain name suffix and DNS server address) of address pool 0, address pool 1, and address pool 2. [USG] dhcp server ip-pool 0 //Configure the address pool. [USG-dhcp-0] network 10.1.1.0 mask 255.255.255.0 [USG-dhcp-0] domain-name dhcpserver.com [USG-dhcp-0] dns-list 10.1.1.2 [USG-dhcp-0] quit # Configure attributes of address pool 1 (address pool range, egress gateway address, and address lease period). [USG] dhcp server ip-pool 1 [USG-dhcp-1] network 10.1.1.0 mask 255.255.255.128 [USG-dhcp-1] gateway-list 10.1.1.1 [USG-dhcp-1] expired day 10 hour 12 [USG-dhcp-1] quit For specific configurations, click Method used to configure two IP addresses for an interface on the USG firewall and set the primary IP address as the dynamic IP address allocated by the DHCP gateway
You can configure two IP addresses for an interface on the USG2000, USG5000, and USG6000 and set the primary IP address as the dynamic IP address allocated by the DHCP gateway as follows: Note: The SUB address can only be configured as a static IP address of the PC. [USG]interface GigabitEthernet0/0/1 [USG-GigabitEthernet0/0/1]ip address 192.168.2.1 255.255.255.0 [USG-GigabitEthernet0/0/1]ip address 192.168.1.1 255.255.255.0 sub [USG-GigabitEthernet0/0/1]quit [USG] dhcp server ip-pool 0 [USG-dhcp-0]network 192.168.2.0 mask 255.255.255.0 [USG-dhcp-0]dns-list 192.168.2.3 [USG-dhcp-0] quit IP addresses in network segment 192.168.2.0 can be dynamically allocated. IP addresses in network segment 192.168.1.0 are static IP addresses set on the PC.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top