Method used to configure a DHCP server based on the global address pool on USG firewalls

0

You can configure a DHCP server (only the DHCP part) based on the global address pool on the USG2000, USG5000, and USG6000 as follows:
[USG]dhcp server ip-pool 0 //Configure the address pool.
[USG-dhcp-0]network 10.1.1.0 mask 255.255.255.0
[USG-dhcp-0]dns-list 10.1.1.2
[USG-dhcp-0]domain-name example.com
[USG-dhcp-0]quit
[USG]interface GigabitEthernet1/0/1 //Configure the interface address.
[USG-GigabitEthernet0/0/1]ip address 10.1.1.1 255.255.255.128
[USG-GigabitEthernet0/0/1]quit
[USG]firewall zone trust //Add the interface to the zone.
[USG-zone-trust]add interface GigabitEthernet1/0/1

Other related questions:
Configure the DHCP server based on the global address pool on the AR
An IP address pool is created in the system view on a DHCP server. In the interface view, the server is configured to allocate IP addresses, gateway addresses, and DNS server addresses to clients based on the global address pool. This mode applies to the scenario where the DHCP server and clients are on different network segments (a DHCP relay agent exists), or the DHCP server and clients are on the same subnet but the server needs to assign IP addresses to the clients connected to multiple interfaces. Perform the following configuration: [Huawei] dhcp enable //Enable the DHCP function. [Huawei] ip pool pool1 //Configure a global address pool. [Huawei-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0 //Specify the range of IP addresses that can be dynamically allocated. [Huawei-ip-pool-pool1] gateway-list 10.1.1.1 // Set the gateway IP address. [Huawei-ip-pool-pool1] quit [Huawei] interface ethernet 1/0/0 //Enter the view of the interface of the DHCP server connected to the client. [Huawei-Ethernet1/0/0] undo portswitch //Switch the interface to Layer 3 mode. [Huawei-Ethernet1/0/0] ip address 10.1.1.1 255.255.255.0 //Configure the same subnet as the address pool. [HUAWEI-Vlanif100] dhcp select global // Enable the DHCP server to assign IP addresses to clients from the global address pool.

Configure DHCP server on S series switch based on the global address pool
For S series switches (except S1700 switches), after a DHCP server based on the global address pool is configured, that is, an IP address pool is created in the system view, IP addresses in the address pool can be allocated to DHCP clients connected to all interfaces. This configuration mode applies to scenarios where the DHCP server and clients are on different network segments and a DHCP relay exists. In addition, this configuration mode is used to allocate IP addresses to DHCP clients connected to multiple interfaces when the DHCP server and clients are on the same network segment. The configurations are as follows: [HUAWEI] dhcp enable //Enable the DHCP function. [HUAWEI] ip pool pool1 //Configure a global address pool. [HUAWEI-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0 //Configure an IP address range that can be dynamically allocated. [HUAWEI-ip-pool-pool1] gateway-list 10.1.1.1 //Configure an IP address for the gateway. [HUAWEI-ip-pool-pool1] dns-list 114.114.114.114 //Configure the IP address of the DNS server for DHCP clients. [HUAWEI-ip-pool-pool1] quit [HUAWEI] interface vlanif 100 //Create an interface connecting the DHCP server to the DHCP clients. [HUAWEI-Vlanif100] ip address 10.1.1.1 255.255.255.0 //This IP address must be on the same network segment as the IP address pool. [HUAWEI-Vlanif100] dhcp select global //Enable the DHCP server function to assign IP addresses to clients from the global address pool.

Method used to configure the L2TP over IPSec user address segment on the USG2000 and USG5000
The method used to configure the L2TP over IPSec user address segment on the USG2000 and USG5000 is as follows: Configure the L2TP over IPSec user address segment using the CLI: # Define an address pool and allocate an IP address to the dial-up user. [LNS] aaa [LNS-aaa] ip pool 1 10.1.1.1 10.1.1.100 # Set the user name and password (consistent with those configured on the PC of the employee on a business trip). [LNS-aaa] local-user vpdnuser password cipher Hello123 [LNS-aaa] quit # Allocate an address in the IP address pool to the peer interface. [LNS] interface virtual-template 1 [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] quit Configure the L2TP over IPSec user address segment using the web UI: Configure the L2TP parameters. 1. Choose Network > L2TP > L2TP. 2. In Configure L2TP, select Enable and click Apply. 3. In L2TP Group List, click New. 4. Set Group Type to LNS. 5. Configure the L2TP parameters. The server address shall be in the same network segment as the address in the address pool. In this way, you do not need to configure a route. Peer Tunnel Name must be consistent with Local Tunnel Name configured on the LAC. Group Type: LNS Peer Tunnel Name: LAC Tunnel Password Authentication: Enable Password Type: Ciphertext Tunnel password: Hello123 Confirm Tunnel password: Hello123 User Group: default Set the user address allocation parameters as follows: Server Address/Subnet Mask: 10.2.1.1/255.255.255.0 User Address Pool: 10.2.1.2-10.2.1.100 6. Click OK.

Configure a DHCP global address pool
Configure a DHCP global address pool on a CE series switch as follows:
<HUAWEI> system-view
[~Huawei] dhcp enable //Enable DHCP globally.
[*Huawei] commit
[~Huawei] ip pool pool1 //Create a global address pool and enter its view.
[*Huawei-ip-pool-pool1] gateway-list 10.1.1.1 //Configure the egress gateway address for the global address pool of a DHCP server.
[*Huawei-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.128 //Configure the range of IP addresses that can be allocated dynamically from a global address pool.
[*Huawei-ip-pool-pool1] dns-list 10.1.1.2 //Configure an IP address for the DNS server used by DHCP clients.
[*Huawei-ip-pool-pool1] excluded-ip-address 10.1.1.2 //Configure an IP address that cannot be automatically allocated from the global address pool.
[*Huawei-ip-pool-pool1] lease day 10 //Configure a lease for the IP address.
[*Huawei-ip-pool-pool1] commit
[~Huawei-ip-pool-pool1] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top