Method used to configure the DHCP server on USG firewalls when multiple network segments need to obtain IP addresses

19

You can configure the DHCP server on the USG2000, USG5000, and USG6000 when multiple network segments need to obtain IP addresses as follows:
If multiple network segments need to dynamically obtain IP addresses, configure multiple address pools, and map these network segments to one address pool.
For example:
In address pool 0, configure the address pool range of DHCP address pool 0 and set common attributes (domain name suffix and DNS server address) of address pool 0, address pool 1, and address pool 2.
[USG] dhcp server ip-pool 0 //Configure the address pool.
[USG-dhcp-0] network 10.1.1.0 mask 255.255.255.0
[USG-dhcp-0] domain-name dhcpserver.com
[USG-dhcp-0] dns-list 10.1.1.2
[USG-dhcp-0] quit
# Configure attributes of address pool 1 (address pool range, egress gateway address, and address lease period).
[USG] dhcp server ip-pool 1
[USG-dhcp-1] network 10.1.1.0 mask 255.255.255.128
[USG-dhcp-1] gateway-list 10.1.1.1
[USG-dhcp-1] expired day 10 hour 12
[USG-dhcp-1] quit

For specific configurations, click

Other related questions:
Method used to configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses
You can configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses as follows: Two methods are available: 1. If the switch interconnected to the firewall has only one interface, configure two IP addresses for the interface, set the primary IP address as the dynamic IP address and the secondary IP address (sub address) as the static IP address. The key configuration is as follows: [USG] interface GigabitEthernet0/0/1 [USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0 [USG-GigabitEthernet0/0/1] ip address 192.168.1.1 255.255.255.0 sub [USG-GigabitEthernet0/0/1] quit [USG] dhcp server ip-pool 0 [USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0 [USG-dhcp-0] dns-list 192.168.2.3 [USG-dhcp-0] quit IP addresses in network segment 192.168.2.0 can be dynamically allocated. IP addresses in network segment 192.168.1.0 are static IP addresses set on the PC. 2. If the switch is interconnected with the firewall over interfaces in different network segments, the addresses can be configured flexibly. a. Configure the DHCP address pool by configuring the L3 interface. [USG] interface GigabitEthernet0/0/1 [USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0 [USG-GigabitEthernet0/0/1] quit [USG]interface GigabitEthernet0/0/2 [USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 [USG-GigabitEthernet0/0/2] quit [USG] dhcp server ip-pool 0 Configure an address pool for network segment 192.168.2.0 instead of network segment 192.168.1.0, and configure static IP addresses on the PC. [USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0 [USG-dhcp-0] dns-list 192.168.2.2 [USG-dhcp-0] quit b. Configure the DHCP address pool based on interfaces. [USG] interface GigabitEthernet1/0/1 [USG-GigabitEthernet1/0/1] ip address 192.168.0.1 255.255.255.0 Configure the interface IP address. [USG-GigabitEthernet1/0/1] dhcp select interface //Configure the interface-based DHCP. [USG-GigabitEthernet1/0/1] dhcp server ip-range 192.168.0.1 192.168.0.254 //Configure the range of IP addresses that can be allocated. [USG-GigabitEthernet1/0/1] dhcp server gateway-list 192.168.0.1 [USG-GigabitEthernet1/0/1] dhcp server dns-list 192.168.0.253 [USG-GigabitEthernet1/0/1] quit [USG] interface GigabitEthernet0/0/2 [USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 Configure the interface IP address and configure static IP addresses in this network segment instead of DHCP.

Method used to configure the reserved IP address of DHCP on USG firewalls
On the USG2000, USG5000, and USG6000, you can configure the reserved IP address of DHCP as follows: 1. Run the system-view command to enter the system view. 2. Run the dhcp server forbidden-ip start-ip-address [ end-ip-address ] command to configure a reserved IP address. By default, except for the interface IP address of the DHCP server, all IP addresses in the DHCP address pool are used for automatic allocation. To reserve an IP address, set start-ip-address. For example, IP address 10.1.1.3 is used as the DNS server address and needs to be reserved. [USG] dhcp server forbidden-ip 10.1.1.3 To reserve an IP address segment, set start-ip-address and end-ip-address. Ensure that start-ip-address is not equal to or larger than end-ip-address and they are in the same network segment. For example, IP addresses from 10.1.1.4 to 10.1.1.9 are used as fixed IP addresses and need to be reserved. [USG] dhcp server forbidden-ip 10.1.1.4 10.1.1.9

Method used to view the IP address and MAC address obtained by a DHCP user on USG firewalls
On the USG2000, USG5000, and USG6000, you can view the IP address and MAC address obtained by a DHCP user as follows: Checking on the web UI: Choose Network > DHCP Server > Monitoring. In Address Leases, view the IP address and MAC address allocated by the DHCP server to the DHCP client. As shown in the figure, the IP address allocated by the DHCP server to the DHCP client is 192.168.0.2. Checking on the CLI: On the PC, run the cmd command to enter the DOS environment. Run the ipconfig command to view the IP address of the PC. As shown in the figure, the IP address of the PC is 192.168.0.2. C:\Documents and Settings\Administrator> ipconfig /all Physical Address. . . . . . . . . : 00-21-97-c7-4a-18 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.253 Primary WINS Server . . . . . . . : 192.168.0.254 On the device, run the display arp command to view the MAC address corresponding to the IP address. [USG]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -------------------------------------------------------------------------- 192.168.0.1 00e0-fceb-0377 I - GE0/0/0 192.168.0.2 5489-9870-670d 20 D-0 GE0/0/0 ------------------------------------------------------------------------------ Total:2 Dynamic:1 Static:0 Interface:1

Method used to configure DHCP to bind an IP address and an MAC address on USG firewalls
On the USG2000, USG5000, and USG6000, you can configure DHCP to bind the IP address and the MAC address as follows: Configuration on the CLI: Configure address pool 3, and bind the IP address and the MAC address in this address pool. [USG] dhcp server ip-pool 3 [USG-dhcp-3] static-bind ip-address 10.1.1.5 mask 255.255.255.128 [USG-dhcp-3] static-bind mac-address 0021-97cf-2238 [USG-dhcp-3] quit Configuration on the web UI: Choose Network > DHCP Server > Service. Click New. In Advanced, configure a static binding in Static Address Binding.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top