Method used to configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses

38

You can configure two network segments on the USG firewall among which one network segment contains IP addresses dynamically allocated by the DHCP server and another network segment contains static IP addresses as follows:
Two methods are available:
1. If the switch interconnected to the firewall has only one interface, configure two IP addresses for the interface, set the primary IP address as the dynamic IP address and the secondary IP address (sub address) as the static IP address.
The key configuration is as follows:
[USG] interface GigabitEthernet0/0/1
[USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0
[USG-GigabitEthernet0/0/1] ip address 192.168.1.1 255.255.255.0 sub
[USG-GigabitEthernet0/0/1] quit
[USG] dhcp server ip-pool 0
[USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0
[USG-dhcp-0] dns-list 192.168.2.3
[USG-dhcp-0] quit
IP addresses in network segment 192.168.2.0 can be dynamically allocated.
IP addresses in network segment 192.168.1.0 are static IP addresses set on the PC.
2. If the switch is interconnected with the firewall over interfaces in different network segments, the addresses can be configured flexibly.
a. Configure the DHCP address pool by configuring the L3 interface.
[USG] interface GigabitEthernet0/0/1
[USG-GigabitEthernet0/0/1] ip address 192.168.2.1 255.255.255.0
[USG-GigabitEthernet0/0/1] quit
[USG]interface GigabitEthernet0/0/2
[USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0
[USG-GigabitEthernet0/0/2] quit
[USG] dhcp server ip-pool 0 Configure an address pool for network segment 192.168.2.0 instead of network segment 192.168.1.0, and configure static IP addresses on the PC.
[USG-dhcp-0] network 192.168.2.0 mask 255.255.255.0
[USG-dhcp-0] dns-list 192.168.2.2
[USG-dhcp-0] quit
b. Configure the DHCP address pool based on interfaces.
[USG] interface GigabitEthernet1/0/1
[USG-GigabitEthernet1/0/1] ip address 192.168.0.1 255.255.255.0 Configure the interface IP address.
[USG-GigabitEthernet1/0/1] dhcp select interface //Configure the interface-based DHCP.
[USG-GigabitEthernet1/0/1] dhcp server ip-range 192.168.0.1 192.168.0.254 //Configure the range of IP addresses that can be allocated.
[USG-GigabitEthernet1/0/1] dhcp server gateway-list 192.168.0.1
[USG-GigabitEthernet1/0/1] dhcp server dns-list 192.168.0.253
[USG-GigabitEthernet1/0/1] quit
[USG] interface GigabitEthernet0/0/2
[USG-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 Configure the interface IP address and configure static IP addresses in this network segment instead of DHCP.

Other related questions:
Method used to configure DHCP relay on the AR
When the DHCP server and DHCP clients are on different network segments, the DHCP relay agent can be configured so that the DHCP server can assign IP addresses to the DHCP clients. Procedure: 1. Configure the router # sysname Router # dhcp enable //Enable the DHCP function. # ip pool ip-pool1 gateway-list 10.10.1.1 //Set the gateway IP address. network 10.10.1.0 mask 255.255.255.128 //Specify the range of IP addresses that can be dynamically allocated in the global address pool. excluded-ip-address 10.10.1.2 //Set the IP address 10.10.1.2 that is not assigned automatically in the address pool. excluded-ip-address 10.10.1.4 //Set the IP address 10.10.1.4 that is not assigned automatically in the address pool. dns-list 10.10.1.2 //Configure the IP address of the DNS server for the DHCP client. nbns-list 10.10.1.4 //Configure the IP address of the NetBIOS server for the DHCP client. lease day 10 hour 12 minute 0 //Set the IP address lease to 10 days and 12 hours. domain-name huawei.com //Set the domain name to huawei.com. static-bind ip-address 10.10.1.5 mac-address fc12-2567-ce34 //Assign a fixed IP address to the PC_AD. # ip pool ip-pool2 gateway-list 10.10.1.129 //Set the gateway IP address. network 10.10.1.128 mask 255.255.255.128 //Specify the range of IP addresses that can be dynamically allocated in the global address pool. dns-list 10.10.1.2 //Configure the IP address of the DNS server for the DHCP client. lease day 5 hour 0 minute 0 //Set the IP address lease to 5 days. domain-name huawei.com //Set the domain name to huawei.com. # interface GigabitEthernet0/0/0 ip address 10.10.1.1 255.255.255.128 dhcp select global //Configure the global address pool mode. # interface GigabitEthernet0/0/1 ip address 10.10.1.129 255.255.255.128 dhcp select global //Configure the global address pool mode. 2. Verify the configuration. Run the display ip pool command on the router to check the IP address pool configuration.

Method used to increase the number of IP addresses that can be allocated in the current network segment on the USG firewall
On the USG2000, USG5000, and USG6000, you can increase the number of IP addresses that can be allocated in the current network segment as follows: You can increase the number of IP addresses in two ways: 1. Expand the mask. For example, expand 24-bit mask 255.255.255.0 to 16-bit mask 255.255.0.0. a. For dynamic address allocation, modify the mask in the address: [FW]dhcp server ip-pool pool1 [FW-dhcp-pool1]gateway-list 10.1.1.1 [FW-dhcp-pool1]network 10.1.0.0 mask 16 b. If PCs on the network adopt static IP addresses, modify the mask on each PC. 2. Add a network segment. This method involves the entire network, especially the route configuration, to enable the new network segment to interwork with the original network segment.

Method used to configure the DHCP server on USG firewalls when multiple network segments need to obtain IP addresses
You can configure the DHCP server on the USG2000, USG5000, and USG6000 when multiple network segments need to obtain IP addresses as follows: If multiple network segments need to dynamically obtain IP addresses, configure multiple address pools, and map these network segments to one address pool. For example: In address pool 0, configure the address pool range of DHCP address pool 0 and set common attributes (domain name suffix and DNS server address) of address pool 0, address pool 1, and address pool 2. [USG] dhcp server ip-pool 0 //Configure the address pool. [USG-dhcp-0] network 10.1.1.0 mask 255.255.255.0 [USG-dhcp-0] domain-name dhcpserver.com [USG-dhcp-0] dns-list 10.1.1.2 [USG-dhcp-0] quit # Configure attributes of address pool 1 (address pool range, egress gateway address, and address lease period). [USG] dhcp server ip-pool 1 [USG-dhcp-1] network 10.1.1.0 mask 255.255.255.128 [USG-dhcp-1] gateway-list 10.1.1.1 [USG-dhcp-1] expired day 10 hour 12 [USG-dhcp-1] quit For specific configurations, click How to set the IP addresses of the IP phone and PC to be in different IP network segments?
1. Log in the phone's web page as the administrator. 2. Choose Advanced > Network > Vlan. On the displayed page, configure the VLAN ID for the LAN port and PC port. 3. Set the switch to trunk mode.

Configure DHCP relay on S series switch
For S series switches (except S1700 switches), when the DHCP server and clients are on different network segments, you can configure a DHCP relay agent to help the DHCP server allocate network parameters to DHCP clients. For S series switches, the DHCP relay agent configuration is the same on all switch models in all versions. For details, see "Example for Configuring the Device as a DHCP Relay (on the Same Network)" and "Example for Configuring the Device as a DHCP Relay (Across a GRE Tunnel)" in Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top