Method used to modify DHCP on the USG6000

0

You can view address lease information of the USG6000 on the DHCP server, including the IP address allocated by the DHCP server, the corresponding MAC address, lease validity, and IP address binding type.

Other related questions:
DHCP lease period configuration on USG firewalls
You can configure (or modify) the DHCP lease period on the USG2000, USG5000, and USG6000 as follows: 1. Configuration on the web UI: a. Choose Network > DHCP Server > Service. b. Complete basic DHCP configurations. c. Click Advanced. Configure the domain name, address lease period, and WINS server. d. Click Apply. 2. Configuring on the CLI: a. Configure the lease period in address pool mode. [USG] dhcp server ip-pool 2 [USG-dhcp-2] network 10.1.1.128 mask 255.255.255.128 [USG-dhcp-2] gateway-list 10.1.1.129 [USG-dhcp-2] expired day 5 [USG-dhcp-2] quit b. Configure the lease period in interface mode. [USG]interface Vlanif10 [USG-interface-VLANif10] ip address 10.1.1.1 255.255.255.0 [USG-interface-VLANif10] dhcp server expired day 10 hour 12

Method used to modify the IKE algorithm on AR series routers
Huawei AR series routers can be configured with the IKE authentication and encryption algorithms. The configuration procedure is as follows: 1. Run the ike proposal proposal-number command to create an IKE proposal and enter the IKE proposal view. 2. Run the authentication-algorithm { aes-xcbc-mac-96 | md5 | sha1 | sha2-256 | sha2-384 | sha2-512 | sm3 } command to configure an authentication algorithm for the IKE proposal. Starting from V200R002C00, the AR supports aes-xcbc-mac-96. Starting from V200R005C10, the AR supports SHA2-256, SHA2-384, and SHA2-512. Starting from V200R005C00, the AR supports SM3, but the NE16EX series do not support SM3. It is recommended that you do not use MD5 and SHA-1. Otherwise, security defense cannot be met. 3. Run the encryption-algorithm { des-cbc | 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | sm4 } command to configure an encryption algorithm for the IKE proposal. Starting from V200R005C90, the AR supports SM4. It is recommended that you should not use DES-CBC and 3DES-CBC. Otherwise, security defense cannot be met.

Method used to modify GNE configurations on the U2000
On the main menu of the U2000, choose Administration > DCN Management. In the window that is displayed, you can modify parameters such as the GNE type and communication address.

Method used to configure interworking between BFD sessions and the DHCP client on the USG firewall
When serving as a DHCP client, an egress gateway cannot sensitize the accessibility of a link where it resides. If the link is faulty, service traffic cannot be rapidly switched over to a standby link, resulting in service interruption. The interworking between the DHCP client and BFD sessions can address this issue. According to this function, the DHCP client is associated with BFD sessions, so that the firewall can dynamically determine the DHCP link accessibility based on the BFD session state. Key configurations for the interworking between BFD sessions and the DHCP client on the USG firewall are as follows: # Configure BFD session 1, and set the peer IP address to 8.8.8.1, local identifier to 10, and remote identifier to 20. [USG_A] bfd [USG_A-bfd] quit [USG_A] bfd 1 bind peer-ip 8.8.8.1 interface GigabitEthernet 0/0/1 nexthop dhcp [USG_A-bfd-session-1] discriminator local 10 [USG_A-bfd-session-1] discriminator remote 20 [USG_A-bfd-session-1] commit [USG_A-bfd-session-1] quit Configure the interworking between the DHCP client and the BFD session. # Associate the DHCP client with BFD sessions. [USG_A] dhcp enable [USG_A] interface GigabitEthernet 0/0/1 [USG_A-GigabitEthernet0/0/1] dhcp client enable track bfd-session 10 [USG_A-GigabitEthernet0/0/1] quit Note: The USG6000 configuration must be consistent with the key configuration of the USG2000&5000. This case takes the USG2000&5000 as an example to describe the configuration. You can learn the USG6000 configuration in other configurations. For specific configurations, click Method used to configure interworking between BFD sessions and the DHCP client on the USG firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top