Method used to configure the management IP address in transparent mode on USG firewalls

13

In transparent mode on the USG2000, USG5000, and USG6000, all interfaces are converted to L2 interfaces, and IP addresses cannot be configured. Therefore, management IP addresses must be configured for L3 virtual interfaces of the VLANIF.
Taking VLANIF 1 as an example, the configuration is as follows (the configuration can be modified based on actual situations):
[USG_A] interface vlanif 1
[USG_A-GigabitEthernet0/0/1] ip address 192.168.0.2 24
[USG_A-GigabitEthernet0/0/1] quit

Other related questions:
Method used to configure the reserved IP address of DHCP on USG firewalls
On the USG2000, USG5000, and USG6000, you can configure the reserved IP address of DHCP as follows: 1. Run the system-view command to enter the system view. 2. Run the dhcp server forbidden-ip start-ip-address [ end-ip-address ] command to configure a reserved IP address. By default, except for the interface IP address of the DHCP server, all IP addresses in the DHCP address pool are used for automatic allocation. To reserve an IP address, set start-ip-address. For example, IP address 10.1.1.3 is used as the DNS server address and needs to be reserved. [USG] dhcp server forbidden-ip 10.1.1.3 To reserve an IP address segment, set start-ip-address and end-ip-address. Ensure that start-ip-address is not equal to or larger than end-ip-address and they are in the same network segment. For example, IP addresses from 10.1.1.4 to 10.1.1.9 are used as fixed IP addresses and need to be reserved. [USG] dhcp server forbidden-ip 10.1.1.4 10.1.1.9

Method used to configure the check of a source IP address on USG firewalls
The check of a source IP address indicates that an interface checks the source IP address upon receiving an IP packet. If the source IP address of the packet is not in the network segment of the interface, the interface discards the packet; if the source IP address of the packet is in the network segment of the interface, the interface can forward the packet. The IP masquerading is effectively prevented by means of the check of a source IP address. To configure the check of a source IP address, run the ip verify source-address command in the interface view. By default, the interface does not verify the source address of a received packet.

Method used to configure primary and secondary IP addresses of an interface on USG firewalls
The following commands are used to configure the primary and secondary IP addresses of an interface on the USG2000, USG5000, and USG6000: system-view [USG] interface GigabitEthernet 0/0/3 [USG-GigabitEthernet0/0/3] ip address 10.2.1.1 24 //Primary IP address [USG-GigabitEthernet0/0/3] ip address 10.2.1.8 24 sub //Secondary IP address Note: The primary and secondary IP address of the same interface can be in the same network segment. However, any of IP addresses of different interfaces, IP addresses of the main interface and the subinterface, and IP addresses of the main interface and different subinterfaces cannot be in the same network segment.

Method used to configure DHCP to bind an IP address and an MAC address on USG firewalls
On the USG2000, USG5000, and USG6000, you can configure DHCP to bind the IP address and the MAC address as follows: Configuration on the CLI: Configure address pool 3, and bind the IP address and the MAC address in this address pool. [USG] dhcp server ip-pool 3 [USG-dhcp-3] static-bind ip-address 10.1.1.5 mask 255.255.255.128 [USG-dhcp-3] static-bind mac-address 0021-97cf-2238 [USG-dhcp-3] quit Configuration on the web UI: Choose Network > DHCP Server > Service. Click New. In Advanced, configure a static binding in Static Address Binding.

Method used to view the IP address of an interface on USG firewalls
The commands used to view the IP address of an interface on the USG2000, USG5000, and USG6000 are as follows: 1. Run the display ip interface brief command to view configuration information of an interface IP address. 2. Run the following commands to view the interface configuration: [Huawei] interface g0/0/1 [Huawei-GigabitEthernet0/0/1] display this

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top