Configuring a USG trusted host

6

The USG2000&5000&6000 trusted hosts are described and configured as follows:
Trusted host: Specifies the range of host IP addresses. The format is IP address/mask, for example, 10.1.1.1/24 or 10.1.1.1/255.255.255.0. A maximum of 10 hosts can be configured.

Adding a host: Choose System > Admin > Administrators, click Add or Modify on the right of the created administrator, and enter the address of the trusted host.


- The configuration method using the CLI on the USG6000 is as follows:
system-view
Enter system view, return user view with Ctrl+Z.
[USG6600]acl 2000
[USG6600-1-acl-basic-2000]rule 5 permit source 1.100.1.1 0
[USG6600-acl-basic-2000]rule 10 deny
[USG6600-acl-basic-2000]quit
[USG6600]aaa
[USG6600-aaa]manager-user admin
[USG6600-aaa-manager-user-admin]acl-number 2000

- The configuration method using the CLI on the USG2000&5000 is as follows:
system-view
Enter system view, return user view with Ctrl+Z.
[USG2000]acl 2000
[USG2000-1-acl-basic-2000]rule 5 permit source 1.100.1.1 0
[USG2000-acl-basic-2000]rule 10 deny
[USG2000-acl-basic-2000]quit
[USG2000]aaa
[USG2000-aaa]local-user admin acl-number 2000

Other related questions:
Configuring a trusted host for an administrator account
By binding an administrator account to an ACL, you can strictly control the login IP address of the administrator and forbid other non-specified IP addresses to log in to the device. 1. Configure a trusted host for the administrator. [sysname] acl 2001 [sysname-acl-basic-2001] rule permit source 10.3.0.0 0.0.0.255 [sysname-acl-basic-2001] quit 2. Bind the administrator account named abc to trusted host. [sysname] aaa [sysname-aaa] manager-user abc [sysname-aaa-manager-user-abc] acl-number 2001

Configure DHCP server on S series switch based on the global address pool
For S series switches (except S1700 switches), after a DHCP server based on the global address pool is configured, that is, an IP address pool is created in the system view, IP addresses in the address pool can be allocated to DHCP clients connected to all interfaces. This configuration mode applies to scenarios where the DHCP server and clients are on different network segments and a DHCP relay exists. In addition, this configuration mode is used to allocate IP addresses to DHCP clients connected to multiple interfaces when the DHCP server and clients are on the same network segment. The configurations are as follows: [HUAWEI] dhcp enable //Enable the DHCP function. [HUAWEI] ip pool pool1 //Configure a global address pool. [HUAWEI-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0 //Configure an IP address range that can be dynamically allocated. [HUAWEI-ip-pool-pool1] gateway-list 10.1.1.1 //Configure an IP address for the gateway. [HUAWEI-ip-pool-pool1] dns-list 114.114.114.114 //Configure the IP address of the DNS server for DHCP clients. [HUAWEI-ip-pool-pool1] quit [HUAWEI] interface vlanif 100 //Create an interface connecting the DHCP server to the DHCP clients. [HUAWEI-Vlanif100] ip address 10.1.1.1 255.255.255.0 //This IP address must be on the same network segment as the IP address pool. [HUAWEI-Vlanif100] dhcp select global //Enable the DHCP server function to assign IP addresses to clients from the global address pool.

What if the firewall's IP address is not displayed when using tracert
You can run the ip ttl-expires enable command. After receiving the ICMP packet with the TTL being 0 from the Windows host, the firewall replies with a timeout packet. Then, the IP address of the firewall will be displayed on the Windows host.

DHCP configuration for USG subinterfaces
The USG2000, USG5000, and USG6000 subinterfaces support the DHCP function.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top