Scribd
Upload
56 views

Cau Hinh Internet Using DHCP

DHCP Configuration

Uploaded by

Thanh Tan Pham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
56 views

Cau Hinh Internet Using DHCP

DHCP Configuration

Uploaded by

Thanh Tan Pham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

CLI: Example for Accessing the Internet Using DHCP Page 1 of 5

< Home

CLI: Example for Accessing the Internet


Using DHCP
This section provides an example for configuring a FW as a DHCP client that applies for an
IPv4 address to access the Internet.

Networking Requirements
Figure 1 shows that a FW functions as an egress gateway and connect PCs in an intranet
to the Internet. The network plan is as follows:

• An administrator manually specifies an IPv4 address for each PC on the network


segment 10.3.0.0/24.

• An interface with a static IPv4 address connects the FW to the intranet.

• Another interface on the FW that functions as a DHCP client applies for a client IPv4
address and a DNS server IP address from a DHCP server and connects the intranet
to the Internet.

Figure 1 Networking diagram for accessing the Internet using DHCP

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable the DHCP client function on GigabitEthernet 0/0/1 of the FW to obtain a


client IPv4 address and a DNS server address from a DHCP server.

mk:@MSITStore:E:\TMP\01.Docs\Huawei\HUAWEI%20USG6000E%20V600R007C00... 9/20/2019
CLI: Example for Accessing the Internet Using DHCP Page 2 of 5

<2.Home
Specify a static IPv4 address on GigabitEthernet 0/0/3 that connects the FW to the
intranet.

3. Configure a security policy and a NAT policy (easy-IP) on the FW.

4. Set the IP addresses of the PCs' gateway and a DNS server to 10.3.0.1. This example
provides the configuration procedure on the FW. The configuration procedure for
the PCs is not provided.

NOTE:

After the FW obtains an IPv4 address from a DHCP server, the DHCP server issues
a default route to the FW that function as a DHCP client. The next hop of the
default route is a carrier's device. Therefore, there is no need to configure a default
route.

Procedure
1. Configure the IP address of the interface and assign the interfaces to the security
zones.

<FW> system-view
[FW] interface GigabitEthernet 0/0/3
[FW-GigabitEthernet0/0/3] ip address 10.3.0.1 24
[FW-GigabitEthernet0/0/3] quit
[FW] firewall zone trust
[FW-zone-trust] add interface GigabitEthernet 0/0/3
[FW] firewall zone untrust
[FW-zone-untrust] add interface GigabitEthernet 0/0/1
[FW-zone-untrust] quit

2. Configure the DNS proxy function.

[FW] dns proxy enable


[FW] dns resolve
[FW] dns server unnumbered interface GigabitEthernet0/0/1

3. Configure GigabitEthernet 0/0/1 as a DHCP client.

[FW] interface GigabitEthernet 0/0/1


[FW-GigabitEthernet0/0/1] ip address dhcp-alloc
[FW-GigabitEthernet0/0/1] quit

mk:@MSITStore:E:\TMP\01.Docs\Huawei\HUAWEI%20USG6000E%20V600R007C00... 9/20/2019
CLI: Example for Accessing the Internet Using DHCP Page 3 of 5

<4.Home
Configure a security policy to allow the PCs to access the Internet.

[FW] security-policy
[FW-security-policy] rule name policy_sec_1
[FW-security-policy-sec_policy_1] source-address 10.3.0.0 mask 255.255.255.0
[FW-security-policy-sec_policy_1] source-zone trust
[FW-security-policy-sec_policy_1] destination-zone untrust
[FW-security-policy-sec_policy_1] action permit
[FW-security-policy-sec_policy_1] quit
[FW-security-policy] quit
[FW-security-policy] rule name policy_sec_2
[FW-security-policy-sec_policy_2] source-address 10.3.0.0 mask 255.255.255.0
[FW-security-policy-sec_policy_2] source-zone trust
[FW-security-policy-sec_policy_2] destination-zone local
[FW-security-policy-sec_policy_2] action permit
[FW-security-policy-sec_policy_2] quit
[FW-security-policy] quit
[FW-security-policy] rule name policy_sec_3
[FW-security-policy-sec_policy_3] source-address 10.3.0.0 mask 255.255.255.0
[FW-security-policy-sec_policy_3] source-zone local
[FW-security-policy-sec_policy_3] destination-zone untrust
[FW-security-policy-sec_policy_3] action permit
[FW-security-policy-sec_policy_3] quit
[FW-security-policy] quit

5. Configure a NAT policy to translate private network IP addresses into public


network IP addresses before PCs access the Internet.

[FW] nat-policy
[FW-policy-nat] rule name policy_nat_1
[FW-policy-nat-rule-policy_nat_1] source-address 10.3.0.0 mask 255.255.255.0
[FW-policy-nat-rule-policy_nat_1] source-zone trust
[FW-policy-nat-rule-policy_nat_1] egress-interface GigabitEthernet 0/0/1
[FW-policy-nat-rule-policy_nat_1] action source-nat easy-ip
[FW-policy-nat-rule-policy_nat_1] quit
[FW-policy-nat] quit

Configuration Verification
1. Check the status of GigabitEthernet 0/0/1 (uplink).

mk:@MSITStore:E:\TMP\01.Docs\Huawei\HUAWEI%20USG6000E%20V600R007C00... 9/20/2019
CLI: Example for Accessing the Internet Using DHCP Page 4 of 5

a. Choose Network > Interface.


< Home
b. Verify that the physical status and IPv4 status of GigabitEthernet 0/0/1 are Up,
the connection type is DHCP, and the interface obtained an IPv4 address.

2. Check whether the PC on the intranet can use domain names to access the Internet.
If the PC can access the Internet, the configuration is successful. If the PC fails to
access the Internet, modify the configuration and try again.

Configuration Script
#
dns resolve
dns server unnumbered interface GigabitEthernet0/0/1
#
dns proxy enable
#
interface GigabitEthernet0/0/1
undo shutdown
ip address dhcp-alloc
#
interface GigabitEthernet0/0/3
ip address 10.3.0.1 255.255.255.0
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/3
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.254 preference 245
#
security-policy
rule name policy_sec_1
source-zone trust
destination-zone untrust
source-address 10.3.0.0 24

mk:@MSITStore:E:\TMP\01.Docs\Huawei\HUAWEI%20USG6000E%20V600R007C00... 9/20/2019
CLI: Example for Accessing the Internet Using DHCP Page 5 of 5

action permit
< Home
#
security-policy
rule name policy_sec_2
source-zone trust
destination-zone local
source-address 10.3.0.0 24
action permit
#
security-policy
rule name policy_sec_3
source-zone local
destination-zone untrust
source-address 10.3.0.0 24
action permit
#
nat-policy
rule name policy_nat_1
source-zone trust
egress-interface GigabitEthernet0/0/1
source-address 10.3.0.0 24
action source-nat easy-ip
#
return

Parent Topic: Configuration Examples for Interfaces


< Previous Next topic >
Copyright © Huawei Technologies Co., Ltd.

mk:@MSITStore:E:\TMP\01.Docs\Huawei\HUAWEI%20USG6000E%20V600R007C00... 9/20/2019

You might also like