Created on 10-04-2012 11:23 AM Edited on 06-09-2022 08:57 PM By Anonymous
Description
This article explains how to configure multiple DHCP IP pools on the same interface of a FortiGate acting as a DHCP server for DHCP relay servers.
The CLI must be used to set up this configuration because it is not possible to edit multiple pools on the same interface using the GUI.
Solution
config system interface edit "internal" // Interface connected to the DHCP relay set vdom "root" set ip 10.36.0.113 255.255.252.0 set allowaccess ping https ssh http telnet fgfm set type physical next end |
config system dhcp server
|
config router static edit 2 set blackhole disable set comment '' set device "internal" set distance 10 set dst 10.129.0.241 255.255.255.255 set dynamic-gateway disable set gateway 10.36.0.241 set priority 0 set weight 0 next edit 3 set blackhole disable set comment '' set device "internal" set distance 10 set dst 10.38.0.241 255.255.255.255 set dynamic-gateway disable set gateway 10.36.0.241 set priority 0 set weight 0 next |
config system interface edit "wan1" // Interface connected to the DHCP server set vdom "root" set dhcp-relay-ip "10.36.0.113" set ip 10.36.0.241 255.255.252.0 set allowaccess ping https ssh http telnet set type physical next edit "dmz" // Interface in network 10.129 using DHCP relay set vdom "root" set dhcp-relay-service enable set dhcp-relay-ip "10.36.0.113" set ip 10.129.0.241 255.255.252.0 set allowaccess ping https ssh http telnet set type physical next edit "internal" // Interface in network 10.38 using DHCP relay set vdom "root" set dhcp-relay-service enable set dhcp-relay-ip "10.36.0.113" set ip 10.38.0.241 255.255.252.0 set allowaccess ping https ssh http telnet set type physical next end |
FG50BH-3 # [warn]got an interrupt [debug]calling handler[icmp] [debug]calling handler[fallback] [debug]calling handler[internal] [debug]locate_network prhtype(1) pihtype(1) [debug]find_lease(): leaving function WITHOUT a lease [debug]htyp packet 1, htype hw_addr 224 [note]DHCPDISCOVER from 00:05:5d:01:84:e3 via 10.129.0.241(ethernet) [note]there's no free leases in memory on subnet internal, try to allocate new one from range list [debug]Start dumping IP address range: [debug]IP Range from 10.129.0.11 to 10.129.0.20 [debug]found a new lease of ip 10.129.0.10 [debug]added ip 10.129.0.10 mac 00:05:5d:01:84:e3 in vd root [note]reach value MSFT 5.0 [debug]packet length 292 [debug]op = 1 htype = 1 hlen = 6 hops = 1 [debug]xid = fb1566f5 secs = 0 flags = 80 [debug]ciaddr = 0.0.0.0 [debug]yiaddr = 0.0.0.0 [debug]siaddr = 0.0.0.0 [debug]giaddr = 10.129.0.241 [debug]chaddr = 00:05:5d:01:84:e3 [debug]filename = [debug]server_name = [debug] host-name = "mis-PC" [debug] dhcp-message-type = 1 [debug] dhcp-parameter-request-list = 1,15,3,6,44,46,47,31,33,121,249,43 [debug] dhcp-class-identifier = "MSFT 5.0" [debug] dhcp-client-identifier = 1:0:5:5d:1:84:e3 [debug] option-82 = 1:3:64:6d:7a [debug] |
FG50BH-3 # [debug]calling handler[icmp] [debug]calling handler[fallback] [debug]calling handler[internal] [debug]locate_network prhtype(1) pihtype(1) [debug]find_lease(): packet contains preferred client IP, cip.s_addr is 10.38.0.10 [debug]search through all subnets to find an ip lease (10.38.0.10) [debug]Start dumping IP address range: [debug]IP Range from 10.38.0.11 to 10.38.0.20 [debug]found a new lease of ip 10.38.0.10 [debug]find_lease(): leaving function with lease set [debug]find_lease(): the lease's IP is 10.38.0.10 [note]DHCPREQUEST for 10.38.0.10 from 00:05:5d:01:84:e3 via 10.38.0.241(ethernet) [debug]added ip 10.38.0.10 mac 00:05:5d:01:84:e3 in vd root [note]reach value MSFT 5.0 [debug]packet length 314 [debug]op = 1 htype = 1 hlen = 6 hops = 1 [debug]xid = 6c6f17b3 secs = 0 flags = 80 [debug]ciaddr = 0.0.0.0 [debug]yiaddr = 0.0.0.0 [debug]siaddr = 0.0.0.0 [debug]giaddr = 10.38.0.241 [debug]chaddr = 00:05:5d:01:84:e3 [debug]filename = [debug]server_name = [debug] host-name = "mis-PC" [debug] dhcp-requested-address = 10.38.0.10 [debug] dhcp-message-type = 3 [debug] dhcp-parameter-request-list = 1,15,3,6,44,46,47,31,33,121,249,43 [debug] dhcp-class-identifier = "MSFT 5.0" [debug] dhcp-client-identifier = 1:0:5:5d:1:84:e3 [debug] option-81 = 0:0:0:6d:69:73:2d:50:43 [debug] option-82 = 1:8:69:6e:74:65:72:6e:61:6c [debug] |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.