Fortinet black logo

Version:

7.4.1
7.4.0
7.2.5

Version:

7.2.4
7.2.1
7.2.0

Version:

7.0.4
7.0.2
7.0.1

Version:

7.0.0
6.4.6
6.4.4

Version:

6.4.3
6.4.2
6.4.1

Version:

6.4.0
6.2.2
6.2.0

Version:

6.0.5
6.0.4
6.0.3

Version:

5.6.4
5.4.3

Table of Contents

FortiWiFi and FortiAP Configuration Guide

6.4.6
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3
Download PDF
Copy Doc ID e7542848-cfc4-11eb-97f7-00505692583a:190059
Copy Link

DHCP snooping and option-82 data insertion

Commands are available to enable or disable (by default) DHCP option-82 data insertion for wireless access points. DHCP snooping is used to prevent rogue DHCP servers from offering IP addresses to DHCP clients. This feature adds the Circuit ID and Remote ID sub-option onto the DHCP packets, which helps the user identify which FortiAP makes the request and for which SSID it requests.

Syntax

config wireless-controll vap

edit wifi

set dhcp-option82-insertion {enable | disable}

set dhcp-option82-circuit-id-insertion {style-1 | style-2 | Style-3 | disable}

set dhcp-option82-remote-id-insertion {style-1 | disable}

next

end

The circuit-id option includes information specific to the cirtcuit the request came from. This option is an identifier that identifies the FortiAP.

The remote-id option includes information on the remote host end of the circuit. This option usually contains information that identifies the station.

Options

Description

Circuit-ID style-1

An ASCII string composed of AP-MAC;SSID;SSID-TYPE

Circuit-ID style-2

An ASCII string composed of AP-MAC

Circuit-ID Style-3

An ASCII string composed of NETWORK-TYPE:WTPPROF-NAME:VLAN:SSID:AP-MODEL:AP-HOSTNAME:AP-MAC

Remote-ID Style-1

An ASCII string composed of the Station-MAC
Tooltip

This feature is only supported in Bridge mode, Tunnel mode, and Mesh SSIDs.
Previous
Next

DHCP snooping and option-82 data insertion

Commands are available to enable or disable (by default) DHCP option-82 data insertion for wireless access points. DHCP snooping is used to prevent rogue DHCP servers from offering IP addresses to DHCP clients. This feature adds the Circuit ID and Remote ID sub-option onto the DHCP packets, which helps the user identify which FortiAP makes the request and for which SSID it requests.

Syntax

config wireless-controll vap

edit wifi

set dhcp-option82-insertion {enable | disable}

set dhcp-option82-circuit-id-insertion {style-1 | style-2 | Style-3 | disable}

set dhcp-option82-remote-id-insertion {style-1 | disable}

next

end

The circuit-id option includes information specific to the cirtcuit the request came from. This option is an identifier that identifies the FortiAP.

The remote-id option includes information on the remote host end of the circuit. This option usually contains information that identifies the station.

Options

Description

Circuit-ID style-1

An ASCII string composed of AP-MAC;SSID;SSID-TYPE

Circuit-ID style-2

An ASCII string composed of AP-MAC

Circuit-ID Style-3

An ASCII string composed of NETWORK-TYPE:WTPPROF-NAME:VLAN:SSID:AP-MODEL:AP-HOSTNAME:AP-MAC

Remote-ID Style-1

An ASCII string composed of the Station-MAC
Tooltip

This feature is only supported in Bridge mode, Tunnel mode, and Mesh SSIDs.
Previous
Next