Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

DHCP snooping and option-82 data insertion

Copy Link
Copy Doc ID aff29563-e919-11ed-8e6d-fa163e15d75b:190059
Download PDF

DHCP snooping and option-82 data insertion

Commands are available to enable or disable (by default) DHCP option-82 data insertion for wireless access points. DHCP snooping is used to prevent rogue DHCP servers from offering IP addresses to DHCP clients. This feature adds the Circuit ID and Remote ID sub-option onto the DHCP packets, which helps the user identify which FortiAP makes the request and for which SSID it requests.

Syntax

config wireless-controll vap

edit wifi

set dhcp-option82-insertion {enable | disable}

set dhcp-option82-circuit-id-insertion {style-1 | style-2 | Style-3 | disable}

set dhcp-option82-remote-id-insertion {style-1 | disable}

next

end

The circuit-id option includes information specific to the cirtcuit the request came from. This option is an identifier that identifies the FortiAP.

The remote-id option includes information on the remote host end of the circuit. This option usually contains information that identifies the station.

Options

Description

Circuit-ID style-1

An ASCII string composed of AP-MAC;SSID;SSID-TYPE

Circuit-ID style-2

An ASCII string composed of AP-MAC

Circuit-ID Style-3

An ASCII string composed of NETWORK-TYPE:WTPPROF-NAME:VLAN:SSID:AP-MODEL:AP-HOSTNAME:AP-MAC

Remote-ID Style-1

An ASCII string composed of the Station-MAC

Tooltip

This feature is only supported in Bridge mode, Tunnel mode, and Mesh SSIDs.

DHCP snooping and option-82 data insertion

Commands are available to enable or disable (by default) DHCP option-82 data insertion for wireless access points. DHCP snooping is used to prevent rogue DHCP servers from offering IP addresses to DHCP clients. This feature adds the Circuit ID and Remote ID sub-option onto the DHCP packets, which helps the user identify which FortiAP makes the request and for which SSID it requests.

Syntax

config wireless-controll vap

edit wifi

set dhcp-option82-insertion {enable | disable}

set dhcp-option82-circuit-id-insertion {style-1 | style-2 | Style-3 | disable}

set dhcp-option82-remote-id-insertion {style-1 | disable}

next

end

The circuit-id option includes information specific to the cirtcuit the request came from. This option is an identifier that identifies the FortiAP.

The remote-id option includes information on the remote host end of the circuit. This option usually contains information that identifies the station.

Options

Description

Circuit-ID style-1

An ASCII string composed of AP-MAC;SSID;SSID-TYPE

Circuit-ID style-2

An ASCII string composed of AP-MAC

Circuit-ID Style-3

An ASCII string composed of NETWORK-TYPE:WTPPROF-NAME:VLAN:SSID:AP-MODEL:AP-HOSTNAME:AP-MAC

Remote-ID Style-1

An ASCII string composed of the Station-MAC

Tooltip

This feature is only supported in Bridge mode, Tunnel mode, and Mesh SSIDs.