Fortinet black logo

Admin Guide (Standalone)

Configure DHCP server

Copy Link
Copy Doc ID 9e8a98cd-5de9-11ec-bdf2-fa163e15d75b:438142
Download PDF

Configure DHCP server

You can configure the DHCP server from FortiExtender (Standalone) Cloud or locally while the device is set in NAT mode.

To configure the DHCP server, change the IP address of the LAN interface to the correct subnet, and then create the DHCP server subnet using commands described in the table below.

CLI command

Description

config system dhcpserver

Enters DHCP server configuration mode.

edit <name>

Specify the name of the DHCP server.

set status {enable | disable | backup}

Set the DHCP server status:

  • enable—Enable the DHCP server.
  • disable—Disable the DHCP server.
  • backup— Enable in VRRP backup mode. (Note: The DHCP server is launched only when the VRRP primary goes down.)

set lease-time <lease_time>

Specify the DHCP address lease time in seconds. The valid range is 300–8640000. 0 means unlimited.

set dns-service {local |

default | specify | wan-dns}

Select one of the options for assigning a DNS server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' DNS server IP address.
  • default—Clients are assigned the FortiExtender (Standalone) configured DNS server.
  • specify—Specify up to three DNS servers in the DHCP server configuration.
  • wan-dns—The DNS of the WAN interface that is added becomes clients' DNS server IP address.

set dns-server1 <dns_server1>

Specify the IP address of DNS Server 1.

set dns-server2 <dns_server2>

Specify the IP address of DNS Server 2.

set dns-server3 <dns_server3>

Specify the IP address of DNS Server 3.

set ntp-service {local |

default | specify}

Select an option for assigning a Network Time Protocol (NTP) server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' NTP server IP address.
  • default—Clients are assigned the FortiExtender (Standalone) configured NTP servers.
  • specify—Specify up to three NTP servers.

set ntp-server1 <ntp_server1>

Specify the IP address of NTP Server 1.

set ntp-server2 <ntp_server2>

Specify the IP address of NTP Server 2.

set ntp-server3 <ntp_server3>

Specify the IP address of NTP Server 3.

set default-gateway <gateway>

Specify the default gateway IP address assigned by the DHCP server.

set netmask <netmask>

Specify the netmask assigned by the DHCP server.

set interface <interface>

Specify the interface on which the DHCP server is expected to run.

set start-ip <start_ip>

Specify the start IP address of the DHCP IP address range. For example, 192.168.1.100.

set end-ip <end_ip>

Specify the end IP address of the DHCP IP address range. For example, 192.168.1.120.

Example DHCP server configuration:

config system dhcpserver

edit dsl

set status enable

set lease-time 8640000

set dns-service specify

set dns-server1 8.8.8.8

set dns-server2 8.8.4.4

set dns server3

set ntp-service local

set default-gateway 192.168.2.1

set netmask 255.255.255.0

set interface LAN

set start-ip 192.168.2.2

set end-ip 192.168.2.254

set mtu 1500

set reserved-address enable

next

end

FortiExtender (Standalone) LAN interface(s) can be configured in static IP address mode locally or from FortiExtender Cloud. By default, the LAN interface has the IP address of 192.168.200.99/24 and runs a DHCP server serving addresses from 192.168.200.110. You can enable the management of LAN-side capabilities from FortiExtender (Standalone) Cloud.

FortiExtender supports DHCP server with reserved addresses. To take advantage of this feature, you must do the following:

  1. Enable the set reserved-address option, as shown above.
  2. Configure the system DHCP-reserved-address using the following commands:

edit 1

set ip <preferred host IP>

set mac <mac address of host>

set action <reserved | blocked>

end

Note
  • set action reserved ensures that the same IP is assigned to the host with a matching MAC address.
  • set action disabled ensures that the host with a given MAC address is not assigned an IP address.

Configure DHCP server

You can configure the DHCP server from FortiExtender (Standalone) Cloud or locally while the device is set in NAT mode.

To configure the DHCP server, change the IP address of the LAN interface to the correct subnet, and then create the DHCP server subnet using commands described in the table below.

CLI command

Description

config system dhcpserver

Enters DHCP server configuration mode.

edit <name>

Specify the name of the DHCP server.

set status {enable | disable | backup}

Set the DHCP server status:

  • enable—Enable the DHCP server.
  • disable—Disable the DHCP server.
  • backup— Enable in VRRP backup mode. (Note: The DHCP server is launched only when the VRRP primary goes down.)

set lease-time <lease_time>

Specify the DHCP address lease time in seconds. The valid range is 300–8640000. 0 means unlimited.

set dns-service {local |

default | specify | wan-dns}

Select one of the options for assigning a DNS server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' DNS server IP address.
  • default—Clients are assigned the FortiExtender (Standalone) configured DNS server.
  • specify—Specify up to three DNS servers in the DHCP server configuration.
  • wan-dns—The DNS of the WAN interface that is added becomes clients' DNS server IP address.

set dns-server1 <dns_server1>

Specify the IP address of DNS Server 1.

set dns-server2 <dns_server2>

Specify the IP address of DNS Server 2.

set dns-server3 <dns_server3>

Specify the IP address of DNS Server 3.

set ntp-service {local |

default | specify}

Select an option for assigning a Network Time Protocol (NTP) server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' NTP server IP address.
  • default—Clients are assigned the FortiExtender (Standalone) configured NTP servers.
  • specify—Specify up to three NTP servers.

set ntp-server1 <ntp_server1>

Specify the IP address of NTP Server 1.

set ntp-server2 <ntp_server2>

Specify the IP address of NTP Server 2.

set ntp-server3 <ntp_server3>

Specify the IP address of NTP Server 3.

set default-gateway <gateway>

Specify the default gateway IP address assigned by the DHCP server.

set netmask <netmask>

Specify the netmask assigned by the DHCP server.

set interface <interface>

Specify the interface on which the DHCP server is expected to run.

set start-ip <start_ip>

Specify the start IP address of the DHCP IP address range. For example, 192.168.1.100.

set end-ip <end_ip>

Specify the end IP address of the DHCP IP address range. For example, 192.168.1.120.

Example DHCP server configuration:

config system dhcpserver

edit dsl

set status enable

set lease-time 8640000

set dns-service specify

set dns-server1 8.8.8.8

set dns-server2 8.8.4.4

set dns server3

set ntp-service local

set default-gateway 192.168.2.1

set netmask 255.255.255.0

set interface LAN

set start-ip 192.168.2.2

set end-ip 192.168.2.254

set mtu 1500

set reserved-address enable

next

end

FortiExtender (Standalone) LAN interface(s) can be configured in static IP address mode locally or from FortiExtender Cloud. By default, the LAN interface has the IP address of 192.168.200.99/24 and runs a DHCP server serving addresses from 192.168.200.110. You can enable the management of LAN-side capabilities from FortiExtender (Standalone) Cloud.

FortiExtender supports DHCP server with reserved addresses. To take advantage of this feature, you must do the following:

  1. Enable the set reserved-address option, as shown above.
  2. Configure the system DHCP-reserved-address using the following commands:

edit 1

set ip <preferred host IP>

set mac <mac address of host>

set action <reserved | blocked>

end

Note
  • set action reserved ensures that the same IP is assigned to the host with a matching MAC address.
  • set action disabled ensures that the host with a given MAC address is not assigned an IP address.