Fortinet white logo
Fortinet white logo

Admin Guide (Standalone)

Configure DHCP server

Configure DHCP server

You can configure the DHCP server from FortiEdge Cloud or locally while the device is set in NAT mode.

To configure the DHCP server, change the IP address of the LAN interface to the correct subnet, and then create the DHCP server subnet using commands described in the table below.

CLI command

Description

config system dhcpserver

Enters DHCP server configuration mode.

edit <name>

Specify the name of the DHCP server.

set status {enable | disable | backup}

Set the DHCP server status:

  • enable—Enable the DHCP server.
  • disable—Disable the DHCP server.
  • backup— Enable in VRRP backup mode. (Note: The DHCP server is launched only when the VRRP primary goes down.)

set lease-time <lease_time>

Specify the DHCP address lease time in seconds. The valid range is 300–8640000. 0 means unlimited.

set dns-service {default | specify | wan-dns}

Select one of the options for assigning a DNS server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' DNS server IP address.
  • default—Clients are assigned the FortiExtender configured DNS server.
  • specify—Specify up to three DNS servers in the DHCP server configuration.
  • wan-dns—The DNS of the WAN interface that is added becomes clients' DNS server IP address.

set dns-server1 <dns_server1>

Specify the IP address of DNS Server 1.

set dns-server2 <dns_server2>

Specify the IP address of DNS Server 2.

set dns-server3 <dns_server3>

Specify the IP address of DNS Server 3.

set ntp-service {default | specify}

Select an option for assigning a Network Time Protocol (NTP) server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' NTP server IP address.
  • default—Clients are assigned the FortiExtender configured NTP servers.
  • specify—Specify up to three NTP servers.

set ntp-server1 <ntp_server1>

Specify the IP address of NTP Server 1.

set ntp-server2 <ntp_server2>

Specify the IP address of NTP Server 2.

set ntp-server3 <ntp_server3>

Specify the IP address of NTP Server 3.

set default-gateway <gateway>

Specify the default gateway IP address assigned by the DHCP server.

set netmask <netmask>

Specify the netmask assigned by the DHCP server.

set interface <interface>

Specify the interface on which the DHCP server is expected to run.

set start-ip <start_ip>

Specify the start IP address of the DHCP IP address range. For example, 192.168.1.100.

set end-ip <end_ip>

Specify the end IP address of the DHCP IP address range. For example, 192.168.1.120.

Set mtu <mtu size>

Specify the MTU size. The default value is 1500.

Set reserved-address <enable/disable>

Set the reserved address enable or disable:

  • enable—enable reserved address option by configuring ip, mac and action as reserved or block.

  • disable—Disable reserved address option.

Example DHCP server configuration:
FX201E5919000222 (1) <M> # show 
edit 1
    set status enable
    set lease-time 86400
    set dns-service default
    set ntp-service specify
    set ntp-server1 
    set ntp-server2 
    set ntp-server3 
    set default-gateway 192.168.200.99
    set netmask 255.255.255.0
    set interface lan
    set start-ip 192.168.200.100
    set end-ip 192.168.200.150
    set mtu 1500
    set reserved-address enable
    config reserved-addresses
        edit 1
            set ip 192.168.200.101
            set mac 45:59:b1:5f:db:ca
            set action reserved
        next
    end
next

FortiExtender LAN interface(s) can be configured in static IP address mode locally or from FortiEdge Cloud. By default, the LAN interface has the IP address of 192.168.200.99/24 and runs a DHCP server serving addresses from 192.168.200.110. You can enable the management of LAN-side capabilities from FortiEdge Cloud.

FortiExtender supports DHCP server with reserved addresses. To take advantage of this feature, you must do the following:

  1. Enable the set reserved-address option, as shown above.
  2. Configure the system DHCP-reserved-address using the following commands:

edit 1

set ip <preferred host IP>

set mac <mac address of host>

set action <reserved | blocked>

end

Note
  • set action reserved ensures that the same IP is assigned to the host with a matching MAC address.
  • set action disabled ensures that the host with a given MAC address is not assigned an IP address.

Configure DHCP server

Configure DHCP server

You can configure the DHCP server from FortiEdge Cloud or locally while the device is set in NAT mode.

To configure the DHCP server, change the IP address of the LAN interface to the correct subnet, and then create the DHCP server subnet using commands described in the table below.

CLI command

Description

config system dhcpserver

Enters DHCP server configuration mode.

edit <name>

Specify the name of the DHCP server.

set status {enable | disable | backup}

Set the DHCP server status:

  • enable—Enable the DHCP server.
  • disable—Disable the DHCP server.
  • backup— Enable in VRRP backup mode. (Note: The DHCP server is launched only when the VRRP primary goes down.)

set lease-time <lease_time>

Specify the DHCP address lease time in seconds. The valid range is 300–8640000. 0 means unlimited.

set dns-service {default | specify | wan-dns}

Select one of the options for assigning a DNS server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' DNS server IP address.
  • default—Clients are assigned the FortiExtender configured DNS server.
  • specify—Specify up to three DNS servers in the DHCP server configuration.
  • wan-dns—The DNS of the WAN interface that is added becomes clients' DNS server IP address.

set dns-server1 <dns_server1>

Specify the IP address of DNS Server 1.

set dns-server2 <dns_server2>

Specify the IP address of DNS Server 2.

set dns-server3 <dns_server3>

Specify the IP address of DNS Server 3.

set ntp-service {default | specify}

Select an option for assigning a Network Time Protocol (NTP) server to DHCP clients:

  • local—The IP address of the interface of the DHCP server that is added becomes clients' NTP server IP address.
  • default—Clients are assigned the FortiExtender configured NTP servers.
  • specify—Specify up to three NTP servers.

set ntp-server1 <ntp_server1>

Specify the IP address of NTP Server 1.

set ntp-server2 <ntp_server2>

Specify the IP address of NTP Server 2.

set ntp-server3 <ntp_server3>

Specify the IP address of NTP Server 3.

set default-gateway <gateway>

Specify the default gateway IP address assigned by the DHCP server.

set netmask <netmask>

Specify the netmask assigned by the DHCP server.

set interface <interface>

Specify the interface on which the DHCP server is expected to run.

set start-ip <start_ip>

Specify the start IP address of the DHCP IP address range. For example, 192.168.1.100.

set end-ip <end_ip>

Specify the end IP address of the DHCP IP address range. For example, 192.168.1.120.

Set mtu <mtu size>

Specify the MTU size. The default value is 1500.

Set reserved-address <enable/disable>

Set the reserved address enable or disable:

  • enable—enable reserved address option by configuring ip, mac and action as reserved or block.

  • disable—Disable reserved address option.

Example DHCP server configuration:
FX201E5919000222 (1) <M> # show 
edit 1
    set status enable
    set lease-time 86400
    set dns-service default
    set ntp-service specify
    set ntp-server1 
    set ntp-server2 
    set ntp-server3 
    set default-gateway 192.168.200.99
    set netmask 255.255.255.0
    set interface lan
    set start-ip 192.168.200.100
    set end-ip 192.168.200.150
    set mtu 1500
    set reserved-address enable
    config reserved-addresses
        edit 1
            set ip 192.168.200.101
            set mac 45:59:b1:5f:db:ca
            set action reserved
        next
    end
next

FortiExtender LAN interface(s) can be configured in static IP address mode locally or from FortiEdge Cloud. By default, the LAN interface has the IP address of 192.168.200.99/24 and runs a DHCP server serving addresses from 192.168.200.110. You can enable the management of LAN-side capabilities from FortiEdge Cloud.

FortiExtender supports DHCP server with reserved addresses. To take advantage of this feature, you must do the following:

  1. Enable the set reserved-address option, as shown above.
  2. Configure the system DHCP-reserved-address using the following commands:

edit 1

set ip <preferred host IP>

set mac <mac address of host>

set action <reserved | blocked>

end

Note
  • set action reserved ensures that the same IP is assigned to the host with a matching MAC address.
  • set action disabled ensures that the host with a given MAC address is not assigned an IP address.