Fortinet black logo

Administration Guide

DHCP server

DHCP server

A DHCP server leases IP addresses from a defined address range to clients on the network that request dynamically assigned addresses.

A DHCP server can be in server or relay mode. In server mode, you can define one or more address ranges it assigns addresses from, and options such as the default gateway, DNS server, lease time, and other advanced options. In relay mode, the interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients. The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.

Configure a DHCP server on an interface

To configure a DHCP server in the GUI:
  1. Go to Network > Interfaces.
  2. Edit an interface.
  3. Enable the DHCP Server option and configure the settings.
  4. Click OK.
To configure a DHCP server in the CLI:
config system dhcp server
    edit 1
        set dns-service default
        set default-gateway 192.168.1.2
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 192.168.1.1
                set end-ip 192.168.1.1
            next
            edit 2
                set start-ip 192.168.1.3
                set end-ip 192.168.1.254
            next
        end
        set timezone-option default
        set tftp-server "172.16.1.2"
    next
end

Configure a DHCP relay on an interface

To configure a DHCP relay in the GUI:
  1. Go to Network > Interfaces.
  2. Edit an interface.
  3. Enable the DHCP Server option and set DHCP status to Disabled.
  4. Expand the Advanced section and set Mode to Relay.
  5. Enter the DHCP Server IP.
  6. Click OK.
To configure a DHCP relay in the CLI:
  1. Configure the interface:

    config system interface
        edit "port2"
            set vdom "root"
            set dhcp-relay-service enable
            set ip 10.1.1.5 255.255.255.0
            set allowaccess ping https ssh fabric
            set type physical
            set snmp-index 4
            set dhcp-relay-ip "192.168.20.10"
        next
    end
    
  2. On the DHCP server settings for the interface, set the status to disable:

    config system dhcp server
        edit 17
            set status disable
            set dns-service default
            set default-gateway 10.1.1.5
            set netmask 255.255.255.0
            set interface "port2"
        next
    end

Configure a DHCP server and relay on an interface

A FortiGate interface can be configured to work in DHCP server mode to lease out addresses, and at the same time relay the DHCP packets to another device, such as a FortiNAC to perform device profiling.

The DHCP message to be forwarded to the relay server under the following conditions:

  • dhcp-relay-request-all-server is enabled

  • Message type is either DHCPDISCOVER or DHCPINFORM

  • Client IP address in client message is 0

  • Server ID is NULL in the client message

  • Server address is a broadcast address (255.255.255.255)

  • Server address is 0

To configure a DHCP server and relay in the GUI:
  1. Go to Network > Interfaces.
  2. Edit an interface.
  3. Enable the DHCP Server option and set DHCP status to Enabled.
  4. Edit the address range as required.
  5. Expand the Advanced section and set Mode to Relay.
  6. Enter the DHCP Server IP.
  7. Click OK.
  8. In the CLI, enable dhcp-relay-request-all-server.
To configure a DHCP server and relay in the CLI:
  1. Configure the interface:

    config system interface
        edit "port2"
            set vdom "root"
            set dhcp-relay-service enable
            set ip 10.1.1.5 255.255.255.0
            set allowaccess ping https ssh fabric
            set type physical
            set snmp-index 4
            set dhcp-relay-ip "192.168.20.10"
            set dhcp-relay-request-all-server enable
        next
    end
  2. Configure the DHCP server settings:

    config system dhcp server
        edit 17
            set status enable
            set dns-service default
            set default-gateway 10.1.1.5
            set netmask 255.255.255.0
            set interface "port2"
        next
    end

DHCP server

A DHCP server leases IP addresses from a defined address range to clients on the network that request dynamically assigned addresses.

A DHCP server can be in server or relay mode. In server mode, you can define one or more address ranges it assigns addresses from, and options such as the default gateway, DNS server, lease time, and other advanced options. In relay mode, the interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients. The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.

Configure a DHCP server on an interface

To configure a DHCP server in the GUI:
  1. Go to Network > Interfaces.
  2. Edit an interface.
  3. Enable the DHCP Server option and configure the settings.
  4. Click OK.
To configure a DHCP server in the CLI:
config system dhcp server
    edit 1
        set dns-service default
        set default-gateway 192.168.1.2
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 192.168.1.1
                set end-ip 192.168.1.1
            next
            edit 2
                set start-ip 192.168.1.3
                set end-ip 192.168.1.254
            next
        end
        set timezone-option default
        set tftp-server "172.16.1.2"
    next
end

Configure a DHCP relay on an interface

To configure a DHCP relay in the GUI:
  1. Go to Network > Interfaces.
  2. Edit an interface.
  3. Enable the DHCP Server option and set DHCP status to Disabled.
  4. Expand the Advanced section and set Mode to Relay.
  5. Enter the DHCP Server IP.
  6. Click OK.
To configure a DHCP relay in the CLI:
  1. Configure the interface:

    config system interface
        edit "port2"
            set vdom "root"
            set dhcp-relay-service enable
            set ip 10.1.1.5 255.255.255.0
            set allowaccess ping https ssh fabric
            set type physical
            set snmp-index 4
            set dhcp-relay-ip "192.168.20.10"
        next
    end
    
  2. On the DHCP server settings for the interface, set the status to disable:

    config system dhcp server
        edit 17
            set status disable
            set dns-service default
            set default-gateway 10.1.1.5
            set netmask 255.255.255.0
            set interface "port2"
        next
    end

Configure a DHCP server and relay on an interface

A FortiGate interface can be configured to work in DHCP server mode to lease out addresses, and at the same time relay the DHCP packets to another device, such as a FortiNAC to perform device profiling.

The DHCP message to be forwarded to the relay server under the following conditions:

  • dhcp-relay-request-all-server is enabled

  • Message type is either DHCPDISCOVER or DHCPINFORM

  • Client IP address in client message is 0

  • Server ID is NULL in the client message

  • Server address is a broadcast address (255.255.255.255)

  • Server address is 0

To configure a DHCP server and relay in the GUI:
  1. Go to Network > Interfaces.
  2. Edit an interface.
  3. Enable the DHCP Server option and set DHCP status to Enabled.
  4. Edit the address range as required.
  5. Expand the Advanced section and set Mode to Relay.
  6. Enter the DHCP Server IP.
  7. Click OK.
  8. In the CLI, enable dhcp-relay-request-all-server.
To configure a DHCP server and relay in the CLI:
  1. Configure the interface:

    config system interface
        edit "port2"
            set vdom "root"
            set dhcp-relay-service enable
            set ip 10.1.1.5 255.255.255.0
            set allowaccess ping https ssh fabric
            set type physical
            set snmp-index 4
            set dhcp-relay-ip "192.168.20.10"
            set dhcp-relay-request-all-server enable
        next
    end
  2. Configure the DHCP server settings:

    config system dhcp server
        edit 17
            set status enable
            set dns-service default
            set default-gateway 10.1.1.5
            set netmask 255.255.255.0
            set interface "port2"
        next
    end