DHCP enhancements 7.2.4

This information is also available in the FortiOS 7.2 Administration Guide:

The following enhancements have been added for DHCP:

Increase the number of supported IP ranges from 3 to 10
Support DHCP option 77 for User Class information
Support customizing the lease time

config system dhcp server
    edit <id>
        config ip-range
            edit <id>
                set uci-match {enable | disable}
                set uci-string <string>
                set lease-time <integer>
            next
        end
        config options
            edit <id>
                set uci-match {enable | disable}
                set uci-string <string>
            next
        end
    next
end

uci-match {enable \| disable}	Enable/disable User Class information (UCI) matching for option 77. When enabled, only DHCP requests with a matching UCI are served with this range.
uci-string <string>	Enter one or more UCI strings in quotation marks separated by spaces.
lease-time <integer>	Set the lease time for a specific IP range, in seconds (300 - 864000, default = 0). If the default (0) is used for an IP range, it applies the global DHCP server lease time setting, which is set to 604800 by default.

Example 1: configuring IP ranges

In this example, ten IP ranges are configured on the DHCP server.

To configure ten IP ranges on a DHCP server:

config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 17.17.17.1
                set end-ip 17.17.17.1
            next
            edit 2
                set start-ip 17.17.17.2
                set end-ip 17.17.17.2
            next
            edit 3
                set start-ip 17.17.17.3
                set end-ip 17.17.17.3
            next
            edit 4
                set start-ip 17.17.17.4
                set end-ip 17.17.17.4
            next
            edit 5
                set start-ip 17.17.17.5
                set end-ip 17.17.17.5
            next
            edit 6
                set start-ip 17.17.17.6
                set end-ip 17.17.17.6
            next 
            edit 7
                set start-ip 17.17.17.7
                set end-ip 17.17.17.7
            next
            edit 8
                set start-ip 17.17.17.8
                set end-ip 17.17.17.8
            next
            edit 9
                set start-ip 17.17.17.9
                set end-ip 17.17.17.9
            next
            edit 10
                set start-ip 17.17.17.10
                set end-ip 17.17.17.10
            next
        end
    next
end

Example 2: configuring User Class matching and lease time

In this example, when the User Class ID is matched, the FortiGate assigns the second IP range (17.17.17.2), and the lease time is set to 1111 seconds.

To configure the DHCP server:

config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 17.17.17.1
                set end-ip 17.17.17.1
                set vci-match enable
                set vci-string "Cisco AP c3800"
            next
            edit 2
                set start-ip 17.17.17.2
                set end-ip 17.17.17.2
                set uci-match enable
                set uci-string "FGT-3112"
                set lease-time 1111
            next
            edit 3
                set start-ip 17.17.17.3
                set end-ip 17.17.17.3
            next
        end
        set vci-match enable
        set vci-string "FGT"
    next
end

When a client request consists of a FGT-3112 User Class ID, 17.17.17.2 is allocated to it.

To verify the configuration:

Run debugging for the DHCP server:

# diagnose debug application dhcps -1                    
    [debug]locate_network prhtype(1) pihtype(1)
    [debug]find_lease(): leaving function WITHOUT a lease
    [note]DHCPDISCOVER from e8:1c:ba:de:aa:16 via port1(ethernet)
    [debug]found a new lease of ip 17.17.17.2
    [debug]added ip 17.17.17.2 mac e8:1c:ba:de:aa:16 in vd root
    [debug]packet length 548
    [debug]op = 1  htype = 1  hlen = 6  hops = 0
    [debug]xid = 1b7c2c82  secs = 14336  flags = 80
    [debug]ciaddr = 0.0.0.0
    [debug]yiaddr = 0.0.0.0
    [debug]siaddr = 0.0.0.0
    [debug]giaddr = 0.0.0.0
    [debug]chaddr = e8:1c:ba:de:aa:16
    [debug]filename = 
    [debug]server_name = 
    [debug]  host-name = "500E-B-3112"
    [debug]  dhcp-message-type = 1
    [debug]  dhcp-parameter-request-list = 1,2,3,121,6,12,15,28,40,42,240,241
    [debug]  dhcp-max-message-size = 1458
    [debug]  dhcp-class-identifier = "FortiGate-500E"
    [debug]  dhcp-client-identifier = 1:e8:1c:ba:de:aa:16
    [debug]  user-class = "FGT-3112"

Verify the DHCP leases:

# execute dhcp lease-list 
    port1
      IP            MAC-Address          Hostname        VCI              SSID          AP          SERVER-ID           Expiry
      17.17.17.2    e8:1c:ba:de:aa:16    500E-B-3112     FortiGate-500E                             1                   Fri Oct  7 10:11:33 2022

Example 3: configuring User Class matching for custom option assignments

In this example, when the User Class ID is matched, the FortiGate assigns option 66, the TFTP server name, and the value testdatatestdata.

To configure the DHCP server:

config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 17.17.17.1
                set end-ip 17.17.17.1
            next
        end
        config options
            edit 1
                set code 66
                set type string
                set uci-match enable
                set uci-string "FGT-3112"
                set value "testdatatestdata"
            next
        end
        set vci-match enable
        set vci-string "FGT"
    next
end

When a client request consists of a FGT-3112 User Class ID, option 66 is included in the DHCP offer.

To verify the DHCP discover and offer through packet captures:

Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xf6f26d22
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Fortinet_de:aa:16 (e8:1c:ba:de:aa:16)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    ...Option: (77) User Class Information
        Length: 8
        User Class Data (Text): FGT-3112
    Option: (255) End
        Option End: 255
    Padding: 000000000000000000000000000000000000000000000000000000000000000000000000…

Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xf6f26d22
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 17.17.17.1
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Fortinet_de:aa:16 (e8:1c:ba:de:aa:16)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
        Length: 1
        DHCP: Offer (2)
    Option: (54) DHCP Server Identifier (17.17.17.94)
        Length: 4
        DHCP Server Identifier: 17.17.17.94
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (604800s) 7 days
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (58) Renewal Time Value
        Length: 4
        Renewal Time Value: (302400s) 3 days, 12 hours
    Option: (59) Rebinding Time Value
        Length: 4
        Rebinding Time Value: (529200s) 6 days, 3 hours
    Option: (66) TFTP Server Name
        Length: 16
        TFTP Server Name: testdatatestdata
    Option: (224) Private
        Length: 17
        Value: 4647354830453538313939303330313000
    Option: (255) End

DHCP enhancements 7.2.4

This information is also available in the FortiOS 7.2 Administration Guide:

The following enhancements have been added for DHCP:

Increase the number of supported IP ranges from 3 to 10
Support DHCP option 77 for User Class information
Support customizing the lease time

config system dhcp server
    edit <id>
        config ip-range
            edit <id>
                set uci-match {enable | disable}
                set uci-string <string>
                set lease-time <integer>
            next
        end
        config options
            edit <id>
                set uci-match {enable | disable}
                set uci-string <string>
            next
        end
    next
end

uci-match {enable \| disable}	Enable/disable User Class information (UCI) matching for option 77. When enabled, only DHCP requests with a matching UCI are served with this range.
uci-string <string>	Enter one or more UCI strings in quotation marks separated by spaces.
lease-time <integer>	Set the lease time for a specific IP range, in seconds (300 - 864000, default = 0). If the default (0) is used for an IP range, it applies the global DHCP server lease time setting, which is set to 604800 by default.

Example 1: configuring IP ranges

In this example, ten IP ranges are configured on the DHCP server.

To configure ten IP ranges on a DHCP server:

config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 17.17.17.1
                set end-ip 17.17.17.1
            next
            edit 2
                set start-ip 17.17.17.2
                set end-ip 17.17.17.2
            next
            edit 3
                set start-ip 17.17.17.3
                set end-ip 17.17.17.3
            next
            edit 4
                set start-ip 17.17.17.4
                set end-ip 17.17.17.4
            next
            edit 5
                set start-ip 17.17.17.5
                set end-ip 17.17.17.5
            next
            edit 6
                set start-ip 17.17.17.6
                set end-ip 17.17.17.6
            next 
            edit 7
                set start-ip 17.17.17.7
                set end-ip 17.17.17.7
            next
            edit 8
                set start-ip 17.17.17.8
                set end-ip 17.17.17.8
            next
            edit 9
                set start-ip 17.17.17.9
                set end-ip 17.17.17.9
            next
            edit 10
                set start-ip 17.17.17.10
                set end-ip 17.17.17.10
            next
        end
    next
end

Example 2: configuring User Class matching and lease time

In this example, when the User Class ID is matched, the FortiGate assigns the second IP range (17.17.17.2), and the lease time is set to 1111 seconds.

To configure the DHCP server:

config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 17.17.17.1
                set end-ip 17.17.17.1
                set vci-match enable
                set vci-string "Cisco AP c3800"
            next
            edit 2
                set start-ip 17.17.17.2
                set end-ip 17.17.17.2
                set uci-match enable
                set uci-string "FGT-3112"
                set lease-time 1111
            next
            edit 3
                set start-ip 17.17.17.3
                set end-ip 17.17.17.3
            next
        end
        set vci-match enable
        set vci-string "FGT"
    next
end

When a client request consists of a FGT-3112 User Class ID, 17.17.17.2 is allocated to it.

To verify the configuration:

Run debugging for the DHCP server:

# diagnose debug application dhcps -1                    
    [debug]locate_network prhtype(1) pihtype(1)
    [debug]find_lease(): leaving function WITHOUT a lease
    [note]DHCPDISCOVER from e8:1c:ba:de:aa:16 via port1(ethernet)
    [debug]found a new lease of ip 17.17.17.2
    [debug]added ip 17.17.17.2 mac e8:1c:ba:de:aa:16 in vd root
    [debug]packet length 548
    [debug]op = 1  htype = 1  hlen = 6  hops = 0
    [debug]xid = 1b7c2c82  secs = 14336  flags = 80
    [debug]ciaddr = 0.0.0.0
    [debug]yiaddr = 0.0.0.0
    [debug]siaddr = 0.0.0.0
    [debug]giaddr = 0.0.0.0
    [debug]chaddr = e8:1c:ba:de:aa:16
    [debug]filename = 
    [debug]server_name = 
    [debug]  host-name = "500E-B-3112"
    [debug]  dhcp-message-type = 1
    [debug]  dhcp-parameter-request-list = 1,2,3,121,6,12,15,28,40,42,240,241
    [debug]  dhcp-max-message-size = 1458
    [debug]  dhcp-class-identifier = "FortiGate-500E"
    [debug]  dhcp-client-identifier = 1:e8:1c:ba:de:aa:16
    [debug]  user-class = "FGT-3112"

Verify the DHCP leases:

# execute dhcp lease-list 
    port1
      IP            MAC-Address          Hostname        VCI              SSID          AP          SERVER-ID           Expiry
      17.17.17.2    e8:1c:ba:de:aa:16    500E-B-3112     FortiGate-500E                             1                   Fri Oct  7 10:11:33 2022

Example 3: configuring User Class matching for custom option assignments

In this example, when the User Class ID is matched, the FortiGate assigns option 66, the TFTP server name, and the value testdatatestdata.

To configure the DHCP server:

config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 17.17.17.1
                set end-ip 17.17.17.1
            next
        end
        config options
            edit 1
                set code 66
                set type string
                set uci-match enable
                set uci-string "FGT-3112"
                set value "testdatatestdata"
            next
        end
        set vci-match enable
        set vci-string "FGT"
    next
end

When a client request consists of a FGT-3112 User Class ID, option 66 is included in the DHCP offer.

To verify the DHCP discover and offer through packet captures:

Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xf6f26d22
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Fortinet_de:aa:16 (e8:1c:ba:de:aa:16)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    ...Option: (77) User Class Information
        Length: 8
        User Class Data (Text): FGT-3112
    Option: (255) End
        Option End: 255
    Padding: 000000000000000000000000000000000000000000000000000000000000000000000000…

Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xf6f26d22
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 17.17.17.1
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Fortinet_de:aa:16 (e8:1c:ba:de:aa:16)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
        Length: 1
        DHCP: Offer (2)
    Option: (54) DHCP Server Identifier (17.17.17.94)
        Length: 4
        DHCP Server Identifier: 17.17.17.94
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (604800s) 7 days
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (58) Renewal Time Value
        Length: 4
        Renewal Time Value: (302400s) 3 days, 12 hours
    Option: (59) Rebinding Time Value
        Length: 4
        Rebinding Time Value: (529200s) 6 days, 3 hours
    Option: (66) TFTP Server Name
        Length: 16
        TFTP Server Name: testdatatestdata
    Option: (224) Private
        Length: 17
        Value: 4647354830453538313939303330313000
    Option: (255) End

New Features

DHCP enhancements 7.2.4

DHCP enhancements 7.2.4

Example 1: configuring IP ranges

To configure ten IP ranges on a DHCP server:

Example 2: configuring User Class matching and lease time

To configure the DHCP server:

To verify the configuration:

Example 3: configuring User Class matching for custom option assignments

To configure the DHCP server:

To verify the DHCP discover and offer through packet captures:

DHCP enhancements 7.2.4

Example 1: configuring IP ranges

To configure ten IP ranges on a DHCP server:

Example 2: configuring User Class matching and lease time

To configure the DHCP server:

To verify the configuration:

Example 3: configuring User Class matching for custom option assignments

To configure the DHCP server:

To verify the DHCP discover and offer through packet captures: