Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.0 Administration Guide
7.4.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

DHCP shared subnet NEW

DHCP shared subnet NEW

A FortiGate can act as a DHCP server and assign IP addresses from different subnets to clients on the same interface or VLAN based on the requests coming from the same DHCP relay agent. A FortiGate may have more than one server and pool associated with the relay agent, and it can assign IP addresses from the next server when the current one is exhausted. This way, the FortiGate can allocate IP addresses more efficiently and avoid wasting unused addresses in each subnet.

config system dhcp server
    edit <id>
        set shared-subnet {enable | disable}
        set relay-agent <ip_address>
    next
end

Example

In this example, there are two DHCP servers configured on the FortiGate. The first two clients (1 and 2) get their IP from the DHCP server 1. Once the DHCP server 1's IP pool is exhausted, subsequent clients (3 and 4) get their IP from DHCP server 2.

To configure a DHCP shared subnet:

  1. Configure the DHCP servers:

    config system dhcp server
    edit 1
        set default-gateway 10.18.0.10
        set netmask 255.255.255.0
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.0.110
                set end-ip 10.18.0.111
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
    edit 2
        set default-gateway 10.18.1.130
        set netmask 255.255.255.128
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.1.200
                set end-ip 10.18.1.201
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
end

  2. Verify the DHCP lease list:

    # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023

Result: PASS

    Clients 1 and 2 get their IP from the DHCP server 1.

    When the IP pool is exhausted, the DHCP daemon assigns the IP from other pools that have the same relay agent.

  3. Verify the DHCP lease list:

    # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023
  10.18.1.200	00:50:56:02:92:13	                          2            Fri Jan 13 15:38:05 2023
  10.18.1.201	00:50:56:02:92:14	                          2            Fri Jan 13 15:38:06 2023

    Clients 3 and 4 get their IP from DHCP server 2, since the server 1 IP pool is exhausted.

Previous
Next

DHCP shared subnet NEW

A FortiGate can act as a DHCP server and assign IP addresses from different subnets to clients on the same interface or VLAN based on the requests coming from the same DHCP relay agent. A FortiGate may have more than one server and pool associated with the relay agent, and it can assign IP addresses from the next server when the current one is exhausted. This way, the FortiGate can allocate IP addresses more efficiently and avoid wasting unused addresses in each subnet.

config system dhcp server
    edit <id>
        set shared-subnet {enable | disable}
        set relay-agent <ip_address>
    next
end

Example

In this example, there are two DHCP servers configured on the FortiGate. The first two clients (1 and 2) get their IP from the DHCP server 1. Once the DHCP server 1's IP pool is exhausted, subsequent clients (3 and 4) get their IP from DHCP server 2.

To configure a DHCP shared subnet:

  1. Configure the DHCP servers:

    config system dhcp server
    edit 1
        set default-gateway 10.18.0.10
        set netmask 255.255.255.0
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.0.110
                set end-ip 10.18.0.111
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
    edit 2
        set default-gateway 10.18.1.130
        set netmask 255.255.255.128
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.1.200
                set end-ip 10.18.1.201
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
end

  2. Verify the DHCP lease list:

    # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023

Result: PASS

    Clients 1 and 2 get their IP from the DHCP server 1.

    When the IP pool is exhausted, the DHCP daemon assigns the IP from other pools that have the same relay agent.

  3. Verify the DHCP lease list:

    # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023
  10.18.1.200	00:50:56:02:92:13	                          2            Fri Jan 13 15:38:05 2023
  10.18.1.201	00:50:56:02:92:14	                          2            Fri Jan 13 15:38:06 2023

    Clients 3 and 4 get their IP from DHCP server 2, since the server 1 IP pool is exhausted.

Previous
Next