Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Configuring a DHCP shared subnet

    Configuring a DHCP shared subnet

    Note

    This information is also available in the FortiOS 7.4 Administration Guide:

    A FortiGate can act as a DHCP server and assign IP addresses from different subnets to clients on the same interface or VLAN based on the requests coming from the same DHCP relay agent. A FortiGate may have more than one server and pool associated with the relay agent, and it can assign IP addresses from the next server when the current one is exhausted. This way, the FortiGate can allocate IP addresses more efficiently and avoid wasting unused addresses in each subnet.

    config system dhcp server
    edit <id>
        set shared-subnet {enable | disable}
        set relay-agent <ip_address>
    next
end

    Example

    In this example, there are two DHCP servers configured on the FortiGate. The first two clients (1 and 2) get their IP from the DHCP server 1. Once the DHCP server 1's IP pool is exhausted, subsequent clients (3 and 4) get their IP from DHCP server 2.

    To configure a DHCP shared subnet:

    1. Configure the DHCP servers:

      config system dhcp server
    edit 1
        set default-gateway 10.18.0.10
        set netmask 255.255.255.0
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.0.110
                set end-ip 10.18.0.111
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
    edit 2
        set default-gateway 10.18.1.130
        set netmask 255.255.255.128
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.1.200
                set end-ip 10.18.1.201
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
end

    2. Verify the DHCP lease list:

      # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023

Result: PASS

      Clients 1 and 2 get their IP from the DHCP server 1.

      When the IP pool is exhausted, the DHCP daemon assigns the IP from other pools that have the same relay agent.

    3. Verify the DHCP lease list:

      # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023
  10.18.1.200	00:50:56:02:92:13	                          2            Fri Jan 13 15:38:05 2023
  10.18.1.201	00:50:56:02:92:14	                          2            Fri Jan 13 15:38:06 2023

      Clients 3 and 4 get their IP from DHCP server 2, since the server 1 IP pool is exhausted.

    Previous
    Next

    Configuring a DHCP shared subnet

    Configuring a DHCP shared subnet

    Note

    This information is also available in the FortiOS 7.4 Administration Guide:

    A FortiGate can act as a DHCP server and assign IP addresses from different subnets to clients on the same interface or VLAN based on the requests coming from the same DHCP relay agent. A FortiGate may have more than one server and pool associated with the relay agent, and it can assign IP addresses from the next server when the current one is exhausted. This way, the FortiGate can allocate IP addresses more efficiently and avoid wasting unused addresses in each subnet.

    config system dhcp server
    edit <id>
        set shared-subnet {enable | disable}
        set relay-agent <ip_address>
    next
end

    Example

    In this example, there are two DHCP servers configured on the FortiGate. The first two clients (1 and 2) get their IP from the DHCP server 1. Once the DHCP server 1's IP pool is exhausted, subsequent clients (3 and 4) get their IP from DHCP server 2.

    To configure a DHCP shared subnet:

    1. Configure the DHCP servers:

      config system dhcp server
    edit 1
        set default-gateway 10.18.0.10
        set netmask 255.255.255.0
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.0.110
                set end-ip 10.18.0.111
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
    edit 2
        set default-gateway 10.18.1.130
        set netmask 255.255.255.128
        set interface "p2_vl3819"
        config ip-range
            edit 1
                set start-ip 10.18.1.200
                set end-ip 10.18.1.201
            next
        end
        set shared-subnet enable
        set relay-agent 10.18.0.10
        set dns-server1 8.8.8.8
    next
end

    2. Verify the DHCP lease list:

      # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023

Result: PASS

      Clients 1 and 2 get their IP from the DHCP server 1.

      When the IP pool is exhausted, the DHCP daemon assigns the IP from other pools that have the same relay agent.

    3. Verify the DHCP lease list:

      # execute dhcp lease-list
port6
  IP		MAC-Address	 Hostname    VCI    SSID    AP    SERVER-ID    Expiry
  10.18.0.110	00:50:56:02:92:11	                          1            Fri Jan 13 15:37:35 2023
  10.18.0.111	00:50:56:02:92:12	                          1            Fri Jan 13 15:37:38 2023
  10.18.1.200	00:50:56:02:92:13	                          2            Fri Jan 13 15:38:05 2023
  10.18.1.201	00:50:56:02:92:14	                          2            Fri Jan 13 15:38:06 2023

      Clients 3 and 4 get their IP from DHCP server 2, since the server 1 IP pool is exhausted.

    Previous
    Next