config system dhcp template
This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100F, FortiGate 101F Gen2, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 121G, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 200G, FortiGate 201E, FortiGate 201F, FortiGate 201G, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 30G, FortiGate 31G, FortiGate 3200F, FortiGate 3201F Gen2, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F Gen2, FortiGate 3501F Gen2, FortiGate 3600E, FortiGate 3601E, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F Gen2, FortiGate 4400F, FortiGate 4401F Gen2, FortiGate 4800F, FortiGate 4801F, FortiGate 500E, FortiGate 501E, FortiGate 50G 5G, FortiGate 50G DSL, FortiGate 50G SFP-POE, FortiGate 50G SFP, FortiGate 50G, FortiGate 51G 5G, FortiGate 51G SFP-POE, FortiGate 51G, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60F, FortiGate 61F, FortiGate 70F, FortiGate 70G-POE, FortiGate 70G, FortiGate 71F, FortiGate 71G-POE, FortiGate 71G, FortiGate 800D, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F Gen2, FortiGate 80F-POE, FortiGate 81F Gen2, FortiGate 81F-POE, FortiGate 900D, FortiGate 900G, FortiGate 901G, FortiGate 90G Gen2, FortiGate 90G, FortiGate 91G Gen2, FortiGate 91G, FortiGateRugged 50G 5G, FortiGateRugged 60F 3G4G, FortiGateRugged 60F Gen2, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiGateRugged 70G 5G Dual, FortiGateRugged 70G, FortiWiFi 30G, FortiWiFi 31G, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 50G 5G, FortiWiFi 50G DSL, FortiWiFi 50G SFP, FortiWiFi 50G, FortiWiFi 51G, FortiWiFi 60F, FortiWiFi 61F, FortiWiFi 70G-POE, FortiWiFi 70G, FortiWiFi 71G, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.
It is not available for: FortiGate-VM64 Aliyun, FortiGate-VM64 AWS, FortiGate-VM64 Azure, FortiGate-VM64 GCP, FortiGate-VM64 OPC, FortiGate-VM64.
Configure DHCP server templates.
config system dhcp template
Description: Configure DHCP server templates.
edit <name>
set auto-configuration [disable|enable]
set conflicted-ip-timeout {integer}
set ddns-auth [disable|tsig]
set ddns-key {password_aes256}
set ddns-keyname {string}
set ddns-server-ip {ipv4-address}
set ddns-ttl {integer}
set ddns-update [disable|enable]
set ddns-update-override [disable|enable]
set ddns-zone {string}
set dns-server1 {ipv4-address}
set dns-server2 {ipv4-address}
set dns-server3 {ipv4-address}
set dns-server4 {ipv4-address}
set dns-service [local|default|...]
set domain {string}
config exclude-range
Description: Exclude one or more ranges of IP addresses from being assigned to clients.
edit <id>
set ip-count {integer}
set lease-time {integer}
set oui-match [disable|enable]
set oui-string <oui-string1>, <oui-string2>, ...
set start-ip-index {integer}
set uci-match [disable|enable]
set uci-string <uci-string1>, <uci-string2>, ...
set vci-match [disable|enable]
set vci-string <vci-string1>, <vci-string2>, ...
set vendor {string}
next
end
set fabric-force-sync [enable|disable]
set fabric-object [enable|disable]
set fabric-object-source [member|local|...]
set filename {string}
set forticlient-on-net-status [disable|enable]
config ip-range
Description: DHCP IP range configuration.
edit <id>
set ip-count {integer}
set lease-time {integer}
set oui-match [disable|enable]
set oui-string <oui-string1>, <oui-string2>, ...
set reserve [disable|enable]
set uci-match [disable|enable]
set uci-string <uci-string1>, <uci-string2>, ...
set vci-match [disable|enable]
set vci-string <vci-string1>, <vci-string2>, ...
set vendor {string}
next
end
set ipsec-lease-hold {integer}
set lease-time {integer}
set mac-acl-default-action [assign|block]
set next-server {ipv4-address}
set ntp-server1 {ipv4-address}
set ntp-server2 {ipv4-address}
set ntp-server3 {ipv4-address}
set ntp-service [local|default|...]
config options
Description: DHCP options.
edit <id>
set code {integer}
set ip {user}
set type [hex|string|...]
set uci-match [disable|enable]
set uci-string <uci-string1>, <uci-string2>, ...
set value {string}
set vci-match [disable|enable]
set vci-string <vci-string1>, <vci-string2>, ...
next
end
set relay-agent {ipv4-address}
set reserve-extra-addresses [disable|enable]
config reserved-address
Description: Options for the DHCP server to assign IP settings to specific MAC addresses.
edit <id>
set action [assign|block|...]
set circuit-id {string}
set circuit-id-type [hex|string]
set description {var-string}
set ip-index {integer}
set mac {mac-address}
set remote-id {string}
set remote-id-type [hex|string]
set type [mac|option82]
next
end
set server-type [regular|ipsec]
set shared-subnet [disable|enable]
set tftp-server <tftp-server1>, <tftp-server2>, ...
set timezone {string}
set timezone-option [disable|default|...]
set uuid {uuid}
set vci-match [disable|enable]
set vci-string <vci-string1>, <vci-string2>, ...
set wifi-ac-service [specify|local]
set wifi-ac1 {ipv4-address}
set wifi-ac2 {ipv4-address}
set wifi-ac3 {ipv4-address}
set wins-server1 {ipv4-address}
set wins-server2 {ipv4-address}
next
end
config system dhcp template
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
auto-configuration |
Enable/disable auto configuration. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
conflicted-ip-timeout |
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
integer |
Minimum value: 60 Maximum value: 8640000 |
1800 |
||||||||
|
ddns-auth |
DDNS authentication mode. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ddns-key |
DDNS update key (base 64 encoding). |
password_aes256 |
Not Specified |
|
||||||||
|
ddns-keyname |
DDNS update key name. |
string |
Maximum length: 64 |
|
||||||||
|
ddns-server-ip |
DDNS server IP. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
ddns-ttl |
TTL. |
integer |
Minimum value: 60 Maximum value: 86400 |
300 |
||||||||
|
ddns-update |
Enable/disable DDNS update for DHCP. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ddns-update-override |
Enable/disable DDNS update override for DHCP. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ddns-zone |
Zone of your domain name (ex. DDNS.com). |
string |
Maximum length: 64 |
|
||||||||
|
dns-server1 |
DNS server 1. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
dns-server2 |
DNS server 2. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
dns-server3 |
DNS server 3. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
dns-server4 |
DNS server 4. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
dns-service |
Options for assigning DNS servers to DHCP clients. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
domain |
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
string |
Maximum length: 35 |
|
||||||||
|
fabric-force-sync |
Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
fabric-object |
Security Fabric global object setting. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
fabric-object-source |
Source of truth for fabric object. |
option |
- |
root |
||||||||
|
|
|
|||||||||||
|
filename |
Name of the boot file on the TFTP server. |
string |
Maximum length: 127 |
|
||||||||
|
forticlient-on-net-status |
Enable/disable FortiClient-On-Net service for this DHCP server. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
ipsec-lease-hold |
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). |
integer |
Minimum value: 0 Maximum value: 8640000 |
60 |
||||||||
|
lease-time |
Lease time in seconds, 0 means unlimited. |
integer |
Minimum value: 300 Maximum value: 8640000 |
604800 |
||||||||
|
mac-acl-default-action |
MAC access control default action (allow or block assigning IP settings). |
option |
- |
assign |
||||||||
|
|
|
|||||||||||
|
name |
DHCP server template name. |
string |
Maximum length: 35 |
|
||||||||
|
next-server |
IP address of a server, such as a TFTP server, from which DHCP clients can download a boot file. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
ntp-server1 |
NTP server 1. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
ntp-server2 |
NTP server 2. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
ntp-server3 |
NTP server 3. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
ntp-service |
Options for assigning Network Time Protocol (NTP) servers to DHCP clients. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
relay-agent |
Relay agent IP. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
reserve-extra-addresses |
Enable/disable reservation of the extra IP addresses in the subnet. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
server-type |
DHCP server can be a normal DHCP server or an IPsec DHCP server. |
option |
- |
regular |
||||||||
|
|
|
|||||||||||
|
shared-subnet |
Enable/disable shared subnet. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
tftp-server |
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. TFTP server. |
string |
Maximum length: 63 |
|
||||||||
|
timezone |
Select the time zone to be assigned to DHCP clients. |
string |
Maximum length: 63 |
|
||||||||
|
timezone-option |
Options for the DHCP server to set the client's time zone. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
uuid |
Universally Unique Identifier (UUID; automatically assigned but can be manually reset). |
uuid |
Not Specified |
00000000-0000-0000-0000-000000000000 |
||||||||
|
vci-match |
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
vci-string |
One or more VCI strings in quotes separated by spaces. VCI strings. |
string |
Maximum length: 255 |
|
||||||||
|
wifi-ac-service |
Options for assigning WiFi access controllers to DHCP clients. |
option |
- |
specify |
||||||||
|
|
|
|||||||||||
|
wifi-ac1 |
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
wifi-ac2 |
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
wifi-ac3 |
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
wins-server1 |
WINS server 1. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
wins-server2 |
WINS server 2. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
config exclude-range
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
|
ip-count |
Number of IP addresses to include in the range. |
integer |
Minimum value: 1 Maximum value: 16777216 |
0 |
||||||
|
lease-time |
Lease time in seconds, 0 means default lease time. |
integer |
Minimum value: 300 Maximum value: 8640000 |
0 |
||||||
|
oui-match |
Enable/disable organizationally unique identifier (OUI) matching. When enabled only DHCP requests with a matching OUI are served with this range. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
oui-string |
One or more OUI strings in quotes separated by spaces (in format of xx:xx:xx). MAC OUI strings. |
string |
Maximum length: 17 |
|
||||||
|
start-ip-index |
Start of IP range. |
integer |
Minimum value: 1 Maximum value: 16777216 |
0 |
||||||
|
uci-match |
Enable/disable user class identifier (UCI) matching. When enabled only DHCP requests with a matching UCI are served with this range. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
uci-string |
One or more UCI strings in quotes separated by spaces. UCI strings. |
string |
Maximum length: 255 |
|
||||||
|
vci-match |
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served with this range. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
vci-string |
One or more VCI strings in quotes separated by spaces. VCI strings. |
string |
Maximum length: 255 |
|
||||||
|
vendor |
Vendor this ip-range will be assigned to. |
string |
Maximum length: 255 |
|
||||||
config ip-range
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
|
ip-count |
Number of IP addresses to include in the range. |
integer |
Minimum value: 1 Maximum value: 16777216 |
0 |
||||||
|
lease-time |
Lease time in seconds, 0 means default lease time. |
integer |
Minimum value: 300 Maximum value: 8640000 |
0 |
||||||
|
oui-match |
Enable/disable organizationally unique identifier (OUI) matching. When enabled only DHCP requests with a matching OUI are served with this range. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
oui-string |
One or more OUI strings in quotes separated by spaces (in format of xx:xx:xx). MAC OUI strings. |
string |
Maximum length: 17 |
|
||||||
|
reserve |
Enable/disable address reservation for use without DHCP. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
uci-match |
Enable/disable user class identifier (UCI) matching. When enabled only DHCP requests with a matching UCI are served with this range. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
uci-string |
One or more UCI strings in quotes separated by spaces. UCI strings. |
string |
Maximum length: 255 |
|
||||||
|
vci-match |
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served with this range. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
vci-string |
One or more VCI strings in quotes separated by spaces. VCI strings. |
string |
Maximum length: 255 |
|
||||||
|
vendor |
Vendor this ip-range will be assigned to. |
string |
Maximum length: 255 |
|
||||||
config options
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
code |
DHCP option code. |
integer |
Minimum value: 0 Maximum value: 255 |
0 |
||||||||||
|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||
|
ip |
DHCP option IPs. |
user |
Not Specified |
|
||||||||||
|
type |
DHCP option type. |
option |
- |
hex |
||||||||||
|
|
|
|||||||||||||
|
uci-match |
Enable/disable user class identifier (UCI) matching. When enabled only DHCP requests with a matching UCI are served with this option. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
uci-string |
One or more UCI strings in quotes separated by spaces. UCI strings. |
string |
Maximum length: 255 |
|
||||||||||
|
value |
DHCP option value. |
string |
Maximum length: 312 |
|
||||||||||
|
vci-match |
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served with this option. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
vci-string |
One or more VCI strings in quotes separated by spaces. VCI strings. |
string |
Maximum length: 255 |
|
||||||||||
config reserved-address
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
action |
Options for the DHCP server to configure the client with the reserved MAC address. |
option |
- |
reserved |
||||||||
|
|
|
|||||||||||
|
circuit-id |
Option 82 circuit-ID of the client that will get the reserved IP address. |
string |
Maximum length: 312 |
|
||||||||
|
circuit-id-type |
DHCP option type. |
option |
- |
string |
||||||||
|
|
|
|||||||||||
|
description |
Description. |
var-string |
Maximum length: 255 |
|
||||||||
|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
|
ip-index |
Index of IP address to be reserved for the MAC address. |
integer |
Minimum value: 1 Maximum value: 16777216 |
0 |
||||||||
|
mac |
MAC address of the client that will get the reserved IP address. |
mac-address |
Not Specified |
00:00:00:00:00:00 |
||||||||
|
remote-id |
Option 82 remote-ID of the client that will get the reserved IP address. |
string |
Maximum length: 312 |
|
||||||||
|
remote-id-type |
DHCP option type. |
option |
- |
string |
||||||||
|
|
|
|||||||||||
|
type |
DHCP reserved-address type. |
option |
- |
mac |
||||||||
|
|
|
|||||||||||