Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    New Features

    8.0.0
    8.0.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Support CoS marking for FortiGate DHCP client requests

    Support CoS marking for FortiGate DHCP client requests

    FortiOS now supports Class of Service (CoS) marking on locally generated DHCPv4 and DHCPv6 client packets. This enhancement enables FortiGate to obtain IP addresses from service providers that require CoS-marked DHCP requests.

    New options are available:

    config system interface
    edit <name>
        ...
        set mode dhcp
        set dhcp-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]              
        set role lan
        config ipv6
            set ip6-mode dhcp
            set dhcp6-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]         
        end
        set interface "port2"
        set vlanid 3825
        ...
    next
end

    Option

    Description

    dhcp-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]

    CoS in VLAN tag for outgoing DHCP packets (default = cos0).

    Available only for VLAN interface in DHCP mode.

    dhcp6-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]

    CoS in VLAN tag for outgoing DHCPv6 packets (default = cos0).

    Available only for VLAN interface in DHCPv6 mode.

    Example

    This example shows how to enable CoS marking in VLAN tags for outgoing DHCPv4 or DHCPv6 packets.

    To enable CoS marking on a VLAN interface:

    1. For a VLAN interface in DHCP mode, enable CoS markings for DHCPv4 and DHCPv6:

      This example enables cos6 markings.

      config system interface
    edit "p2v3825"
        set vdom "root"
        set mode dhcp
        set allowaccess ping
        set dhcp-egress-cos cos6              
        set device-identification enable
        set role lan
        set snmp-index 16
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
            set dhcp6-egress-cos cos6         
        end
        set interface "port2"
        set vlanid 3825
    next
end

    2. Run the sniffer to capture DHCPv4 and DHCPv6 frames and check the CoS field in 802.1Q header:

      • DHCPv4:

        Frame 12: 594 bytes on wire (4752 bits), 594 bytes captured (4752 bits)
Ethernet II, Src: RealtekU_0f:81:e8 (52:54:00:0f:81:e8), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 3825
    110. .... .... .... = Priority: Internetwork Control (6)   
    ...0 .... .... .... = DEI: Ineligible
    .... 1110 1111 0001 = ID: 3825
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)

      • DHCPv6:

        Frame 616: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits)
Ethernet II, Src: Fortinet_25:23:ec (e0:23:ff:25:23:ec), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 3825
    110. .... .... .... = Priority: Internetwork Control (6)   
    ...0 .... .... .... = DEI: Ineligible
    .... 1110 1111 0001 = ID: 3825
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::e223:ffff:fe25:23ec, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
    Previous
    Next

    Support CoS marking for FortiGate DHCP client requests

    Support CoS marking for FortiGate DHCP client requests

    FortiOS now supports Class of Service (CoS) marking on locally generated DHCPv4 and DHCPv6 client packets. This enhancement enables FortiGate to obtain IP addresses from service providers that require CoS-marked DHCP requests.

    New options are available:

    config system interface
    edit <name>
        ...
        set mode dhcp
        set dhcp-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]              
        set role lan
        config ipv6
            set ip6-mode dhcp
            set dhcp6-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]         
        end
        set interface "port2"
        set vlanid 3825
        ...
    next
end

    Option

    Description

    dhcp-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]

    CoS in VLAN tag for outgoing DHCP packets (default = cos0).

    Available only for VLAN interface in DHCP mode.

    dhcp6-egress-cos [cos0 | cos1 | cos2 | cos3 | cos4 | cos5 | cos6 | cos7]

    CoS in VLAN tag for outgoing DHCPv6 packets (default = cos0).

    Available only for VLAN interface in DHCPv6 mode.

    Example

    This example shows how to enable CoS marking in VLAN tags for outgoing DHCPv4 or DHCPv6 packets.

    To enable CoS marking on a VLAN interface:

    1. For a VLAN interface in DHCP mode, enable CoS markings for DHCPv4 and DHCPv6:

      This example enables cos6 markings.

      config system interface
    edit "p2v3825"
        set vdom "root"
        set mode dhcp
        set allowaccess ping
        set dhcp-egress-cos cos6              
        set device-identification enable
        set role lan
        set snmp-index 16
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
            set dhcp6-egress-cos cos6         
        end
        set interface "port2"
        set vlanid 3825
    next
end

    2. Run the sniffer to capture DHCPv4 and DHCPv6 frames and check the CoS field in 802.1Q header:

      • DHCPv4:

        Frame 12: 594 bytes on wire (4752 bits), 594 bytes captured (4752 bits)
Ethernet II, Src: RealtekU_0f:81:e8 (52:54:00:0f:81:e8), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 3825
    110. .... .... .... = Priority: Internetwork Control (6)   
    ...0 .... .... .... = DEI: Ineligible
    .... 1110 1111 0001 = ID: 3825
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)

      • DHCPv6:

        Frame 616: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits)
Ethernet II, Src: Fortinet_25:23:ec (e0:23:ff:25:23:ec), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 3825
    110. .... .... .... = Priority: Internetwork Control (6)   
    ...0 .... .... .... = DEI: Ineligible
    .... 1110 1111 0001 = ID: 3825
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::e223:ffff:fe25:23ec, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
    Previous
    Next