Configuring a DHCP server
NOTE: To see which models support this feature, refer to the FortiSwitch feature matrix. The following table lists the maximum number of clients for the supported FortiSwitch models:
FortiSwitch models |
Maximum number of clients |
---|---|
4xx |
15,000 |
5xx |
20,000 |
1024D, 1048D, 3032D |
30,000 |
1048E, 3032E |
50,000 |
Using the GUI:
- Go to System > DHCP.
- Select Add DHCP Server.
- Required. In the ID field, enter a number to identify the entry.
- Select the Enable checkbox to make the DHCP server active.
- Select the Auto-Configuration checkbox if you want the DHCP server to dynamically assign IP addresses to hosts on the network connected to the interface.
- Required. In the Netmask field, enter the netmask of the addresses that the DHCP server assigns.
- In the Interface drop-down list, select an interface. The DHCP server assigns IP configurations to clients connected to this interface.
- Required. In the Lease Time field, enter the lease time in seconds. The lease time determines the length of time an IP address remains assigned to a client.
- Required. In the Conflicted IP Timeout field, enter the number of seconds before a conflicted IP address is removed from the DHCP range and is available to be reused.
- In the Default Gateway field, enter the IP address of the default gateway that the DHCP server assigns to DHCP clients.
- In the Domain field, enter the domain name suffix for the IP addresses that the DHCP server assigns to the clients.
- In the Next Server field, enter the IPv4 address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
- In the Filename field, enter the name of the boot file on the TFTP server.
- In the DNS Service Type drop-down list, select how DNS servers are assigned to DHCP clients.
- Select Default for clients to be assigned the FortiSwitch unitʼs configured DNS servers.
- Select Local to use the IP address of the DHCP server interface for the clientʼs DNS server IP address.
- Select Specify to enter IPv4 addresses for up to three DNS servers.
- In the Controller 1, Controller 2, and Controller 3 fields, enter the IPv4 addresses for the WiFi access controllers.
- In the NTP Service Type drop-down list, select how Network Time Protocol (NTP) servers are assigned to DHCP clients.
- Select Default for clients to be assigned the FortiSwitch unitʼs configured NTP servers.
- Select Local to use the IP address of the DHCP server interface for the clientʼs NTP server IP address.
- Select Specify to enter the IPv4 address for up to three NTP servers.
- In the WINS Server section, enter the IPv4 addresses for the Windows Internet Name Service (WINS) servers.
- In the Timezone Mode drop-down list, select how the DHCP server sets the clientʼs time zone.
- Select Default for clients to be assigned the FortiSwitch unitʼs configured time zone.
- Select Disable for the DHCP server to not set the clientʼs time zone.
- Select Specify to choose which time zone is assigned to DHCP clients.
- In the VCI area, select the Enable checkbox to enter the vendor class identifier (VCI) to match. When enabled, only DHCP requests with a matching VCI are served.
- In the IP Ranges section, you can configure the IP address range.
- In the ID field, enter a unique number to identify the entry or use the default value.
- Required. In the Start IP field, enter the start of the DHCP IP address range.
- Required. In the End IP field, enter the end of the DHCP IP address range.
- To add another IP address range, select Add IP Range.
- In the Exclusion Ranges section, you can block a range of addresses that will not be included in the available addresses for the connecting users.
- Select Add Exclusion Range.
- In the ID field, enter a number to identify the entry or use the default value.
- In the Start IP field, enter the start of the IP address range that will not be assigned to clients.
- In the End IP field, enter the end of the IP address range that will not be assigned to clients.
- To add another exclusion range, select Add Exclusion Range.
- In the Reserved Addresses section, you can reserve IP addresses for the DHCP server to use to assign IP addresses to specific MAC addresses.
- Select Add IP.
- In the ID field, enter a number to identify the entry or use the default value.
- In the Type drop-down list, select whether to match the IP address with the MAC address or DHCP option 82.
- In the Action drop-down list, select how the DHCP server configures the client with the reserved MAC address. Select Reserved for the DHCP server to assign the reserved IP address to the client with this MAC address. Select Assign for the DHCP server to configure the client with this MAC address like any other client. Select Block to prevent the DHCP server from assigning IP settings to the client with this MAC address.
- In the Description field, enter a description of this entry.
- In the IP field, enter the IPv4 address to be reserved for the MAC address. This value is required when the action is Reserved and the type is MAC.
- In the MAC field, enter the MAC address of the client that will get the reserved IP address. This value is required when the type is MAC and the action is Assign or Block.
- In the Circuit Type drop-down list, select whether the format of the Circuit ID is hexadecimal or string. This option is only available when the type is Option-82.
- In the Circuit ID field, enter the DHCP option-82 Circuit ID of the client that will get the reserved IP address. The Circuit ID format is controlled by the Circuit Type setting. This value is required when the type is Option-82.
- In the Remote Type drop-down list, select whether the format of the Remote ID is hexadecimal or string. This option is only available when the type is Option-82.
- In the Remote ID field, enter the DHCP option-82 Remote ID of the client that will get the reserved IP address. This value is required when the type is Option-82.
- To add another reserved address, select Add IP.
- In the Options section, you can add up to 30 DHCP custom options.
- Select Add Option.
- In the ID field, enter a number to identify the entry or use the default value.
- In the Type drop-down list, select the format of the DHCP option: fully qualified domain name (FQDN), hexadecimal, IP address, or string.
- In the Code field, select the DHCP option code. The range is 0-255.
- In the Value field, enter the DHCP option value. This value is required when the type is set to FQDN, Hex, or String.
- In the IP field, enter the IP address. This value is required when the type is set to IP.
- To add another DHCP custom option, select Add Option.
- Select Add to save the new DHCP server.
Using the CLI:
config system dhcp server
edit <id>
set auto-configuration {enable | disable}
set conflicted-ip-timeout <integer>
set default-gateway <xxx.xxx.xxx.xxx>
set dns-server1 <xxx.xxx.xxx.xxx>
set dns-server2 <xxx.xxx.xxx.xxx>
set dns-server3 <xxx.xxx.xxx.xxx>
set dns-service {default | local | specify
set domain <string>
set filename <string>
set interface <string>
set lease-time <integer>
set netmask <xxx.xxx.xxx.xxx>
set next-server <xxx.xxx.xxx.xxx>
set ntp-server1 <xxx.xxx.xxx.xxx>
set ntp-server2 <xxx.xxx.xxx.xxx>
set ntp-server3 <xxx.xxx.xxx.xxx>
set ntp-service {default | local | specify}
set status {enable | disable}
set tftp-server <xxx.xxx.xxx.xxx>
set timezone <00-75>
set timezone-option {default | disable | specify}
set vci-match {enable | disable}
set vci-string <VCI_strings>
set wifi-ac1 <xxx.xxx.xxx.xxx>
set wifi-ac2 <xxx.xxx.xxx.xxx>
set wifi-ac3 <xxx.xxx.xxx.xxx>
set wins-server1 <xxx.xxx.xxx.xxx>
set wins-server2 <xxx.xxx.xxx.xxx>
next
end
For example:
config system dhcp server
edit 1
set default-gateway 50.50.50.2
set domain "FortiswitchTest.com"
set filename "text1.conf"
set interface "svi10"
config ip-range
edit 1
set end-ip 50.50.0.10
set start-ip 50.50.0.5
next
end
set lease-time 360
set netmask 255.255.0.0
set next-server 60.60.60.2
config options
edit 1
set value "dddd"
next
end
set tftp-server "1.2.3.4"
set timezone-option specify
set wifi-ac1 5.5.5.1
set wifi-ac2 5.5.5.2
set wifi-ac3 5.5.5.3
set wins-server1 6.6.6.1
set wins-server2 6.6.6.2
set dns-server1 7.7.7.1
set dns-server2 7.7.7.2
set dns-server3 7.7.7.3
set ntp-server1 8.8.8.1
set ntp-server2 8.8.8.2
set ntp-server3 8.8.8.3
next
end
Configuring the IP address range
By default, the FortiSwitch unit assigns an address range based on the address of the interface for the complete scope of the address. For example, if the interface address is 172.20.120.230, the default range created is 172.20.120.231 to 172.20.120.254.
To configure the IP address range:
config system dhcp server
edit <id>
config ip-range
edit <id>
set end-ip <xxx.xxx.xxx.xxx>
set start-ip <xxx.xxx.xxx.xxx>
next
end
next
end
Excluding addresses in DHCP
If you have a large address range for the DHCP server, you can block a range of addresses that will not be included in the available addresses for the connecting users.
To exclude addresses in DHCP:
config system dhcp server
edit <id>
config exclude-range
edit <id>
set end-ip <xxx.xxx.xxx.xxx>
set start-ip <xxx.xxx.xxx.xxx>
next
end
next
end
Assigning IP settings to specific MAC addresses
If you want the DHCP server to assign IP addresses to specific MAC addresses, you need to reserve the IP addresses.
To reserve IP addresses:
config system dhcp server
edit <id>
config reserved-address
edit <id>1
set action {assign | block | reserved}
set circuit-id {<string> | <hex>}
set circuit-id-type {hex | string}
set description <string>
set ip <xxx.xxx.xxx.xxx>
set mac <xx:xx:xx:xx:xx:xx>
set remote-id {<string> | <hex>}
set remote-id-type {hex | string}
set type {mac | option82}
next
end
next
end
Configuring DHCP custom options
The DHCP server maintains a table for the potential options. The FortiSwitch DHCP server supports up to a maximum of 30 custom options.
To configure the DHCP custom options:
config system dhcp server
edit <id>
config options
edit <id>
set code <integer>
set ip <IP_addresses>
set type {fqdn | hex | ip | string}
set value <string>
next
end
next
end
Listing DHCP leases
The lease time determines the length of time an IP address remains assigned to a client. After the lease expires, the address is released for allocation to the next client that requests an IP address. Use one of the following commands to check the DHCP leases:
execute dhcp lease-list
execute dhcp lease-list <interface>
Breaking DHCP leases
If you need to end an IP address lease, you can break the lease. This is useful if you have limited addresses and longer lease times when some leases are no longer necessary, for example, with corporate visitors. Use one of the following commands to break the DHCP leases:
execute dhcp lease-clear all
execute dhcp lease-clear <xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy,...>