Technical Tip: Configuration of a DHCP server with multiple pools on the same interface
Description
The CLI must be used to set up this configuration because it is not possible to edit multiple pools on the same interface using the GUI.
Scope
FortiGate.
Solution
- Network Interfaces.
edit "internal" <- Interface connected to the DHCP relay.
set vdom "root"
set ip 10.36.0.113 255.255.252.0
set allowaccess ping https ssh http telnet fgfm
set type physical
next
end
- DHCP.
config system dhcp server
edit 1 <- Pool 1 is in the 10.129 network.
set auto-configuration disable
set conflicted-ip-timeout 1800
set default-gateway 10.129.0.241
set dns-service specify
set domain ''
set status enable
set interface "internal"
config ip-range
edit 1
set end-ip 10.129.0.20
set start-ip 10.129.0.10
next
end
set lease-time 604800
set netmask 255.255.252.0
set next-server 0.0.0.0
set option1 0
set option2 0
set option3 0
set server-type regular
set vci-match disable
set wins-server1 0.0.0.0
set wins-server2 0.0.0.0
set dns-server1 0.0.0.0
set dns-server2 0.0.0.0
set dns-server3 0.0.0.0
next
edit 2 <- Pool 2 is in the 10.38 network.
set auto-configuration enable
set conflicted-ip-timeout 1800
set default-gateway 10.38.0.241
set dns-service specify
set domain ''
set status enable
set interface "internal"
config ip-range
edit 1
set end-ip 10.38.0.20
set start-ip 10.38.0.10
next
end
set lease-time 604800
set netmask 255.255.252.0
set next-server 0.0.0.0
set option1 0
set option2 0
set option3 0
set server-type regular
set vci-match disable
set wins-server1 0.0.0.0
set wins-server2 0.0.0.0
set dns-server1 0.0.0.0
set dns-server2 0.0.0.0
set dns-server3 0.0.0.0
next
end
- Routing:
edit 2
set blackhole disable
set comment ''
set device "internal"
set distance 10
set dst 10.129.0.241 255.255.255.255
set dynamic-gateway disable
set gateway 10.36.0.241
set priority 0
set weight 0
next
edit 3
set blackhole disable
set comment ''
set device "internal"
set distance 10
set dst 10.38.0.241 255.255.255.255
set dynamic-gateway disable
set gateway 10.36.0.241
set priority 0
set weight 0
next
- Network interfaces.
edit "wan1" <- Interface connected to the DHCP server.
set vdom "root"
set dhcp-relay-ip "10.36.0.113"
set ip 10.36.0.241 255.255.252.0
set allowaccess ping https ssh http telnet
set type physical
next
edit "dmz" <- Interface in network 10.129 using DHCP relay.
set vdom "root"
set dhcp-relay-service enable
set dhcp-relay-ip "10.36.0.113"
set ip 10.129.0.241 255.255.252.0
set allowaccess ping https ssh http telnet
set type physical
next
edit "internal" <- Interface in network 10.38 using DHCP relay.
set vdom "root"
set dhcp-relay-service enable
set dhcp-relay-ip "10.36.0.113"
set ip 10.38.0.241 255.255.252.0
set allowaccess ping https ssh http telnet
set type physical
next
end
- Verification.
Debug the DHCP activity on the DHCP server.
[debug]calling handler[icmp]
[debug]calling handler[fallback]
[debug]calling handler[internal]
[debug]locate_network prhtype(1) pihtype(1)
[debug]find_lease(): leaving function WITHOUT a lease
[debug]htyp packet 1, htype hw_addr 224
[note]DHCPDISCOVER from 00:05:5d:01:84:e3 via 10.129.0.241(ethernet)
[note]there's no free leases in memory on subnet internal, try to allocate new one from range list
[debug]Start dumping IP address range:
[debug]IP Range from 10.129.0.11 to 10.129.0.20
[debug]found a new lease of ip 10.129.0.10
[debug]added ip 10.129.0.10 mac 00:05:5d:01:84:e3 in vd root
[note]reach value MSFT 5.0
[debug]packet length 292
[debug]op = 1 htype = 1 hlen = 6 hops = 1
[debug]xid = fb1566f5 secs = 0 flags = 80
[debug]ciaddr = 0.0.0.0
[debug]yiaddr = 0.0.0.0
[debug]siaddr = 0.0.0.0
[debug]giaddr = 10.129.0.241
[debug]chaddr = 00:05:5d:01:84:e3
[debug]filename =
[debug]server_name =
[debug] host-name = "mis-PC"
[debug] dhcp-message-type = 1
[debug] dhcp-parameter-request-list = 1,15,3,6,44,46,47,31,33,121,249,43
[debug] dhcp-class-identifier = "MSFT 5.0"
[debug] dhcp-client-identifier = 1:0:5:5d:1:84:e3
[debug] option-82 = 1:3:64:6d:7a
[debug]
Debug the DHCP activity on the DHCP server.
[debug]calling handler[fallback]
[debug]calling handler[internal]
[debug]locate_network prhtype(1) pihtype(1)
[debug]find_lease(): packet contains preferred client IP, cip.s_addr is 10.38.0.10
[debug]search through all subnets to find an ip lease (10.38.0.10)
[debug]Start dumping IP address range:
[debug]IP Range from 10.38.0.11 to 10.38.0.20
[debug]found a new lease of ip 10.38.0.10
[debug]find_lease(): leaving function with lease set
[debug]find_lease(): the lease's IP is 10.38.0.10
[note]DHCPREQUEST for 10.38.0.10 from 00:05:5d:01:84:e3 via 10.38.0.241(ethernet)
[debug]added ip 10.38.0.10 mac 00:05:5d:01:84:e3 in vd root
[note]reach value MSFT 5.0
[debug]packet length 314
[debug]op = 1 htype = 1 hlen = 6 hops = 1
[debug]xid = 6c6f17b3 secs = 0 flags = 80
[debug]ciaddr = 0.0.0.0
[debug]yiaddr = 0.0.0.0
[debug]siaddr = 0.0.0.0
[debug]giaddr = 10.38.0.241
[debug]chaddr = 00:05:5d:01:84:e3
[debug]filename =
[debug]server_name =
[debug] host-name = "mis-PC"
[debug] dhcp-requested-address = 10.38.0.10
[debug] dhcp-message-type = 3
[debug] dhcp-parameter-request-list = 1,15,3,6,44,46,47,31,33,121,249,43
[debug] dhcp-class-identifier = "MSFT 5.0"
[debug] dhcp-client-identifier = 1:0:5:5d:1:84:e3
[debug] option-81 = 0:0:0:6d:69:73:2d:50:43
[debug] option-82 = 1:8:69:6e:74:65:72:6e:61:6c
[debug]