DHCP Discover on VLAN100

Question

Hello everyone - Happy New Year !!! I'm new to Fortinet/Fortigate and I might be doing something wrong - so I’m calling for your help and advices. I'm trying to replace my Internet FAI BBox by my Fortigate 60F. The Fortigate will be plugged in ethernet directly to the FAI Fiber GPON. This is feasible with some Network and DHCP tweaks and used to worked with an OpenWRT. So my issue here is more about how to set these options up on my Fortigate rather than improving the tweaks. Net and DHCP required tweaks are : Set 801.q VLAN 100 ; the interface mac address set to the one from the FAI BBox (MAC Spoofing) ; DHCP client must use Vendor Class identifier (option 60) set to BYGTELIAD ; the DHCP Client identifier (option 61) set to the BBox mac ; Here are my settings (I simplified the code here, removing the next and end...) I have an interface wan2 plugged to my FAI GPON: set macaddr xx:xx:xx:xx:xx:xx (whatever my BBox MAC is) Then I add a VLAN Interface "InetVlan100" with the following options set mode dhcp

set dhcp-client-identifier "xx:xx:xx:xx:xx:xx"config client-options edit 1 set code 60 set type string set value "BYGTELIAD"

set interface "wan2"

set vlanid 100 After some failed tries, I even tried to add config client-options

edit 2 set code 61 set type hex set value 1xxxxxxxxxxxx (whatever my MAC is, with the prefix x01 for ethernet) And this doesn't work When capturing the packets (using the GUI) I see the DHCP discover packets going out. However they are NOT taggued 801.q with the VLAN id 100 (as seen in Wireshark) How should I make sure that all packets going out that interface are taggued VLAN100 dot1q ? Am I doing something wrong in the VLAN definition ?

Toshi_Esumi · Accepted Answer

I don't know about DHCP options but at least I can tell about pcap. The GUI pcap wouldn't show vlan header, either stripping off or more likely it's already stripped off when the input is coming into the GUI process.

If you want to see it, you need to use CLI sniffer, like below. My main wan1 is encapsulated in vlan 201 (on a vlan sub-interface in the root vdom [muti-vdom env]), so when I do simple sniffing on wan1, I don't see anything but below:

fg50e-utm (root) # diag sniffer packet wan1 interfaces=[wan1] filters=[none] pcap_lookupnet: wan1: no IPv4 address assigned 1.275398 802.1Q vlan#201 P0 1.275494 802.1Q vlan#201 P0 1.277193 802.1Q vlan#201 P6 1.281916 802.1Q vlan#201 P0 1.281966 802.1Q vlan#201 P0 1.835575 802.1Q vlan#201 P0 1.881255 802.1Q vlan#201 P0 If you want to see it in wirehsark, you need to run like

diag sniffer packet <physical_int> none 6

And copy the output into a file, then convert it to a pacp file using fgt2eth.exe (if windows) described in the KB:

https://kb.fortinet.com/kb/documentLink.do?externalID=11186

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded