Skip to main content
52000cc
52000cc
New Member
December 27, 2024
Question

DHCP option problem

  • December 27, 2024
  • 9 replies
  • 3628 views

How can I enable DHCP options for a single host? For example, I need to assign a different gateway to a specific host.

9 replies

kaman
Staff
kaman
Staff
December 27, 2024

Hi 52000cc,

Please refer to the below document for more information:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-DHCP-Options/ta-p/197451

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-DHCP-option-60-66-and-67-FortiGate/ta-p/256176

Regards,
Aman

    ebilcari
    Staff
    ebilcari
    Staff
    December 27, 2024

    I did some lab tests because I was also curios and it seems that the Router/gateway option can't not be overwritten in the DHCP offer like the other options:

     

    dhcp offer.PNG

     

    cconfig system dhcp server
    ..

    config ip-range
     edit 2
      set start-ip 10.100.100.101
      set end-ip 10.100.100.109
      set vci-match enable
      set vci-string "udhcp 1.37.0"
    next
    end
    config options
     edit 1
      set code 3
      set type ip
      set vci-match enable
      set vci-string "udhcp 1.37.0"
      set ip "10.100.100.254"
     next
     edit 2
      set code 150
      set type ip
      set vci-match enable
      set vci-string "udhcp 1.37.0"
      set ip "10.100.100.250"
     next
    end
    set vci-match enable
    set vci-string "udhcp 1.37.0"

      ebilcari
      Staff
      ebilcari
      Staff
      December 27, 2024

      Update: If the default-gateway is removed from DHCP server configuration, FGT will send the new gateway as a custom option:

       

      config system dhcp server
       edit 27
        unset default-gateway

       

      This change will also affect the hosts that are not matching this VCI, if the other hosts can match with a VCI, the default gateway can be sent the same way.

      52000cc
      52000ccAuthor
      New Member
      December 27, 2024

      How can I configure the system to assign a different gateway to a host with a specific MAC address?

      Renante_Era
      Staff
      Renante_Era
      Staff
      December 27, 2024

      since it's only one host, why not assign static IP address on that device instead of obtaining IP address from DHCP?

      52000cc
      52000ccAuthor
      New Member
      December 27, 2024

      If I set the IP address manually, it becomes very inconvenient to change it every time the machine is moved. There are several machines that need to use different gateways. I use to use Cisco setup as below..
      ip dhcp pool HOSTXXX
      host 192.168.1.68 255.255.255.0
      client-identifier 01xx.xxxx.xxxx.xx
      ...

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      December 28, 2024

      That's NOT assigning a gateway, but an IP reservation for a single host. Unlike Cisco, FGT can specify the host only by MAC address, not client-identifier.
      https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DHCP-IP-reservation-on-FortiGate-s/ta-p/333604

      Toshi

      52000cc
      52000ccAuthor
      New Member
      December 28, 2024

      Because I forgot the exact command for this, the command I wrote only reserves the IP address. Either way, does the Fortigate not support assigning IP, gateway, DNS, etc., based on the MAC address?

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      December 28, 2024

      Same as Cisco. Gateway, DNS, IP ranges are assigned in the main pool. Then if you need to assign a specific IP to a single host, you need to reserve the IP base on the MAC/hardware-address INSIDE the pool.

      Just show us what you have configured in Cisco.

      Toshi

      52000cc
      52000ccAuthor
      New Member
      December 28, 2024

      I am currently using another device as a DHCP server because the Cisco equipment has been replaced. Below is an example where I assigned a different gateway for a specific host. If FortiGate can also achieve this, I can stop using that device as the DHCP server.

      config host
      option ip '192.168.10.xxx'
      option mac 'xx:xx:xx:xx:xx:xx'
      option dns '1'
      option tag 'custom_gtwy'
       
      config tag 'custom_gtwy'
      list dhcp_option '3,192.168.10.1'
      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      December 28, 2024

      What gateway IP the other clients get in the same 192.168.10.0/24 subnet or broadcast domain? Is it like 192.168.10.2?
      I don't think it's possible at least with FGT. I'm not sure how to do with Cisco either unless the sencond gateway is for the secondary IP of the same gateway device interface.

      Toshi

      52000cc
      52000ccAuthor
      New Member
      December 28, 2024

      Yes, same vlan, like main is using 192.168.10.1, and the specific host will use 192.168.10.2.

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      December 28, 2024

      With Cisco, or your current DHCP server, there seem to be a concept "nesting DHCP server/pool", or sub-pool under the main pool. So you can configure the same parameters like DNS, gateway, and so on in the sub-pool, which is for a host with a reserved IP.
      I don't think FGT's DHCP server has the same concept.
      You might need to keep the current DHCP server as is if the gateway arrangement can not be changed.

      Toshi

      52000cc
      52000ccAuthor
      New Member
      December 28, 2024

      OK, thanks!

      Terms & ConditionsCookie settingsAccessibility statement