Description
This article shows more information about the DHCP leases seen on the FortiGate. These can be listed and manipulated via CLI.
Scope
FortiGate.
Solution
To list all the DHCP address leases on a FortiGate unit, execute the following command:
execute dhcp lease-list
The following excerpt is shown in the sections matching the Interfaces:
Staff Wifi IP MAC-Address Hostname VCI Expiry
10.0.0.4 cc:cc:cc:cc:cc:cc MyOtherPhone MSFT 5.0 Sat Aug 10 04:55:47 2019
10.0.0.2 dd:dd:dd:dd:dd:dd Windows10 MSFT 5.0 Fri Aug 9 23:12:22 2019
10.0.0.6 ee:ee:ee:ee:ee:ee Joes Phone Fri Aug 9 21:12:36 2019 Guest Wifi
IP MAC-Address Hostname VCI Expiry 172.16.31.3 11:11:11:11:11:11 android android-dhcp Mon Aug 12 07:47:46 2019
172.16.31.6 33:33:33:33:33:33 note android-dhcp Sun Aug 11 01:00:29 2019
172.16.31.4 66:66:66:66:66:66 test-android dhcpcd-5.5.6 Sun Aug 11 20:50:26 2019
port15
IP MAC-Address Hostname VCI Expiry
192.168.4.101 08:5b:0e:48:48:48 FortiAP-FP221C Sat Aug 10 14:10:44 2019
internalLAN
IP MAC-Address Hostname VCI Expiry
192.168.1.1 aa:aa:aa:aa:aa:aa adminlaptop Sun Aug 11 20:56:01 2019
192.168.1.5 ff:ff:ff:ff:ff:ff Windows10 MSFT 5.0 Fri Aug 9 16:48:37 2019
Starting from v7.4.4, DHCP lease backup is possible. This offers improved control and flexibility, ensuring the preservation of leases during events such as outages or reboots. Following a power cycle expired IP addresses are removed from the lease list, while unexpired ones are retained.
config system global
set dhcp-lease-backup-interval <integer>
end
The backup interval can be set between 10 and 3600 seconds, with the default value being 60.
In addition, to list the DHCP lease to particular interface only.
execute dhcp lease-list <interface>
Use the following command to clear the lease for the client with the IP address 192.168.1.5:
execute dhcp lease-clear 192.168.1.5
Use the following command to clear the lease for the client with the IP address range:
execute dhcp lease-clear 192.168.1.5-192.168.1.200
An excerpt shows that the 192.168.1.5 has disappeared from the 'InternalLAN'.
internalLAN
IP MAC-Address Hostname VCI Expiry
192.168.1.1 aa:aa:aa:aa:aa:aa adminlaptop Sun Aug 11 20:56:01 2019
To clear ALL leases - use with caution - use:
execute dhcp lease-clear all
Note:
* The lease-clear command, which is the same as 'Revoke Lease(s)' from the DHCP Monitor on the Dashboard (FortiOS v6.4.13 and later), just clear the address from the Fortigate database. There is no control on the client (workstation) side from the Fortigate, which means that the client still remains with the IP leased until the time limit. After this time expires, the new IP requisition is sent from the client to Fortigate.
The results of the following command will then return as blank or a shorter list:
execute dhcp lease-list
Note:
This command set is valid for IPv4. For IPv6 use dhcp6. For example:
execute dhcp6 lease-list
Related article:
Technical Tip: Diagnosing DHCP on a FortiGate.
