|
Sample Configuration:
config system interface
edit "VLAN-NAME"
set dhcp-relay-service enable
set ip 192.168.2.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 16
set dhcp-relay-ip "10.0.0.100" <- DHCP relay IP.
set interface "port4"
set vlanid 2
next
end
Scenario:
When a FortiGate is required to function as both a DHCP server and DHCP relay agent, it is typically when the FortiGate acts as the DHCP server, providing IP addresses, and needs to relay DHCP messages to external Network Access Control (FortiNAC or ClearPass) servers for DHCP profiling and fingerprinting. A FortiGate interface can be configured to work in DHCP server mode to lease out addresses and, at the same time, relay the DHCP packets to another device, such as a FortiNAC, to perform device profiling. The DHCP message is to be forwarded to the relay server under the following conditions:
• dhcp-relay-request-all-server is enabled
• Message type is either DHCPDISCOVER or DHCPINFORM
• Client IP address in client message is "0.0.0.0.”
• Server ID is NULL in the client message
• Server address is a broadcast address (255.255.255.255)
• Server address is "0.0.0.0.”
- Create a DHCP server on the interface or VLAN (Network -> Interface).
- Configure DHCP relay from the CLI (Command Line Interface):
set dhcp-relay-service enable
set dhcp-relay-ip 192.168.1.1 172.16.32.1
set dhcp-relay-request-all-server enable
- Upon returning to the GUI interface, it will only relay configuration. This is expected behavior.
- In the GUI interface view, under the DHCP Ranges column, note the DHCP scope and the DHCP relay server IP.
|
