Technical Tip: DHCP reservation outside the DHCP range but within the subnet

bmedikonda · ‎08-26-2025

Description

This article describes how DHCP reservations can be configured on a FortiGate even if the reserved IP address is outside of the configured DHCP pool, as long as it belongs to the same subnet as the interface.

Scope

FortiGate.

Solution

A DHCP server on a FortiGate is configured with defined DHCP ranges for dynamic allocation. For example:

DHCP range 1: 192.168.0.2 to 192.168.0.170.

A requirement is to reserve the following IP address for a specific device:

MAC address: aa:bb:cc:dd:ee:ff.
Reserved IP: 192.168.0.180.

Key points:

The IP address 192.168.0.180 is not part of either of the configured DHCP ranges.
However, the address still falls within the subnet of the interface (192.168.0.180/24).
FortiGate allows DHCP reservations outside of the DHCP pool, as long as the reserved IP is inside the interface subnet.
If an IP address outside of the interface subnet is reserved (for example, 192.168.2.1), the configuration will not be allowed.

Configuration example (CLI):

config system interface

edit "port10"

set vdom "root"

set ip 192.168.0.1 255.255.255.0

set allowaccess ping https ssh http

set type physical

set snmp-index 10

config sys dhcp server

edit 4

set default-gateway 192.168.0.1

set netmask 255.255.255.0

set interface "port10"

config ip-range

edit 1

set start-ip 192.168.0.2

set end-ip 192.168.0.170

config reserved-address

edit 1

set ip 192.168.0.180

set mac aa:bb:cc:dd:ee:ff

Note:

To use the IP 192.168.2.1 as a reserved IP is possible with the summarization subnet or network that will include the IP, or if the bigger subnet can be added or extended for the DHCP network(e.g.,192.168.0.0/22). Which will offer an extended DHCP range along with a bigger range of network.

Technical Tip: DHCP reservation outside the DHCP range but within the subnet

You are leaving our website