Description

When a DHCP server is configured on a FortiGate port or VLAN, the DHCP IP Range must be in the same subnet as the port or the VLAN IP subnet.

If a secondary IP address is added to the port or the VLAN, the DHCP IP range can NOT belong to this secondary IP subnet.

Scope

All supported versions of FortiOS.

Solution

Example of port configuration:

config system interface
    edit "port2"
        set vdom "root"
        set ip 10.10.10.1 255.255.255.0
        set type physical
            config secondaryip
                edit 1
                    set allowaccess ping
                    set ip 10.11.11.1 255.255.255.0
                next
            end
    next
end

Corresponding DHCP configuration example:

config system dhcp server
    edit "DHCP server net_10"
        set default-gateway 10.10.10.1
        set interface "port2"
        set lease-time 300
        set netmask 255.255.255.0
        set end-ip 10.10.10.101
        set start-ip 10.10.10.100
    next
end

This DHCP setting will not work:

        set end-ip   10.11.11.101
        set start-ip 10.11.11.100

When configuring a reserved address on the DHCP server, the following error may be encountered:

IP address must be within the subnet of the ip-range
node_check_object fail! for ip X.X.X.X

The error message indicates that the IP address intended for reservation is not within the subnet defined by the DHCP IP range for that server.

• Select the Correct DHCP Server: Make sure to configure the reserved address for the correct DHCP server associated with the subnet where the IP address will be reserved.