Created on 08-28-2023 05:57 AM Edited on 08-28-2023 05:58 AM By Anthony_E
Description |
This article describes how FortiGate can act as a DHCP Server for both IPv4 and IPv6 at the same time. |
Scope | FortiGate v6.X and v7.X. |
Solution |
It is possible to have a dual stack and a FortiGate as a DHCP server for both IPv4 and IPv6.
It is possible to do that via GUI for the v7.0 firmware and above.
Endeavour-kvm07 # config system dhcp6 server
Endeavour-kvm07 (server) # Endeavour-kvm07 (server) # edit 1 new entry '1' added
Endeavour-kvm07 (1) # show config system dhcp6 server edit 1 next end
Endeavour-kvm07 (1) # set interface port2
Endeavour-kvm07 (1) # show config system dhcp6 server edit 1 set interface "port2" next end
Endeavour-kvm07 (1) # get id : 1 status : enable rapid-commit : disable lease-time : 604800 dns-service : specify dns-search-list : specify domain : subnet : ::/0 interface : port2 option1 : 0 option2 : 0 option3 : 0 ip-mode : range prefix-range: ip-range: dns-server1 : :: dns-server2 : :: dns-server3 : :: dns-server4 : ::
Endeavour-kvm07 (1) # end
Endeavour-kvm07 # config system dhcp6 server
Endeavour-kvm07 (server) # show config system dhcp6 server edit 1 set interface "port2" next end
Endeavour-kvm07 (server) # edit 1
Endeavour-kvm07 (1) # show config system dhcp6 server edit 1 set interface "port2" next end
Endeavour-kvm07 (1) # get id : 1 status : enable rapid-commit : disable lease-time : 604800 dns-service : specify dns-search-list : specify domain : subnet : ::/0 interface : port2 option1 : 0 option2 : 0 option3 : 0 ip-mode : range prefix-range: ip-range: dns-server1 : :: dns-server2 : :: dns-server3 : :: dns-server4 : ::
Endeavour-kvm07 # config system dhcp6 server
Endeavour-kvm07 (server) # edit 1
Endeavour-kvm07 (1) # set subnet <IPv6 prefix> ip6 xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
Endeavour-kvm07 (1) # set subnet 2001:DB8::/32
Endeavour-kvm07 (1) # end
Endeavour-kvm07 # diag deb application dhcp6s -1 Debug messages will be on for 30 minutes.
Endeavour-kvm07 # di de en
Endeavour-kvm07 # [debug]dhcp6_check_timer() called [debug]binding_save_timo() called binding_changed=0
[debug]dhcp6_check_timer() called [debug]dhcp6s_ha_dump_timeo() called [debug]dhcp6_check_timer() called [debug]binding_save_timo() called binding_changed=0
[debug]dhcp6_check_timer() called [debug]binding_save_timo() called binding_changed=0
[debug]server6_recv() called [debug]server6_recv() received solicit from fe80::9d33:de2b:d1de:33c0%port2 [debug]server6_recv() dhcp6 solicit: search ifp port2's subnet against interface address=2001:db8:: [debug]server6_recv() found service id=1 interface port2 [debug]dhcp6_get_options() get DHCP option elapsed time, len 2 [debug] elapsed time: 0 [debug]dhcp6_get_options() get DHCP option client ID, len 14 [debug] DUID: 00:01:00:01:2a:87:3d:66:00:41:72:74:2e:01 [debug]dhcp6_get_options() get DHCP option identity association, len 12 [debug] IA_NA: ID=151012200, T1=0, T2=0 [debug]dhcp6_get_options() get DHCP option client FQDN, len 17 [info]dhcp6_get_options() unknown or unexpected DHCP6 option client FQDN, len 17 [debug]dhcp6_get_options() get DHCP option vendor class, len 14 [info]dhcp6_get_options() unknown or unexpected DHCP6 option vendor class, len 14 [debug]dhcp6_get_options() get DHCP option option request, len 8 [debug] requested option: vendor specific info [debug] requested option: DNS [debug] requested option: domain search list [debug] requested option: client FQDN [debug]react_solicit() client ID 00:01:00:01:2a:87:3d:66:00:41:72:74:2e:01 [debug]create_dynamic_hostconf() created host_conf (name=00:01:00:01:2a:87:3d:66:00:41:72:74:2e:01) [debug]make_iana_from_pool() called [debug]find_pool() name=port2 [debug]find_pool() found (name=port2) [debug]get_free_address_from_pool() called (pool=port2) [debug]get_free_address_from_pool() found 2001:db8::1 [debug]make_iana_from_pool() returns (found=1) [debug]copy_option() set client ID (len 14) [debug]copy_option() set server ID (len 14) [debug]copyout_option() set IA address [debug]copyout_option() set identity association [debug]server6_send() transmit advertise to fe80::9d33:de2b:d1de:33c0%port2 [debug]dhcp6_check_timer() called [debug]server6_recv() called [debug]server6_recv() received request from fe80::9d33:de2b:d1de:33c0%port2 [debug]server6_recv() dhcp6 solicit: search ifp port2's subnet against interface address=2001:db8:: [debug]server6_recv() found service id=1 interface port2 [debug]dhcp6_get_options() get DHCP option elapsed time, len 2 [debug] elapsed time: 0 [debug]dhcp6_get_options() get DHCP option client ID, len 14 [debug] DUID: 00:01:00:01:2a:87:3d:66:00:41:72:74:2e:01 [debug]dhcp6_get_options() get DHCP option server ID, len 14 [debug] DUID: 00:01:00:01:38:6d:43:80:00:45:6e:64:07:02 [debug]dhcp6_get_options() get DHCP option identity association, len 40 [debug] IA_NA: ID=151012200, T1=302400, T2=483840 [debug]copyin_option() get DHCP option IA address, len 24 [debug]copyin_option() IA_NA address: 2001:db8::1 pltime=604800 vltime=604800 [debug]dhcp6_get_options() get DHCP option client FQDN, len 17 [info]dhcp6_get_options() unknown or unexpected DHCP6 option client FQDN, len 17 [debug]dhcp6_get_options() get DHCP option vendor class, len 14 [info]dhcp6_get_options() unknown or unexpected DHCP6 option vendor class, len 14 [debug]dhcp6_get_options() get DHCP option option request, len 8 [debug] requested option: vendor specific info [debug] requested option: DNS [debug] requested option: domain search list [debug] requested option: client FQDN [debug]react_request() found a host configuration named 00:01:00:01:2a:87:3d:66:00:41:72:74:2e:01 [debug]make_iana_from_pool() called [debug]find_pool() name=port2 [debug]find_pool() found (name=port2) [debug]is_available_in_pool() pool=port2, addr=2001:db8::1 [debug]make_iana_from_pool() returns (found=1) [debug]add_binding() called [debug]lease_address() addr=2001:db8::1 [debug]add_binding() add a new binding [IA: duid=00:01:00:01:2a:87:3d:66:00:41:72:74:2e:01, type=NA, iaid=151012200, duration=604800] [debug]copy_option() set client ID (len 14) [debug]copy_option() set server ID (len 14) [debug]copyout_option() set IA address
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.