Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dan
Contributor

How to add MANY dhcp reservations?

I am currently investigating how we can replace a dnsmasq(1) based dhcp server with FortiGate.

 

For that I need to enter a lot (and I mean a LOT) of dhcp reservations and I am looking for an efficient way to re-use or import the current dhcp reservation files from dnsmasqdhcp, at least for the initial configuration. 

 

Such a reservations file can look like this:

[...]

40:b0:34:9d:10:aa,id:*,hf-lj-zi103,192.168.99.79,set:vlan80

##c8:d3:ff:11:18:02,id:*,hf-ljm651dn,192.168.100.240,set:vlan80

c8:d3:ff:11:18:02,id:*,hf-ljm651dn,192.168.100.240,set:vlan80-forti       # Test GW=fortihf-81, dh.2010132004

[...]

"set:" is used to assign a tag that will provide different dhcp options (i.e. GW, DNS, etc.) in the config file.

But basically I need the entries in bold (I think), to be added to the right dhcp server. 

 

Anyway, I can convert i.e. the first line into something like this in CLI (http://docs.fortinet.com/document/fortigate/6.4.2/cli-reference/57620/system-dhcp-server) (lines with # are added by me for clarification. I know that this is not valid in real CLI):

config system dhcp server

    edit 4                    # seems there is no way to name this differently in the GUI, can I name it here?

        config reserved-address

            edit 1

                set ip 192.168.99.79      # when this line exists, set "action reserved seems" to be implicit?

                set mac 40:b0:34:9d:10:aa

                set action reserved          # really needed if "set ip" is there?

                set description "hf-lj-zi103"

            next

        end

    next

end

However, this is s tedious task or I have to create a script (and I am not really a coder).

A one-liner would help too.

 

Is there a simpler way? Perhaps an import function for tables, .csv, etc. of dhcp reservations, which I have overseen?

(in the interface GUI, DHCP server, "Add from DHCP Client List".. would be nice to see an "import" button there)

 

Or is there perhaps already a script or tool available out there?

 

Other question:

Can I actually assign a proper name (instead of "4" or "1") to the dhcp server and the sub configurations? 

 

Thanks

Dan

 

15 REPLIES 15
sw2090
Honored Contributor

well you already have created the script.

You just need to add the rest of your reservatons to it.

If you have a load of them I suggest writing some Programm that reads the reservations from you dnsmasq and creates FGT cli script.

Then you can apply that script via FGT gui or paste it into cli.

 

And no it is not possible to name dhcp server or reservation neither on cli nor on gui.

This is the usuall structure on FGT. Even policies are numbered (but can have a name additinally).

The number is used everywhere needed internally in FortiOS.

 

Btw: the FGT uses the number "0" as wildcard. So if you keep setting "edit 0" on cli the FGT will do an auto increment for the number. This works for dhcp reservations as for polices and anything that is umbered on a FGT.

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
lobstercreed
Valued Contributor

Hey Dan,

 

I have used Excel's text formula's to write code like this in the past.  I'm sure there is a better way, but it has worked well for me since I'm already very familiar with Excel.  I think it would work well in your scenario. 

 

Basically you dump the info from your dnsmasq and either it's already separated into the fields you need (sounds like it would be, since CSV) or you can use the LEFT(), RIGHT(), and MID() functions in Excel to extract the parts you need (sometimes combined with LEN() if the length of fields vary).  Then you simply add the "config" parts to a cell further to the right on that row. 

 

So you might have a cell that has "edit" in it, and another cell that is a number that fills down, then a cell that uses =CONCATENATE("set ip ",C1) to refer to the value for the IP address in column C (or wherever it is), then the next cell is =CONCATENATE("set mac ",A1) and so on, you get the idea.  Then the final column on that row takes all the config pieces and puts them together with carriage returns, or CHAR(10), something like this: =F1 & CHAR(10) & G1 & CHAR(10) & H1 & CHAR(10) & I1

 

The end result when you copy/paste out of that last column into, say Notepad++ is a script that has double quotes around every line, so you simply do a find/replace to get rid of those and then boom, you're done.  I've used this many times.  As I say, there may be a better way and I'd love to learn it, but this works well for me especially since once I set up the spreadsheet I can use it again with similar inputs.

 

- Daniel

sw2090
Honored Contributor

I could write somethig in c# that accepts a dnsmasq reservations file and outputs a fgt cli script file But I will earliest finde time to tonight after work maybe.

I could do with .net gui or without.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
rwpatterson
Valued Contributor III

Additionally, if you're not in too much of a hurry, I could possibly wing up a script and add it to my list.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
sw2090
Honored Contributor

Ok I put something together in c#. It is a .net core console app. So it can be run on .net core in linux,osx or windows.

The Zip contains the sources and binary (binary is in dnsmasq2fgt\dnsmasq2fgt\bin.

I also left the example from this thread as a textfile there and one generated example output (reservations.conf).

 

a .net core app is run by using the dotnet command:

 

 dotnet dnsmasq2fgt.dll <commandlineparams>

 

if you run my app without any params it will give you some help about the required params.

The code is open source under the cc-by-nc license. So feel free to use,modify or redistribute it under coverage of the license.

Addition: internal use in your company for internal administration purpuses to me is NOT commercial.

 

I did not put in any error handling so far now so on error condition it will crash with an exception ;)

 

I've put it up on my dropbox acc:

 

https://www.dropbox.com/s...n/dnsmasq2fgt.zip?dl=1

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
rwpatterson
Valued Contributor III

Try my script here:

 

http://fortinet.camerabob.com/reservations.cgi

 

I used your sample input string, and any line beginning with a hash (#) was a comment and not included. The only change you may need to make before importing is the first "edit 0". That will need to be replaced with the actual DHCP scope number.

 

Enjoy

 

*** Made an overnight change

Any column may now be used to populate any field: IP, MAC or description. Just indicate which columns correspond at the bottom of the form before submitting it.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
dan

Way cool!

 

Thanks a lot to all of you.

 

Dan

 

rwpatterson
Valued Contributor III

Let us know how things worked out.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
dan

Labels
Top Kudoed Authors