set macaddr xx:xx:xx:xx:xx:xx(whatever my BBox MAC is) Then I add a VLAN Interface "InetVlan100" with the following options
set mode dhcp</p>After some failed tries, I even tried to add
<p>set dhcp-client-identifier "xx:xx:xx:xx:xx:xx"
config client-options
edit 1
set code 60
set type string
set value "BYGTELIAD"</p>
<p>set interface "wan2"</p>
<p>set vlanid 100
config client-options</p>And this doesn't work When capturing the packets (using the GUI) I see the DHCP discover packets going out. However they are NOT taggued 801.q with the VLAN id 100 (as seen in Wireshark) How should I make sure that all packets going out that interface are taggued VLAN100 dot1q ? Am I doing something wrong in the VLAN definition ?
<p> edit 2
set code 61
set type hex
set value 1xxxxxxxxxxxx (whatever my MAC is, with the prefix x01 for ethernet)
Solved! Go to Solution.
I don't know about DHCP options but at least I can tell about pcap. The GUI pcap wouldn't show vlan header, either stripping off or more likely it's already stripped off when the input is coming into the GUI process.
If you want to see it, you need to use CLI sniffer, like below. My main wan1 is encapsulated in vlan 201 (on a vlan sub-interface in the root vdom [muti-vdom env]), so when I do simple sniffing on wan1, I don't see anything but below:
fg50e-utm (root) # diag sniffer packet wan1 interfaces=[wan1] filters=[none] pcap_lookupnet: wan1: no IPv4 address assigned 1.275398 802.1Q vlan#201 P0 1.275494 802.1Q vlan#201 P0 1.277193 802.1Q vlan#201 P6 1.281916 802.1Q vlan#201 P0 1.281966 802.1Q vlan#201 P0 1.835575 802.1Q vlan#201 P0 1.881255 802.1Q vlan#201 P0 If you want to see it in wirehsark, you need to run like
diag sniffer packet <physical_int> none 6
And copy the output into a file, then convert it to a pacp file using fgt2eth.exe (if windows) described in the KB:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186
I don't know about DHCP options but at least I can tell about pcap. The GUI pcap wouldn't show vlan header, either stripping off or more likely it's already stripped off when the input is coming into the GUI process.
If you want to see it, you need to use CLI sniffer, like below. My main wan1 is encapsulated in vlan 201 (on a vlan sub-interface in the root vdom [muti-vdom env]), so when I do simple sniffing on wan1, I don't see anything but below:
fg50e-utm (root) # diag sniffer packet wan1 interfaces=[wan1] filters=[none] pcap_lookupnet: wan1: no IPv4 address assigned 1.275398 802.1Q vlan#201 P0 1.275494 802.1Q vlan#201 P0 1.277193 802.1Q vlan#201 P6 1.281916 802.1Q vlan#201 P0 1.281966 802.1Q vlan#201 P0 1.835575 802.1Q vlan#201 P0 1.881255 802.1Q vlan#201 P0 If you want to see it in wirehsark, you need to run like
diag sniffer packet <physical_int> none 6
And copy the output into a file, then convert it to a pacp file using fgt2eth.exe (if windows) described in the KB:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.