Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
52000cc
New Contributor

Created on ‎12-26-2024 05:39 PM

DHCP option problem

How can I enable DHCP options for a single host? For example, I need to assign a different gateway to a specific host.

Labels:
494
0 Kudos
14 REPLIES 14
kaman
Staff
Staff

Created on ‎12-27-2024 12:57 AM Edited on ‎12-27-2024 12:58 AM

Hi 52000cc,

Please refer to the below document for more information:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-DHCP-Options/ta-p/197451

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-DHCP-option-60-66-and-67-FortiGa...

Regards,
Aman

309
ebilcari
Staff
Staff

Created on ‎12-27-2024 03:40 AM

I did some lab tests because I was also curios and it seems that the Router/gateway option can't not be overwritten in the DHCP offer like the other options:

 

dhcp offer.PNG

 

cconfig system dhcp server
..

config ip-range
 edit 2
  set start-ip 10.100.100.101
  set end-ip 10.100.100.109
  set vci-match enable
  set vci-string "udhcp 1.37.0"
next
end
config options
 edit 1
  set code 3
  set type ip
  set vci-match enable
  set vci-string "udhcp 1.37.0"
  set ip "10.100.100.254"
 next
 edit 2
  set code 150
  set type ip
  set vci-match enable
  set vci-string "udhcp 1.37.0"
  set ip "10.100.100.250"
 next
end
set vci-match enable
set vci-string "udhcp 1.37.0"

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
287
ebilcari
Staff
Staff
In response to ebilcari

Created on ‎12-27-2024 04:01 AM

Update: If the default-gateway is removed from DHCP server configuration, FGT will send the new gateway as a custom option:

 

config system dhcp server
 edit 27
  unset default-gateway

 

This change will also affect the hosts that are not matching this VCI, if the other hosts can match with a VCI, the default gateway can be sent the same way.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
279
0 Kudos
52000cc
New Contributor

Created on ‎12-27-2024 04:28 AM

How can I configure the system to assign a different gateway to a host with a specific MAC address?

271
0 Kudos
Renante_Era
Staff
Staff

Created on ‎12-27-2024 01:17 PM

since it's only one host, why not assign static IP address on that device instead of obtaining IP address from DHCP?

BSCS, BCIS, MIT
220
0 Kudos
52000cc
New Contributor

Created on ‎12-27-2024 03:35 PM

If I set the IP address manually, it becomes very inconvenient to change it every time the machine is moved. There are several machines that need to use different gateways. I use to use Cisco setup as below..
ip dhcp pool HOSTXXX
host 192.168.1.68 255.255.255.0
client-identifier 01xx.xxxx.xxxx.xx
...

207
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to 52000cc

Created on ‎12-27-2024 04:13 PM

That's NOT assigning a gateway, but an IP reservation for a single host. Unlike Cisco, FGT can specify the host only by MAC address, not client-identifier.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DHCP-IP-reservation-on-FortiGat...

Toshi

196
0 Kudos
52000cc
New Contributor

Created on ‎12-27-2024 04:23 PM

Because I forgot the exact command for this, the command I wrote only reserves the IP address. Either way, does the Fortigate not support assigning IP, gateway, DNS, etc., based on the MAC address?

186
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to 52000cc

Created on ‎12-27-2024 04:32 PM Edited on ‎12-27-2024 04:36 PM

Same as Cisco. Gateway, DNS, IP ranges are assigned in the main pool. Then if you need to assign a specific IP to a single host, you need to reserve the IP base on the MAC/hardware-address INSIDE the pool.

Just show us what you have configured in Cisco.

Toshi

180
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.