New Fortinet admin here. I'm looking to configure the built-in DHCP server to push an alternate VLAN & Subnet based on MAC address. This would be used for VoIP phones.
For example, the DHCP server would hand out 10.0.0.2 on VLAN 0 to the first non-VoIP device on the LAN. But, if the MAC address matches those used by our VoIP handsets, it would hand out 10.0.1.2 on VLAN 100.
I'm looking to do this without forcing specific ports on the switches to be dedicated to the phones.
Any ideas?
Thanks in advance!
If I understand well your requirement you want to assign a VLAN (and IP) to a device depending on its type.
If so then you need a NAC (like FortiNAC).
Or at least you may try achieve it with a RADIUS server.
Correct - I would like to assign by MAC address pattern/prefix.
Definitely not something that requires radius or a special security/authentication device/service. A linux or windows DHCP server could tackle this... but I was hoping to avoid going down that road.
If you just want to assign an IP by MAC then a DHCP is enough.
But if you want to assign a VLAN as well, then I don't see how you can do it with DHCP. As per my knowledge only RADIUS or NAC can do that.
Created on 04-02-2025 04:06 PM Edited on 04-02-2025 05:43 PM
This "VCI matching" might work for your needs. I haven't tested it myself though.
https://docs.fortinet.com/document/fortigate/7.2.0/new-features/59285/add-vci-pattern-matching-as-a-...
But the same device types exist in different groups, it won't work.
Toshi
Just a quick follow-up that we went with Auto-VoIP-VLAN on our switches, and created a separate LAN (VLAN Interface) on the FortiGate side of things. It works, but has introduced another conundrum.
Separate post on that here: https://community.fortinet.com/t5/Support-Forum/Change-MAC-address-for-HA-d-LAN-interface/m-p/390425...
User | Count |
---|---|
2534 | |
1351 | |
795 | |
641 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.