FortiGate DHCP based on mac pattern

wws · ‎04-01-2025

New Fortinet admin here. I'm looking to configure the built-in DHCP server to push an alternate VLAN & Subnet based on MAC address. This would be used for VoIP phones.

For example, the DHCP server would hand out 10.0.0.2 on VLAN 0 to the first non-VoIP device on the LAN. But, if the MAC address matches those used by our VoIP handsets, it would hand out 10.0.1.2 on VLAN 100.

I'm looking to do this without forcing specific ports on the switches to be dedicated to the phones.

Any ideas?

Thanks in advance!

AEK · ‎04-01-2025

If I understand well your requirement you want to assign a VLAN (and IP) to a device depending on its type.

If so then you need a NAC (like FortiNAC).

Or at least you may try achieve it with a RADIUS server.

AEK

wws · ‎04-02-2025

Correct - I would like to assign by MAC address pattern/prefix.

Definitely not something that requires radius or a special security/authentication device/service. A linux or windows DHCP server could tackle this... but I was hoping to avoid going down that road.

AEK · ‎04-02-2025

If you just want to assign an IP by MAC then a DHCP is enough.

But if you want to assign a VLAN as well, then I don't see how you can do it with DHCP. As per my knowledge only RADIUS or NAC can do that.

AEK

Toshi_Esumi · ‎04-02-2025

This "VCI matching" might work for your needs. I haven't tested it myself though.
https://docs.fortinet.com/document/fortigate/7.2.0/new-features/59285/add-vci-pattern-matching-as-a-...

But the same device types exist in different groups, it won't work.

Toshi

FortiGate DHCP based on mac pattern

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website