How can I provide a different address range using DHCP on the same VLAN?

DeF4ulT · ‎06-21-2024

Hi, I have a Fortigate 60F with FortiOS v6.4.6 and I want to distribute a different range of IP addresses based on the switch port to which the client is connected. For that, I am using a 24-port Aruba 1930 Swit

I have configured the VLAN on the Fortigate and activated the DHCP server on it. The server distributes the IP addresses in two ranges: 192.168.10.1 - 192.168.10.100 and 192.168.10.101 - 192.168.10.200.

The VLAN is linked to the internal interface, and I have linked port 1 of the Fortigate to a trunked port on the switch.

I want switch ports 1 to 12 to receive the first DHCP range and 13 to 20 to receive the other range. Is there a way to do this?

Thanks in advance.

amrit · ‎06-22-2024

Since the DHCP server is configured on the VLAN interface, only the DHCP requests received on this VLAN will be replied to by the fortigate. Fortigate cannot differentiate if the traffic is coming from port 1 to 12 or from port 13 to 20 of your switch. I recommend adding ports 1 to 12 under one vlan and 13 to 20 on a separate VLAN. So basically, tag these ports on the switch and add two VLANs on the fortigate or you can use the DHCP relay agent on the fortigate which will send all the DHCP traffic to your internal server. The server then can assign the ip based on the vlan tag

Amritpal Singh

DPadula · ‎06-22-2024

Hi DeF4uIT,

Keep in mind that version 6.4.x is gonna be out of support soon.
You should be aware about the EOS for each FortiOS. In case you guys haven't planned an upgrade to a newer version you should start to think about it. Here is a table will all FortiOS version and the last day of support.