I am currently investigating how we can replace a dnsmasq(1) based dhcp server with FortiGate.
For that I need to enter a lot (and I mean a LOT) of dhcp reservations and I am looking for an efficient way to re-use or import the current dhcp reservation files from dnsmasqdhcp, at least for the initial configuration.
Such a reservations file can look like this:
[...]
40:b0:34:9d:10:aa,id:*,hf-lj-zi103,192.168.99.79,set:vlan80
##c8:d3:ff:11:18:02,id:*,hf-ljm651dn,192.168.100.240,set:vlan80
c8:d3:ff:11:18:02,id:*,hf-ljm651dn,192.168.100.240,set:vlan80-forti # Test GW=fortihf-81, dh.2010132004
[...]
"set:" is used to assign a tag that will provide different dhcp options (i.e. GW, DNS, etc.) in the config file.
But basically I need the entries in bold (I think), to be added to the right dhcp server.
Anyway, I can convert i.e. the first line into something like this in CLI (http://docs.fortinet.com/document/fortigate/6.4.2/cli-reference/57620/system-dhcp-server) (lines with # are added by me for clarification. I know that this is not valid in real CLI):
config system dhcp server
edit 4 # seems there is no way to name this differently in the GUI, can I name it here?
config reserved-address
edit 1
set ip 192.168.99.79 # when this line exists, set "action reserved seems" to be implicit?
set mac 40:b0:34:9d:10:aa
set action reserved # really needed if "set ip" is there?
set description "hf-lj-zi103"
next
end
next
end
However, this is s tedious task or I have to create a script (and I am not really a coder).
A one-liner would help too.
Is there a simpler way? Perhaps an import function for tables, .csv, etc. of dhcp reservations, which I have overseen?
(in the interface GUI, DHCP server, "Add from DHCP Client List".. would be nice to see an "import" button there)
Or is there perhaps already a script or tool available out there?
Other question:
Can I actually assign a proper name (instead of "4" or "1") to the dhcp server and the sub configurations?
Thanks
Dan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hm it does work here...
just it always creates a new dhcp server if you don't change the first "edit 0" line...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Yes, it does work indeed.
The tool just does not like empty lines and lines that start with #
I coped those two cases in my c#. My Prog will ignore lines that are too short (or empty) or start with "#".
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello,
Found this nice script, but it get's an internal server error when you run it.
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
dan_itn wrote:Perhaps I had a server issue at that time. I just tried and it is working now.http://fortinet.camerabob.com:5190/reservations.cgi
does not work anymore :(
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
So, here is a little update, for those that do it 'The Excel Way'.
Seems like commands changed a bit in FortiOS 7+, the following is tested on 7.0.9.
Prepare your list of DHCP reservations, and use a formula like this, to make a text to paste in a text-editor:
A2: IP address, B2: MAC address
="edit 0"&CHAR(10)&"set ip "&A2&CHAR(10)&"set mac "&B2&CHAR(10)&"next"
Copy-Paste the lines into a text editor, like Notepad++, and Find/Replace the Quotes that Excel might add around each line.
In FG CLI,
config system dhcp server
edit VLANID/scopeID
config reserved-address
If you need to Replace ALL former DHCP reservations (in this VLAN):
purge
Now paste in the lines, that should look like this:
edit 0
set ip 10.nn.nn.nn
set mac ac:cc:8e:34:8a:22
next
If unsure, test with one entry.
I have just added 100+ entries to a VLAN using this method, in about 30 sec.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.