- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Need help about configuring a WAN interface with D...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need help about configuring a WAN interface with DHCP options
Hello,
So I'm currently looking to swap my ISP's internet box by my own router/firewall. I have the possibility to get a FortiWifi 60D and I have trouble seeing if it will work. I have the cisco configuration which work and I wonder if I can do the same on this Fortinet.
Here is the config :
interface GigabitEthernet0/0/1
description Physical_Interface_to_Bytel
switchport access vlan 200
switchport mode trunk <- This won't work without it
mac-address XXXX.XXXX.XXXX <- ISP's box mac address
no ip address
interface Vlan200
ip dhcp client client-id hex XXXXXXXXXXXX
ip dhcp client class-id byteliad_data <- This is the important bit that is mandatory
ip address dhcp
ip nat outside
ip virtual-reassembly in
That's it. As you can see the DHCP is the tricky part. My WAN port need to be a DHCP client, and set a request with the option 60 (class vendor). The mac address may not be needed but if I can set it it will be great.
I also have an ubiquiti router configuration that may helps you understand a bit more the problem :
set interfaces ethernet eth0 description LAN
set interfaces ethernet eth1 description WAN
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.2 stop 192.168.1.100
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 ntp-server 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
set service dns forwarding listen-on eth0
set service dns forwarding listen-on eth2
set interfaces ethernet eth1 vif 200
set interfaces ethernet eth1 vif 200 address dhcp
set interfaces ethernet eth1 vif 200 description Internet
set interfaces ethernet eth1 vif 200 dhcp-options client-option "send vendor-class-identifier "byteliad_data";"
set interfaces ethernet eth1 vif 200 dhcp-options default-route update
set interfaces ethernet eth1 vif 200 dhcp-options default-route-distance 210
set interfaces ethernet eth1 vif 200 dhcp-options name-server update
set interfaces bridge br0
set interfaces ethernet eth1 vif 10
set interfaces ethernet eth1 vif 10 bridge-group bridge br0
set interfaces ethernet eth1 vif 10 description administration
set interfaces ethernet eth1 vif 100
set interfaces ethernet eth1 vif 100 bridge-group bridge br0
set interfaces ethernet eth1 vif 100 description TV
set interfaces ethernet eth2 address 192.168.20.1/24
set interfaces ethernet eth2 description Bbox
set interfaces ethernet eth2 vif 10
set interfaces ethernet eth2 vif 10 bridge-group bridge br0
set interfaces ethernet eth2 vif 10 description administration
set interfaces ethernet eth2 vif 100
set interfaces ethernet eth2 vif 100 bridge-group bridge br0
set interfaces ethernet eth2 vif 100 description TV
set service nat rule 5000 type masquerade
set service nat rule 5000 description "Masquerade"
set service nat rule 5000 outbound-interface eth1.200
set system offload ipv4 vlan enable
set interfaces ethernet eth2 vif 200
set interfaces ethernet eth2 vif 200 address 10.10.2.1/24
set interfaces ethernet eth2 vif 200 description Internet-Bbox
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 start 10.10.2.2 stop 10.10.2.5
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 dns-server 10.10.2.1
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 default-router 10.10.2.1
So yeah, can I do the same with a Fortinet ?
Every bit of help will be greatly appreciated.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My ISP at home als requires a vendor-class-identifier and must be in a specific vlan.
I tried this some months ago, at that time there was no option to send a vendor-class-identifier with the DHCP request on the FortiGate. afaik nothing has changed here.
Interestingly the DHCP Server on the Fortigate is able to send custom DHCP parameters. But not if it's acting as a DHCP Client.
So I ended up using a simple linux router which does the DHCP communication, NATing and IGMPproxy for IPTV.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
localhost wrote:Thank you. May I ask what do you use as a firewall ?My ISP at home als requires a vendor-class-identifier and must be in a specific vlan.
I tried this some months ago, at that time there was no option to send a vendor-class-identifier with the DHCP request on the FortiGate. afaik nothing has changed here.
Interestingly the DHCP Server on the Fortigate is able to send custom DHCP parameters. But not if it's acting as a DHCP Client.
So I ended up using a simple linux router which does the DHCP communication, NATing and IGMPproxy for IPTV.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Debian netinst on Hyper-V. Takes about 10s to boot. :)
admin@LINUX03:~# cat /etc/dhcp/dhclient.conf | grep class-id -A 4 -B 3
#initial-interval 2;
#script "/etc/dhcp3/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
send vendor-class-identifier "100008,0001,,Firewall";
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Issue L2TP over IPSEC with Radius... 261 Views
- Cannot connect to network: Create VPN... 399 Views
- configure interfaces as a switch 135 Views
- Fortigate Not Receiving Public IP from... 300 Views
- Help Needed: DDNS Not Working and... 525 Views
Labels
-
FortiGate
7,108 -
FortiClient
1,401 -
5.2
801 -
5.4
639 -
FortiManager
615 -
FortiAnalyzer
450 -
6.0
416 -
FortiAP
373 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
288 -
FortiMail
276 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
125 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
100 -
FortiGateCloud
95 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
47 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
38 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
Interface
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
17 -
Routing
15 -
FortiMonitor
14 -
Authentication
14 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
FortiDDoS
13 -
RADIUS
12 -
FortiCASB
12 -
NAT
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
OSPF
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
FortiScan
4 -
Web rating
4 -
FortiDeceptor
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
FortiDB
3 -
DLP sensor
3 -
DoS policy
3 -
Email filter profile
3 -
Fabric connector
2 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
DLP Dictionary
2 -
VoIP profile
2 -
DLP profile
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Internet Service Database
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1057 | |
| 874 | |
| 521 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.