we have some Query - 60F and already its configured, but now we are planning to make some changes for some reasons, so we have some doubts which before implementing need to be clear..
Currently system connected with wired & wireless,
so we want to make different policy based on IP address, as we plan to make DHCP IP range which have different policy…
and another IP range will assign by Mac address, so is it there any option to make like this IP range will go to this MAC address via DHCP.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi kapilkala,
If I understood your requirement correctly, you would like to configure DHCP IP ranges based on clients MAC addresses.
You can do so in DHCP server configuration > MAC Reservation. You can find further info in the TechTips below:
If I understand your request you just need DHCP reservation.
not neccessarily. But he needs some way to have his dhcp only hand out an ip to specified devices which can be achieved by configuring the dhcp server to block unknown requests and then set up mac addresses to assing an ip. But it doesn't need to be reserved for that.
And if one then creates an address object for that ip-range it can also be used in policies that affect just this range. One just mast make sure that these policies come before any other ones that would match the traffic.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
where I understood you sent IP-MAC binding, but my requirements is like
I want to do configuration like example -
DHCP server - 192.168.10.10-192.168.10.100 from this IP will create policy and give limit access for users which have wired & wireless also ...
DHCP server - 192.168.10.150-192.168.10.180 for management wired or wireless want to make different policy and set them mac binding ...
this is my requirement or any other way to do this configuration..
Yes you can do that. However a bad user can easily give himself a static IP in the wrong network so he can have access to the privileged resources.
So I think is more secure if you separate the users physically by VLANs or SSIDs.
hence you cannot have more than one dhcp server per interface this will require you to indeed do ip reservations to have clients get ips of the corresponding range.
Then create two address objects for the ranges and use them for makeing the needed policies.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.