In this post we will see how to config a basic DHCP scope to set the Fortigate as a DHCP server for a local interface and also how to monitor the assignment and check the leases.
First let's note we have no DHCP config. We will configure it for port2.
FG1 (server) # show
config system dhcp server
end
FG1 (server) # edit 1
new entry '1' added
FG1 (1) # set default-gateway 192.168.100.10
FG1 (1) # set netmask 255.255.255.0
FG1 (1) # set interface "port2"
FG1 (1) # set dns
dns-service Options for assigning DNS servers to DHCP clients.
dns-server1 DNS server 1.
dns-server2 DNS server 2.
dns-server3 DNS server 3.
dns-server4 DNS server 4.
FG1 (1) # set dns-server1 8.8.8.8
FG1 (1) # set dns-server2 8.8.4.4
FG1 (1) # config ip-range
FG1 (ip-range) # edit 1
new entry '1' added
FG1 (1) # set start-ip 192.168.100.200
FG1 (1) # set end-ip 192.168.100.220
FG1 (1) # end
FG1 (1) # end
FG1 #
Check the config.
FG1 # show system dhcp server 1
config system dhcp server
edit 1
set default-gateway 192.168.100.10
set netmask 255.255.255.0
set interface "port2"
config ip-range
edit 1
set start-ip 192.168.100.200
set end-ip 192.168.100.220
next
end
set dns-server1 8.8.8.8
set dns-server2 8.8.4.4
next
end
FG1 #
Do we have any leases? Not yet..
FG1 # execute dhcp
lease-clear Clear all DHCP leases.
lease-list List all DHCP leases.
FG1 # execute dhcp lease-list
FG1 #
Now for an assignment. Lets debug it.
FG1 # diag debug application dhcps -1
Debug messages will be on for 30 minutes.
FG1 # diag debug enable
FG1 # [debug]locate_network prhtype(1) pihtype(1)
[debug]find_lease(): packet contains preferred client IP, cip.s_addr is 192.168.100.220
[debug]search through all subnets to find an ip lease (192.168.100.220)
[debug]Start dumping IP address range:
[debug]IP Range from 192.168.100.200 to 192.168.100.219
[debug]found a new lease of ip 192.168.100.220
[debug]find_lease(): leaving function with lease set
[debug]find_lease(): the lease's IP is 192.168.100.220
[note]DHCPREQUEST for 192.168.100.220 from 00:0c:29:76:c9:ec via port2(ethernet)
[debug]added ip 192.168.100.220 mac 00:0c:29:76:c9:ec in vd root
[debug]packet length 292
[debug]op = 1 htype = 1 hlen = 6 hops = 0
[debug]xid = dcdcf6ff secs = 256 flags = 0
[debug]ciaddr = 0.0.0.0
[debug]yiaddr = 0.0.0.0
[debug]siaddr = 0.0.0.0
[debug]giaddr = 0.0.0.0
[debug]chaddr = 00:0c:29:76:c9:ec
[debug]filename =
[debug]server_name =
[debug] host-name = "lubuntu"
[debug] dhcp-requested-address = 192.168.100.220
[debug] dhcp-message-type = 3
[debug] dhcp-parameter-request-list = 1,3,12,15,6,2,26,28,121,33,40,41,42,54,119,249,252,17
[debug] dhcp-max-message-size = 576
[debug] dhcp-client-identifier = 1:0:c:29:76:c9:ec
[debug]
[pkt]000: 01 01 06 00 ff f6 dc dc 00 01 00 00 00 00 00 00
[pkt]010: 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 29 76
[pkt]020: c9 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0e0: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63
[pkt]0f0: 35 01 03 3d 07 01 00 0c 29 76 c9 ec 37 12 01 03
[pkt]100: 0c 0f 06 02 1a 1c 79 21 28 29 2a 36 77 f9 fc 11
[pkt]110: 39 02 02 40 32 04 c0 a8 64 dc 0c 07 6c 75 62 75
[pkt]120: 6e 74 75 ff
[note]DHCPACK on 192.168.100.220 to 00:0c:29:76:c9:ec via port2(ethernet)
[pkt]000: 02 01 06 00 ff f6 dc dc 00 01 00 00 00 00 00 00
[pkt]010: c0 a8 64 dc 00 00 00 00 00 00 00 00 00 0c 29 76
[pkt]020: c9 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pkt]0e0: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63
[pkt]0f0: 35 01 05 36 04 c0 a8 64 0a 33 04 00 09 3a 80 01
[pkt]100: 04 ff ff ff 00 03 04 c0 a8 64 0a 06 08 08 08 08
[pkt]110: 08 08 08 04 04 3a 04 00 04 9d 40 3b 04 00 08 13
[pkt]120: 30 e0 11 46 47 56 4d 45 56 42 4e 5f 5f 52 36 50
[pkt]130: 4c 34 39 00 ff
[debug]sending on port2(ethernet)
[debug]sending using lpf_dhcpd_send_packet
[warn]ipsec tun number: 0/0
[warn]start dumping leases
[warn]Backing up ipmacs
[warn]finished dumping dynamic ipmacs
[warn]Backing up leasefile
[warn]finished dumping all leases
FG1 # diag debug reset
diag debug disable
FG1 # diag debug disable
FG1 #
Other possible DHCP Debug options.
FG1 # diag debug application dhcp
dhcps DHCP server.
dhcp6s DHCPv6 server.
dhcprelay DHCP relay daemon.
dhcp6r DHCPv6 relay.
dhcpc DHCP client module.
dhcp6c DHCPv6 client.
And finally confirm the lease.
FG1 # execute dhcp lease-list port2
port2
IP MAC-Address Hostname VCI Expiry
192.168.100.220 00:0c:29:76:c9:ec lubuntu Fri May 1 16:20:43 2020
FG1 #
FG1 # get system status | grep Version
Version: FortiGate-VM64 v6.2.3,build1066,191218 (GA)
Release Version Information: GA
No comments:
New comments are not allowed.