system : dhcp server
 
dhcp server
Use this command to add one or more DHCP servers for any FortiGate interface. As a DHCP server, the interface dynamically assigns IP addresses to hosts on a network connected to the interface.
You can use the config system dhcp reserved command to reserve an address for a specific MAC address. For more information see system dhcp reserved-address.
This command is available only in NAT/Route mode.
Syntax
config system dhcp server
edit <server_index_int>
set status {enable | disable}
set auto-configuration {enable | disable}
set conflicted-ip-timeout <timeout_int>
set default-gateway <address_ipv4>
set dns-server1 <address_ipv4>
set dns-server2 <address_ipv4>
set dns-server3 <address_ipv4>
set dns-service {default | specify | local}
set domain <domain_name_str>
set domain <domain_name_str>
set forticlient-on-net-status {enable | disable}
set interface <interface_name>
set lease-time <seconds>
set netmask <mask>
set next-server <class_ip>
set ntp-server1 <ipv4_addr>
set ntp-server2 <ipv4_addr>
set ntp-server3 <ipv4_addr>
set ntp-service {default | specify | local}
set option1 <option_code> [<option_hex>]
set option2 <option_code> [<option_hex>]
set option3 <option_code> [<option_hex>]
set option4 <option_code> [<option_hex>]
set option5 <option_code> [<option_hex>]
set option6 <option_code> [<option_hex>]
set server-type {ipsec | regular}
set tftp-server <tftp_ip>
set timezone-option {default | disable | specify}
set vci-match {enable | disable}
set wifi-ac1 <ipv4_addr>
set wifi-ac2 <ipv4_addr>
set wifi-ac3 <ipv4_addr>
set wins-server1 <wins_ipv4>
set wins-server2 <wins_ipv4>
config exclude-range
edit <excl_range_int>
set end-ip <end_ipv4>
set start-ip <start_ipv4>
config ip-range
edit <ip_range_int>
set end-ip <address_ipv4>
set start-ip <address_ipv4>
config reserved-address
edit <id_int>
set description <desc_str>
set ip <ipv4_addr>
set mac <mac_addr>
end
end
Variable
Description
Default
edit <server_index_int>
Enter an integer ID for the DHCP server.
 
status {enable | disable}
Enable or disable this DHCP server configuration.
enable
auto-configuration {enable | disable}
Enter the server’s response to client option 116 requests:
enable — client can assign itself a "link-local" address.
disable — client must not assign itself a "link-local" address.
For more informatio, see RFC2563.
enable
conflicted-ip-timeout <timeout_int>
Enter the time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. Valid range is from 60 to 8640000 seconds (1 minute to 100 days).
1800
default-gateway <address_ipv4>
The IP address of the default gateway that the DHCP server assigns to DHCP clients.
0.0.0.0
dns-server1 <address_ipv4>
The IP address of the first DNS server that the DHCP server assigns to DHCP clients. Used if dns-service is set to specify.
0.0.0.0
dns-server2 <address_ipv4>
The IP address of the second DNS server that the DHCP server assigns to DHCP clients. Used if dns-service is set to specify.
0.0.0.0
dns-server3 <address_ipv4>
The IP address of the third DNS server that the DHCP server assigns to DHCP clients. Used if dns-service is set to specify.
0.0.0.0
dns-service {default | specify | local}
Select default to assign DHCP clients the DNS servers added to the FortiGate unit using the config system dns command.
Select specify to specify the DNS servers that this DHCP server assigns to DHCP clients. Use the dns-server# options to add DNS servers to this DHCP server configuration.
Select local to use this FortiGate unit as a DNS server.
specify
domain <domain_name_str>
Domain name suffix for the IP addresses that the DHCP server assigns to DHCP clients.
 
filename <filename_str>
Name of firmware image to be flashed.
 
forticlient-on-net-status {enable | disable}
Enable to send FortiGate serial number to endpoint devices to test for on-net status.
disable
interface <interface_name>
The FortiGate unit interface that this DHCP server can assign IP addresses from. Devices connected to this interface can get their IP addresses from this DHCP server. You can only add one DHCP server to an interface.
 
lease-time <seconds>
The interval in seconds after which a DHCP client must ask the DHCP server for new settings. The lease duration must be between 300 and 864,000 seconds (10 days).
Set lease-time to 0 for an unlimited lease time.
604800
(7 days)
netmask <mask>
The DHCP client netmask assigned by the DHCP server.
0.0.0.0
next-server <class_ip>
The IP address of the next bootstrap server.
0.0.0.0
ntp-server1 <ipv4_addr>
ntp-server2 <ipv4_addr>
ntp-server3 <ipv4_addr>
The IP addresses of up to three NTP servers.

0.0.0.0

0.0.0.0

0.0.0.0
ntp-service {default | specify | local}
Select default to use system NTP settings.
Select specify to specify the NTP servers that this DHCP server assigns to DHCP clients. Use the ntp-server# options to add NTP servers to this DHCP server configuration.
Select local to use this FortiGate unit as an NTP server.
specify
option1 <option_code> [<option_hex>]
option2 <option_code> [<option_hex>]
option3 <option_code> [<option_hex>]
option4 <option_code> [<option_hex>]
option5 <option_code> [<option_hex>]
option6 <option_code> [<option_hex>]
The DHCP server can send up to six custom DHCP options. option_code is the DHCP option code in the range 1 to 255. option_hex is an even number of hexadecimal characters. For detailed information about DHCP options, see RFC 2132, DHCP Options and BOOTP Vendor Extensions.
0
server-type {ipsec | regular}
Enter the type of client to serve:
regular client connects through regular Ethernet
ipsec client connects through IPsec VPN
regular
tftp-server <tftp_ip>
Hostname or IP address of the TFTP server.
 
timezone-option {default | disable | specify}
Time zone settings.
default — Use system time zone settings.
disable — Disable time zone option.
specify — Specify time zone.
disable
vci-match {enable | disable}
Enable to turn on vendor class identifier (VCI) matching. When enabled only DHCP requests with the matching VCI string will be served.
disable
wifi-ac1 <ipv4_addr>
wifi-ac2 <ipv4_addr>
wifi-ac3 <ipv4_addr>
The IP addresses of up to three WiFi controllers.
0.0.0.0
0.0.0.0
0.0.0.0
wins-server1 <wins_ipv4>
The IP address of the first WINS server that the DHCP server assigns to DHCP clients.
0.0.0.0
wins-server2 <wins_ipv4>
The IP address of the second WINS server that the DHCP server assigns to DHCP clients.
0.0.0.0
config exclude-range fields
 
edit <excl_range_int>
Enter an integer ID for this exclusion range.
Configure a range of IP addresses to exclude from the list of DHCP addresses that are available. On models 100 and higher you can add up to 16 exclusion ranges. On lower-numbered models the maximum is 4 exclusion ranges.
No default.
end-ip <end_ipv4>
The end IP address in the exclusion range. The start IP and end IP must be in the same subnet.
0.0.0.0
start-ip <start_ipv4>
The start IP address in the exclusion range. The start IP and end IP must be in the same subnet.
0.0.0.0
config ip-range fields
 
edit <ip_range_int>
Enter an integer ID for this IP address range.
Configure the range of IP addresses that this DHCP server can assign to DHCP clients. You can add up to 16 ranges of IP addresses that the FortiGate DHCP server can assign to DHCP clients.
No default.
end-ip <address_ipv4>
The end IP in the IP addresses range that this DHCP server assigns to DHCP clients. The IP range is defined by the start-ip and the end-ip fields which should both be in the same subnet.
0.0.0.0
start-ip <address_ipv4>
The starting IP for the range of IP addresses that this DHCP server assigns to DHCP clients. The IP range is defined by the start-ip and the end-ip fields which should both be in the same subnet.
0.0.0.0
timezone <tz_int>
Enter timezone number. To see the list of timezone values, enter set timezone ?
This is available when timezone-option is specify.
 
timezone-option {disable | default | specify}
Set option for timezone handling:
disable — Disable time zone option
default — use system time zone settings
specify — specify time zone manually
default
config reserved-address fields
 
edit <id_int>
Enter an ID number for this IP address entry.
Configure one or more IP addresses that are reserved. These addresses cannot be given out by the DHCP server. There can be a maximum of 16 entries.
No default.
description <desc_str>
Optionally, enter a description for the host.
 
ip <ipv4_addr>
Enter an IP address to reserve. It will be bound to this MAC address.
0.0.0.0
mac <mac_addr>
Enter a MAC address that will be bound to this IP address. If this MAC address comes up in the DHCP list, it will be ignored.
00:00:00:00:00:00