DHCP forwarding with Cisco and Fortigate
When configuring a network with a central Fortigate firewall and a Cisco 871 router placed on the site I had a problem getting the DHCP relay feature to work.
On the Cisco router I configured the interface as shown below:
interface Vlan1
ip address 10.10.10.10
255.255.255.0
ip helper-address 1.1.1.1
The Cisco router forwarded the DHCP packet but I did not get any IP address. When using a packet sniffer I found that the Cisco router sent out the packet with source address=0.0.0.0. The Fortigate firewall did not approve this.
To solve this I removed the helper-address and typed in these lines instead:
service dhcp
ip dhcp relay information policy keep
ip dhcp pool LAN
relay source 10.10.10.0 255.255.255.0
relay
destination 1.1.1.1
This changed the source address and solved my DHCP forwarding issue.
Labels: cisco
posted by Helge Olav Helgsen @ 12:37
3 comments
links to this post
3 Comments:
I wonder how would you set ip-helper for DHCP with Fortigate only... If that is at all possible...
On the Fortigate setting up a DHCP relay is pretty simple. You can to this from the GUI as well by moving down to the System - DHCP tab on the left hand side.
From the CLI
config system interface
edit internal
set dhcp-relay-service enable
set dhcp-relay-ip "1.2.3.4"
end
end
So, if someone was having an issue with Fortigate authenticating them through AD with wireless, but not on LAN, would setting up the DHCP relay this way fix the issue?
Post a Comment
Links to this post:
Create a Link
<< Home