Cloud Managed Networks

Hey everybody.

This is probably an easy fix for, but I am in the process of enabling dhcp snooping on the switches at a customer.

The network is designed with a fortigate in front, which is the dhcp server in each vlan, and one "core" switch connected to the fortigate, and the other switches connected to the core switch.

The question I have is if I am gonna use the command dhcpv4-snooping authorized server x.x.x.x in the config state, which ip from the fortigate should I use?
Lets say the fortigate is dhcp for these 3 subnets (10.1.1.0, 10.1.2.0, 10.1.3.0) and the fortigate has an ip address in each of those subnets.
should i then authorize all of the ip? or is it enough with one of them?

Regards.

That depends on the implementation of the DHCP server in the FortiGate. You could make it easy and set the physical interfaces to trust or you can capture a response to your PC with Wireshark and have a look into the source IP of the DHCP Offer.

My guess would be the local IP of the subnet.

------------------------------
Thanks,
Bjarne
------------------------------

Original Message:
Sent: Oct 12, 2022 08:08 AM
From: Jørgen Wasmuth
Subject: dhcp snooping 6100

Hey everybody.

This is probably an easy fix for, but I am in the process of enabling dhcp snooping on the switches at a customer.

The network is designed with a fortigate in front, which is the dhcp server in each vlan, and one "core" switch connected to the fortigate, and the other switches connected to the core switch.

The question I have is if I am gonna use the command dhcpv4-snooping authorized server x.x.x.x in the config state, which ip from the fortigate should I use?
Lets say the fortigate is dhcp for these 3 subnets (10.1.1.0, 10.1.2.0, 10.1.3.0) and the fortigate has an ip address in each of those subnets.
should i then authorize all of the ip? or is it enough with one of them?

Regards.

Put a Windows PC on each of those subnets, and run 'ipconfig /all' at a command prompt.  It will show you the DHCP Server IP address.  I'd be it's the Fortigate IP on each subnet, but that will confirm it.  You'd have to add each of those as authorized.

Original Message:
Sent: Oct 12, 2022 08:08 AM
From: JW94
Subject: dhcp snooping 6100

Hey everybody.

This is probably an easy fix for, but I am in the process of enabling dhcp snooping on the switches at a customer.

The network is designed with a fortigate in front, which is the dhcp server in each vlan, and one "core" switch connected to the fortigate, and the other switches connected to the core switch.

The question I have is if I am gonna use the command dhcpv4-snooping authorized server x.x.x.x in the config state, which ip from the fortigate should I use?
Lets say the fortigate is dhcp for these 3 subnets (10.1.1.0, 10.1.2.0, 10.1.3.0) and the fortigate has an ip address in each of those subnets.
should i then authorize all of the ip? or is it enough with one of them?

Regards.