Documentation

Back to Home
June 17, 2025

DHCP server on Mikrotik, Cisco 7200, and Fortigate in GNS3

First, it is important to understand what a DHCP server is.

    DHCP (Dynamic Host Configuration Protocol) is a method where a server automatically assigns IP addresses to clients based on your configuration. There are some basic things you need to understand:

  1. Network range or IP pool: This is the range of IP addresses that the DHCP server can give to clients.
  2. Excluded addresses: These are IP addresses within the network range that the server will not assign to clients. They are often reserved for specific devices like printers, routers, or servers.
  3. Default gateway (or default router): This is the IP address of the router that allows devices to communicate outside the local network. It's important to define it to avoid IP conflicts and to make sure clients know where to send traffic meant for other networks.
  4. Lease time: This defines how long a client can use an assigned IP address before it must renew the lease or request a new one.

DHCP Server Configuration on FortiGate, Cisco, and MikroTik in GNS3

    In this documentation, I walk through configuring DHCP servers on three different network devices — FortiGate, Cisco, and MikroTik — within the GNS3 network simulation environment. Each device has its own method and interface for DHCP setup, making this a great exercise in understanding cross-platform configuration and behavior.

MikroTik DHCP Configuration

    MikroTik’s configuration was completed using terminal commands in GNS3, though its graphical interface, Winbox, is also available for those who prefer GUI-based setup. I began by creating an IP address pool, then activated the DHCP server on the chosen interface. I assigned the address pool, default gateway, and DNS settings as part of the setup. MikroTik stands out for its speed and simplicity, offering a flexible DHCP service that's especially well-suited for smaller networks and labs

Config Interface 

ip address add address=192.168.1.1/24 int=ether1

Config DHCP Server

ip pool name=pool1 ranges=192.168.1.2-192.168.1.10
ip dhcp-server add name=server1 address-pool =pool1 int=ether1 lease-time=1d disabled=no 
ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1

Show Config

ip pool print
ip dhcp-server print
ip dchp-server network print

Show Client 

ip dhcp-server lease print    

Cisco IOS DHCP Configuration

    On the Cisco router, DHCP was configured entirely using IOS CLI commands. I created a DHCP pool, assigned a network and subnet, and specified the default gateway and DNS servers. I also excluded certain IP addresses to prevent conflicts with statically assigned devices. Cisco’s CLI approach is highly structured and provides a robust set of features, but it requires familiarity with command syntax. This makes it ideal for those working in enterprise environments or preparing for Cisco certifications.

Config Interface

int fa0/0
    ip address 192.168.1.1 255.255.255.0
    no shutdown
    end

Config dhcp server

ip dhcp pool namepool
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    lease 1        ! lease time in days
    end

Show Configuration

show running config | include ip dhcp

Show Client 

show ip dhcp binding

FortiGate DHCP Configuration

    FortiGate provides a user-friendly interface through both Web GUI and CLI. In this setup, I connected an internal interface such as port2 to the local network. Using the Web GUI, I enabled DHCP server functionality by defining an IP address range, default gateway, and DNS server. Additionally, I used CLI commands to validate the configuration and make fine-tuned adjustments. The flexibility of managing DHCP services through both graphical and command-line interfaces makes FortiGate a powerful option for both beginners and experienced network administrators.

Config Interface 

conf sys int
    edit portx
    set mode static
    set ip 192.168.1.1/24
    set allowaccess ping    # icmp only
    end

Config dhcp server

config system dhcp server
    edit 1
    set interface portx
        conf ip-range
            set start-ip 192.168.1.2
            set end-ip 192.168.1.10
        end
    set lease-time 86400        # Lease time in seconds
    set netmask 255.255.255.0
    set default-gateway 192.168.1.1
    end

Show Configuration

show system dhcp server

Show Client 

get system dhcp server lease

    

In FortiGate, you can use the get command to retrieve information and the show command to display your configuration.

    Now, some of you might understand that the configuration above only shows how to set up a DHCP server on the LAN interface. But what if you want to use it on a WiFi or wired network? In that case, you need to change the interface from ether or fastethernet to either your wlan.

I’ll write the command for you, because we can’t practice this directly in a virtual lab—WiFi interfaces are usually not supported there.

MikroTik

Config Interface

interface wireless set wlan1 mode=ap-bridge ssid="Mywifi" disabled=no
interface wireless security-profiles add name=wifi_profile authentication-types=wpa2-psk wpa2-pre-shared-key="yourpassword"
interface wireless set wlan1 security-profile=wifi_profile

The rest of the setup is the same, just change the interface to wlan1

Cisco

Config Interface DHCP server only WLAN

dot11 ssid MyWiFi
    authentication open
    authentication key-management wpa version 2
    wpa-psk ascii 0 yourpassword
    guest-mode

interface Dot11Radio0
    ip address 192.168.10.1 255.255.255.0
    ssid MyWiFi
    no shutdown

Config Interface DHCP server mixed WLAN and LAN

dot11 ssid MyWiFi
    authentication open
    authentication key-management wpa version 2
    wpa-psk ascii 0 your_password_here
    guest-mode
    exit

interface Dot11Radio0
    ssid MyWiFi
    station-role root
    bridge-group 1
    no shutdown
    exit

interface FastEthernet0
    bridge-group 1
    exit

interface BVI1
    ip address 192.168.1.1 255.255.255.0

Fortigate

Same thing, you can configure in wifi interface but for ssid and key you have to connect fortiAP 

config wireless-controller vap
    edit "MyWiFi"
    set ssid "MyWiFi"
    set security wpa2-only-personal
    set passphrase "your_password_here"
    end

Image

Some of you may wonder how the client gets internet access. This is achieved using NAT, which we will configure in the next documentation.

Conclusion

IMO

  • MikroTik offers high flexibility and extensive customization at a low cost, making it a powerful choice for advanced users. However, its complexity can be challenging for beginners.
  • Cisco provides a robust and well-integrated networking platform. Its CLI allows real-time access to the running configuration, making it highly reliable for network management. While Cisco offers GUI tools, they are often additional products and not universally available, so the CLI remains the primary interface.
  • FortiGate prioritizes security as a next-generation firewall, with features such as blocking ping requests by default to reduce attack surfaces. This security-first approach makes it ideal for environments where protection is paramount.

    Each platform has strengths tailored to different networking needs: MikroTik excels in affordability and flexibility, Cisco in enterprise-grade stability and control, and FortiGate in advanced security. FortiGate’s GUI is generally more user-friendly and polished compared to MikroTik’s and Cisco’s interfaces.