fortios_system_dhcp_server – Configure DHCP servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_dhcp feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_system_dhcp_server | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- system_dhcp_server - Configure DHCP servers. type: dict more...
- auto_configuration - Enable/disable auto configuration. type: str choices: disable, enable more...
- auto_managed_status - Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. type: str choices: disable, enable more...
- conflicted_ip_timeout - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. type: int more...
- ddns_auth - DDNS authentication mode. type: str choices: disable, tsig more...
- ddns_key - DDNS update key (base 64 encoding). type: str more...
- ddns_keyname - DDNS update key name. type: str more...
- ddns_server_ip - DDNS server IP. type: str more...
- ddns_ttl - TTL. type: int more...
- ddns_update - Enable/disable DDNS update for DHCP. type: str choices: disable, enable more...
- ddns_update_override - Enable/disable DDNS update override for DHCP. type: str choices: disable, enable more...
- ddns_zone - Zone of your domain name (ex. DDNS.com). type: str more...
- default_gateway - Default gateway IP address assigned by the DHCP server. type: str more...
- dhcp_settings_from_fortiipam - Enable/disable populating of DHCP server settings from FortiIPAM. type: str choices: disable, enable more...
- dns_server1 - DNS server 1. type: str more...
- dns_server2 - DNS server 2. type: str more...
- dns_server3 - DNS server 3. type: str more...
- dns_server4 - DNS server 4. type: str more...
- dns_service - Options for assigning DNS servers to DHCP clients. type: str choices: local, default, specify more...
- domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str more...
- exclude_range - Exclude one or more ranges of IP addresses from being assigned to clients. type: list member_path: exclude_range:id more...
- end_ip - End of IP range. type: str more...
- id - ID. type: int required: true more...
- lease_time - Lease time in seconds, 0 means default lease time. type: int more...
- start_ip - Start of IP range. type: str more...
- uci_match - Enable/disable user class identifier (UCI) matching. When enabled only DHCP requests with a matching UCI are served with this range. type: str choices: disable, enable more...
- uci_string - One or more UCI strings in quotes separated by spaces. type: list member_path: exclude_range:id/uci_string:uci_string more...
- uci_string - UCI strings. type: str required: true more...
- vci_match - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served with this range. type: str choices: disable, enable more...
- vci_string - One or more VCI strings in quotes separated by spaces. type: list member_path: exclude_range:id/vci_string:vci_string more...
- vci_string - VCI strings. type: str required: true more...
- filename - Name of the boot file on the TFTP server. type: str more...
- forticlient_on_net_status - Enable/disable FortiClient-On-Net service for this DHCP server. type: str choices: disable, enable more...
- id - ID. type: int required: true more...
- interface - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. type: str more...
- ip_mode - Method used to assign client IP. type: str choices: range, usrgrp more...
- ip_range - DHCP IP range configuration. type: list member_path: ip_range:id more...
- end_ip - End of IP range. type: str more...
- id - ID. type: int required: true more...
- lease_time - Lease time in seconds, 0 means default lease time. type: int more...
- start_ip - Start of IP range. type: str more...
- uci_match - Enable/disable user class identifier (UCI) matching. When enabled only DHCP requests with a matching UCI are served with this range. type: str choices: disable, enable more...
- uci_string - One or more UCI strings in quotes separated by spaces. type: list member_path: ip_range:id/uci_string:uci_string more...
- uci_string - UCI strings. type: str required: true more...
- vci_match - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served with this range. type: str choices: disable, enable more...
- vci_string - One or more VCI strings in quotes separated by spaces. type: list member_path: ip_range:id/vci_string:vci_string more...
- vci_string - VCI strings. type: str required: true more...
- ipsec_lease_hold - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). type: int more...
- lease_time - Lease time in seconds, 0 means unlimited. type: int more...
- mac_acl_default_action - MAC access control default action (allow or block assigning IP settings). type: str choices: assign, block more...
- netmask - Netmask assigned by the DHCP server. type: str more...
- next_server - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. type: str more...
- ntp_server1 - NTP server 1. type: str more...
- ntp_server2 - NTP server 2. type: str more...
- ntp_server3 - NTP server 3. type: str more...
- ntp_service - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. type: str choices: local, default, specify more...
- options - DHCP options. type: list member_path: options:id more...
- code - DHCP option code. type: int more...
- id - ID. type: int required: true more...
- ip - DHCP option IPs. type: list
- type - DHCP option type. type: str choices: hex, string, ip, fqdn more...
- uci_match - Enable/disable user class identifier (UCI) matching. When enabled only DHCP requests with a matching UCI are served with this option. type: str choices: disable, enable more...
- uci_string - One or more UCI strings in quotes separated by spaces. type: list member_path: options:id/uci_string:uci_string more...
- uci_string - UCI strings. type: str required: true more...
- value - DHCP option value. type: str more...
- vci_match - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served with this option. type: str choices: disable, enable more...
- vci_string - One or more VCI strings in quotes separated by spaces. type: list member_path: options:id/vci_string:vci_string more...
- vci_string - VCI strings. type: str required: true more...
- relay_agent - Relay agent IP. type: str more...
- reserved_address - Options for the DHCP server to assign IP settings to specific MAC addresses. type: list member_path: reserved_address:id more...
- action - Options for the DHCP server to configure the client with the reserved MAC address. type: str choices: assign, block, reserved more...
- circuit_id - Option 82 circuit-ID of the client that will get the reserved IP address. type: str more...
- circuit_id_type - DHCP option type. type: str choices: hex, string more...
- description - Description. type: str more...
- id - ID. type: int required: true more...
- ip - IP address to be reserved for the MAC address. type: str more...
- mac - MAC address of the client that will get the reserved IP address. type: str more...
- remote_id - Option 82 remote-ID of the client that will get the reserved IP address. type: str more...
- remote_id_type - DHCP option type. type: str choices: hex, string more...
- type - DHCP reserved-address type. type: str choices: mac, option82 more...
- server_type - DHCP server can be a normal DHCP server or an IPsec DHCP server. type: str choices: regular, ipsec more...
- shared_subnet - Enable/disable shared subnet. type: str choices: disable, enable more...
- status - Enable/disable this DHCP configuration. type: str choices: disable, enable more...
- tftp_server - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. type: list member_path: tftp_server:tftp_server more...
- tftp_server - TFTP server. type: str required: true more...
- timezone - Select the time zone to be assigned to DHCP clients. type: str choices: 01, 02, 03, 04, 05, 81, 06, 07, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 39, 41, 42, 43, 44, 45, 46, 47, 51, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 00, 82, 73, 86, 76 more...
- timezone_option - Options for the DHCP server to set the client"s time zone. type: str choices: disable, default, specify more...
- vci_match - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. type: str choices: disable, enable more...
- vci_string - One or more VCI strings in quotes separated by spaces. type: list member_path: vci_string:vci_string more...
- vci_string - VCI strings. type: str required: true more...
- wifi_ac_service - Options for assigning WiFi access controllers to DHCP clients. type: str choices: specify, local more...
- wifi_ac1 - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). type: str more...
- wifi_ac2 - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). type: str more...
- wifi_ac3 - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). type: str more...
- wins_server1 - WINS server 1. type: str more...
- wins_server2 - WINS server 2. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DHCP servers.
fortios_system_dhcp_server:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_dhcp_server:
auto_configuration: "disable"
auto_managed_status: "disable"
conflicted_ip_timeout: "1800"
ddns_auth: "disable"
ddns_key: "<your_own_value>"
ddns_keyname: "<your_own_value>"
ddns_server_ip: "<your_own_value>"
ddns_ttl: "300"
ddns_update: "disable"
ddns_update_override: "disable"
ddns_zone: "<your_own_value>"
default_gateway: "<your_own_value>"
dhcp_settings_from_fortiipam: "disable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_server3: "<your_own_value>"
dns_server4: "<your_own_value>"
dns_service: "local"
domain: "<your_own_value>"
exclude_range:
-
end_ip: "<your_own_value>"
id: "24"
lease_time: "0"
start_ip: "<your_own_value>"
uci_match: "disable"
uci_string:
-
uci_string: "<your_own_value>"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
filename: "<your_own_value>"
forticlient_on_net_status: "disable"
id: "35"
interface: "<your_own_value> (source system.interface.name)"
ip_mode: "range"
ip_range:
-
end_ip: "<your_own_value>"
id: "40"
lease_time: "0"
start_ip: "<your_own_value>"
uci_match: "disable"
uci_string:
-
uci_string: "<your_own_value>"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
ipsec_lease_hold: "60"
lease_time: "604800"
mac_acl_default_action: "assign"
netmask: "<your_own_value>"
next_server: "<your_own_value>"
ntp_server1: "<your_own_value>"
ntp_server2: "<your_own_value>"
ntp_server3: "<your_own_value>"
ntp_service: "local"
options:
-
code: "0"
id: "60"
ip: "<your_own_value>"
type: "hex"
uci_match: "disable"
uci_string:
-
uci_string: "<your_own_value>"
value: "<your_own_value>"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
relay_agent: "<your_own_value>"
reserved_address:
-
action: "assign"
circuit_id: "<your_own_value>"
circuit_id_type: "hex"
description: "<your_own_value>"
id: "76"
ip: "<your_own_value>"
mac: "<your_own_value>"
remote_id: "<your_own_value>"
remote_id_type: "hex"
type: "mac"
server_type: "regular"
shared_subnet: "disable"
status: "disable"
tftp_server:
-
tftp_server: "<your_own_value>"
timezone: "01"
timezone_option: "disable"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
wifi_ac_service: "specify"
wifi_ac1: "<your_own_value>"
wifi_ac2: "<your_own_value>"
wifi_ac3: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3