Description
This article describes how to configure options 60, 66, and 67 in DHCP server configuration in FortiGate.
Scope
FortiGate.
Solution
The Dynamic Host Configuration Protocol (DHCP) options provide desired parameters (TCP/IP stack) to be pushed to the client for end-to-end communication. It is sometimes desirable to configure options like VCI, Boot server, etc. It is possible to achieve the same when FortiGate acts as a DHCP server.
This document describes how to configure the following options:
60: Vendor Class Identifier.
43: Contains Vendor-specific information that the DHCP server has been configured to offer to the client. The information is sent to the client only if the server has a Vendor Class Identifier (VCI) in its table that matches the VCI in the client’s DHCPREQUEST.
66: Boot Server Host IP.
67: BootFile Name when the initial DHCP offer from the DHCP server contains these boot options.
Config example:
config system dhcp server
edit 2
set dns-service default
set default-gateway 10.146.6.118
set next-server 172.17.10.21
set netmask 255.255.240.0
set interface "port3"
config ip-range
edit 1
set start-ip 10.146.0.2
set end-ip 10.146.15.254
set vci-match enable
set vci-string "MS-UC-Client"
next
end
set filename "pxeboot.com"
config options
edit 1
set code 43
set vci-match disable
set uci-match disable
set value "2b1a312e322e332e34"
next
end
next
end
There are two ways to configure option 66. Either enable it in IP range or in options, or enable in IP range if there is an option that is specific to the vendor. It is also possible to enable the VCI in the options section and define the VCI-String:
config system dhcp server
edit <id>
config ip-range
edit <id>
set vci-match {enable | disable}
set vci-string <string>
next
end
config options
edit <id>
set vci-match {enable | disable}
set vci-string <string>
next
end
next
end
Option 43 is available if there is no specific command:
config system dhcp server
edit <>
config options
edit <>
set code <>
set type {hex | string | ip | fqdn}
set vci-match {enable | disable}
set uci-match {enable | disable}
set value "2b1a312e322e332e34"
next
end
Option 66 command for the next server IP:
config system dhcp server
edit <>
set next-server 172.17.10.21
next
end
Option 67 is the file name command:
config system dhcp server
edit <>
set filename {string}
next
end
Note:
Make sure to put the file name in the following format set filename 'Boot\\x64\\Images\\boot.win'.
If ports 67 and 68 are in open capture mode on FortiGate and the configuration is complete, it will be possible to see the options that are sent to the client machine. In DHCP debug, not all parameters are seen, so it is better to take a capture.
Take a capture using the command below:
diagnose sniffer packet any " port 67 and port 68" 6 0 l
To convert the capture, follow the below guide. There is a tool 'fgt2eth.exe.12.2014.zip' attached at the bottom of the guide which can be used to convert the sniffer text file to PCAP:
Follow the below guide for DHCP debugging:
Technical Tip: Diagnosing DHCP on a FortiGate
Related documents:
