Description

This article describes how to push static routes from FortiGate DHCP server using RFC 3442 DHCP Option 121.

Solution

DHCP Option 121 uses hexadecimal representation of decimal values.
It is compatible with all Windows machines except XP and Server 2003.
Also Linux accepts routes learned by DHCP Option 121.

The format is a concatenation of three sections, with no delimiting characters:

<mask> <destination subnet> <next hop IP>

Note that the destination subnet is condensed but only down to the size of the CIDR mask, rounded up to the nearest octet.

For example, here is the formatting for three different routes; spaces are added for clarity:

08 0A C0A80201      10.0.0.0/8

10 0A00 C0A80201    10.0.0.0/16

14 0A0000 C0A80201  10.0.0.0/20

Note the additional zeroes in the destination subnet section; although it is only to zero, the output length is different because the destination subnet is extended up to and including the octet of the CIDR mask boundary.

Each route statement is then concatenated together into a single hexadecimal statement.

As an example:

1st route.

10.0.0.0/8 with gateway 192.168.2.1
Hex value has to be: /8=08, 10.0.0.0=0A, 192.168.2.1=C0A80201                       

Output value: 080AC0A80201

2nd route.

172.16.0.0/16  with gateway 192.168.2.1
Hex value has to be: /16=10, 172.16.0.0=AC10, 192.168.2.1=C0A80201         

Output value: 10AC10C0A80201

3rd route.

192.168.15.0/24  with gateway 192.168.2.1
Hex value has to be: /24=18, 192.168.15.0=C0A80F, 192.168.2.1=C0A80201     

Output value: 18C0A80FC0A80201

The final concatenated result then would be:

080AC0A8020110AC10C0A8020118C0A80FC0A80201

On FortiGate, DHCP Options can be configured from the GUI or CLI.

From GUI.

Go to  Network -> Interfaces -> Edit Interface -> Advanced -> Create new “ Additional DHCP Options” and enter:

- Option Code: Specify

- Code: 121

- Value Type: Hexadecimal

- Value: 080AC0A8020110AC10C0A8020118C0A80FC0A80201