Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

Created on ‎06-21-2015 05:50 PM

how to give the ON-Net status to DHCP client via external DHCP server??

hello, fortinet and everyone...

I know using code 224 option sends S/N to DHCP client and make client using FCT keep On-Net status...

but it's good working only for dhcp server function with fortigate...

 

I'm using windows dhcp server...

the windows dhcp server does not send it to client during dhcp prcoess even if you added this option on DHCP Standard options by setting predefined options ....

the code 224 option is not dhcp standard option, it's just a private-use option...

my question is

how to send this option which belong to a set of vendor-specific extension to dhcp client???

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
Preview file
42 KB
22719
0 Kudos
18 REPLIES 18
Christopher_McMullan
Staff
Staff

Created on ‎06-22-2015 08:17 AM

The DHCP option 224 should work with Windows servers acting as a DHCP server. Which version is running - 2008 R2 or 2012? With 2012, you would enter the FortiGate S/N in regular text, but 2008 R2 requires you to enter it in hex.

Regards, Chris McMullan Fortinet Ottawa

5056
0 Kudos
storaid
Contributor
In response to Christopher_McMullan

Created on ‎06-22-2015 08:33 AM

Christopher McMullan_FTNT wrote:

The DHCP option 224 should work with Windows servers acting as a DHCP server. Which version is running - 2008 R2 or 2012? With 2012, you would enter the FortiGate S/N in regular text, but 2008 R2 requires you to enter it in hex.

OS: WINDOWS 2012...

"The DHCP option 224 should work with Windows servers acting as a DHCP server. "

option 224 is not standard option...

you sure the option 224 is included in the dhcp offer message for windows 2012???

"With 2012, you would enter the FortiGate S/N in regular text, but 2008 R2 requires you to enter it in hex."

I use the wireshark to check dhcp handshake...

I don't find option 224 was sent to the dhcp client...

 

for built-in dhcp server function with fortigate, I have confirmed this option was definitely sent to the client....

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
5056
0 Kudos
Christopher_McMullan
Staff
Staff

Created on ‎06-22-2015 11:32 AM

It's been a while since I had to define the Windows scope options myself, but...

 

In Server 2012 it should be possible this way:

Under the DHCP MSC, with the server name expanded, right-click on IPv4 and choose Set Predefined Options, and Add on the detail window. Add option 224 with an Option name like 'FGT' with a Byte value for Data Type. Then, back under Predefined Options, select DHCP Standard Options as the Option class, '224 FGT' as the Option name, and the S/N of the FortiGate as the string.

Regards, Chris McMullan Fortinet Ottawa

5056
0 Kudos
storaid
Contributor
In response to Christopher_McMullan

Created on ‎06-22-2015 12:47 PM

Christopher McMullan_FTNT wrote:

It's been a while since I had to define the Windows scope options myself, but...

 

In Server 2012 it should be possible this way:

Under the DHCP MSC, with the server name expanded, right-click on IPv4 and choose Set Predefined Options, and Add on the detail window. Add option 224 with an Option name like 'FGT' with a Byte value for Data Type. Then, back under Predefined Options, select DHCP Standard Options as the Option class, '224 FGT' as the Option name, and the S/N of the FortiGate as the string.

Sorry..

are you sure the data type is Byte????..

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
5058
0 Kudos
Christopher_McMullan
Staff
Staff

Created on ‎06-22-2015 01:17 PM

No, I'm not really sure, to be honest. I know the feature works. I was providing some best-effort steps to help configure the scope properly, but we're veering well into configuration details that are specific to Windows Server.

 

Is there no way you've found to work when configuring the option *roughly* the way I've described?

Regards, Chris McMullan Fortinet Ottawa

5058
0 Kudos
storaid
Contributor
In response to Christopher_McMullan

Created on ‎06-22-2015 01:30 PM

Christopher McMullan_FTNT wrote:

No, I'm not really sure, to be honest. I know the feature works. I was providing some best-effort steps to help configure the scope properly, but we're veering well into configuration details that are specific to Windows Server.

 

Is there no way you've found to work when configuring the option *roughly* the way I've described?

I don't know how can I input the string text for Byte type????

 

 

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
Preview file
9 KB
5058
0 Kudos
storaid
Contributor

Created on ‎06-22-2015 03:22 PM

well, looks like the problem is windows dhcp server does not send all otpions..

most solutions I found is using option 43 VCI to write additional messages...

but it is useless for my case...

now this problem kicks my ass..:(

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
5058
0 Kudos
Christopher_McMullan
Staff
Staff

Created on ‎06-23-2015 08:12 AM

Try adding the option as type String instead of Byte.

Regards, Chris McMullan Fortinet Ottawa

5058
0 Kudos
storaid
Contributor
In response to Christopher_McMullan

Created on ‎06-23-2015 08:44 AM

Christopher McMullan_FTNT wrote:

Try adding the option as type String instead of Byte.

yesterday I have tried it as your mentioned...

but I don't think that's a problem...

the problem is windows dhcp server does not send all options I added....

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
5058
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.