option of DHCP

Tecnologie · ‎08-03-2012

hello everybody, before installed FortiGate 110c where was a pfsense firewall that managed dhcp in " particolary mode" , in fact 1 port of firewall was a gateway for ip-phone switchboard and propagateted not only ip address (and gateway and dns..) but some other information in particolary, tftp server (the ip of switchboard) and id-vlan . Now with FortiGate I can' t recreate the same configuration. Is there possibility to increase the DHCP options? (i find something about helper address); or in other case, no one configure FortiGate for manager ip phone.. what can you do? Thanks Mirko

ddskier · ‎08-03-2012

Mirko, Sorry I' m not exactly sure what you are asking here. The firewall DHCP server does have a couple of options for you to set. See example below: config system dhcp server edit 1 set default-gateway x.x.x.x set interface " port3" config ip-range edit 1 set end-ip x.x.x.x set start-ip x.x.x.x next end set lease-time 14400 set netmask 255.255.255.0 set option1 43 ' xxxxxxxxxx' set option2 60 ' xxxxxxxxxx' set dns-server1 x.x.x.x next end

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

ede_pfau · ‎08-03-2012

option 42 is the NTP server to use. option 66 or opt. 128 should be TFTP server. source: http://www.networksorcery.com/enp/protocol/bootp/options.htm Note that all option values = IP addresses are given in Hex! Whereas the option # is in decimal.

Ede Kernel panic: Aiee, killing interrupt handler!

Tecnologie · ‎08-07-2012

You are fantastic, thank you very very much!! I found the configuration of pfsense: <dhcpd> <lan> <range> <from>10.98.10.10</from> <to>10.98.10.100</to> </range> <defaultleasetime/> <maxleasetime/> <netmask/> <failover_peerip/> <gateway/> <ddnsdomain/> <next-server/> <filename/> </lan> <opt2> <range> <from>172.16.0.50</from> <to>172.16.0.150</to> </range> <defaultleasetime/> <maxleasetime/> <netmask/> <failover_peerip/> <gateway>172.16.0.1</gateway> <ddnsdomain/> <next-server>172.16.0.10</next-server> <filename>xa000001</filename> <options> <tftp-server-name>172.16.0.10</tftp-server-name> </options> <enable/> <netboot/> </opt2> </dhcpd> Now I try, but my client is in holiday for some day so I don' t know when I have reply. In any case what do you think if I use: ' option1 52 2' (because says " This option (66) is used to identify a TFTP server when the ' sname' field in the DHCP header has been used for DHCP options.) ' option2 66 AC10000A' (172.16.0.10 = AC10000A) Thanks Mirko

Tecnologie · ‎08-07-2012

Oh no sorry there isn' t indented..sorry

ede_pfau · ‎08-07-2012

a) I don' t think you need to signal ' option overload' as option1, option2 are standard option fields. But you may try to leave it as it is. b) in option2, you forgot the ' length' field -> option2 66 4 AC10000A c) it might be that the AC10000A must be given in quotes -> " AC10000A" Here' s a document describing option 66 for the setup of various phone models: http://www.3cx.com/sip-phones/DHCP-option-66.html

Ede Kernel panic: Aiee, killing interrupt handler!

Tecnologie · ‎08-07-2012

Thanks again. I tried, I simply used *image* but.. no good, on display of phone, started " auto-configuration" of 5 step but after 3 step appear an error " no tftp response" . Phone is Alcatel. any other suggested?

Tecnologie · ‎08-20-2012

Sorry, no one use Alcatel Phone and/or set Dhcp of Fortigate, with option tftp server? Thanks Mirko

FortiRack_Eric · ‎08-20-2012

Did you sniff the packets? Is there really no tftp response? The fortigate DCHP options work as a charm with both sip phones as sun thin clients. Not a prop. Cheers, Eric

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

Tecnologie · ‎08-20-2012

thanks for reply, no I didn' t sniff and I dont' know the option of dhcp.. I hoped to find someone that use this kind of " telephone system" for " compare" the option..