Description
This article describes how FortiGate handles the DHCP Discover packets that have no 'end' option.
Scope
FortiGate.
Solution
According to RFC2131, 4.1, the last option must always be the 'end' option in DHCP packets.
But in some cases, there is no END option in the received packets (not compliant with the above RFC), as shown in the below packet captured:
Dynamic Host Configuration Protocol (Discover):
[Expert Info (Error/Protocol): End option missing]
[End option missing]
[Severity level: Error]
[Group: Protocol]
The default behavior in this case is to not reply to them (when FortiGate is the DHCP server) or to not forward such packets (to the DHCP server).
Starting with v7.4.4, FortiOS introduced the 'dhcp-relay-allow-no-end-option' command to support the DHCP packets where the End is not specified (end-option missing).
To change this option, the configuration is done through CLI:
config system interface
edit <Port_number>
set dhcp-relay-allow-no-end-option enable <----- Default is 'disable'.
next
end
