Thursday, February 25, 2010

Custom DHCP Options in FortiSpeak

Sometimes it is useful to configure certain custom DHCP options in your DHCP scopes. For example to point your clients to a network time server you use DHCP option 42. Also custom DHCP options are typically used for VoIP phones to find their softswitch.

Here are some tips for configuring these parameters properly as it is not entirely obvious. The example I am using is to point some VoIP phones to an IP PBX.
Also see RFC2131 for the official DHCP definition.

Address info:
  • Firewall IP:
  • TFTP Host Name (IP PBX):
  • NTP Server:
  • Phone IP Range: -
  • FTP Username: user1 (this is for the phone to login to the IP PBX)
  • FTP Password: password1

  • Browse to System -> DHCP and create or modify an appropriate DHCP scope
  • Name: VoIP_Phone_Scope
  • IP Range: -
  • Network Mask:
  • Default Gateway:
  • Domain:
  • Click the Advanced button to expand your available options
  • IP Assignment Mode: Server IP Range
  • DNS Server 1:
Now for the fun part, defining the custom options.
  • Option 1: Code = 42, Option = C0A80114
  • This defines the NTP Time Server (Option 42) as (192=C0, 168=A8,1=01,20=14 in hex). You can use the Windows Calculator in scientific mode to do the decimal to hex conversion if you don't do dec to hex in your head :)
  • Option 2: Code = 66, Option = 6674703a2f2f75736572313a70617373776f726431403139322e3136382e312e3130
How do you get this value for option 66? Simply take this string "ftp://user1:password1@" which is what you need to send to the phone and run it through an ASCII to HEX converter, such as Remove any %s or :s from the output and you get the correct hex string.

You can also accomplish the above tasks via the CLI:
  • config system dhcp server
  • edit "dhcp scope name"
  • set option 1 42 C0A80114
  • set option 2 66 6674703a2f2f75736572313a70617373776f726431403139322e3136382e312e3130
  • end

Software Updates

  • 4.0 MR1 Patch 3, Build 194

  • 4.0 MR1 Patch 3, Build 130

  • 4.0 MR1 Patch 3, Build 224