Here are some tips for configuring these parameters properly as it is not entirely obvious. The example I am using is to point some VoIP phones to an IP PBX.
Also see RFC2131 for the official DHCP definition.
Address info:
- Firewall IP: 192.168.1.1
- TFTP Host Name (IP PBX): 192.168.1.10
- NTP Server: 192.168.1.20
- Phone IP Range: 192.168.1.100 - 192.168.1.200
- FTP Username: user1 (this is for the phone to login to the IP PBX)
- FTP Password: password1
- Browse to System -> DHCP and create or modify an appropriate DHCP scope
- Name: VoIP_Phone_Scope
- IP Range: 192.168.1.100 - 192.168.1.200
- Network Mask: 255.255.255.0
- Default Gateway: 192.168.1.1
- Domain: example.com
- Click the Advanced button to expand your available options
- IP Assignment Mode: Server IP Range
- DNS Server 1:
- Option 1: Code = 42, Option = C0A80114
- This defines the NTP Time Server (Option 42) as 192.168.1.20 (192=C0, 168=A8,1=01,20=14 in hex). You can use the Windows Calculator in scientific mode to do the decimal to hex conversion if you don't do dec to hex in your head :)
- Option 2: Code = 66, Option = 6674703a2f2f75736572313a70617373776f726431403139322e3136382e312e3130
You can also accomplish the above tasks via the CLI:
- config system dhcp server
- edit "dhcp scope name"
- set option 1 42 C0A80114
- set option 2 66 6674703a2f2f75736572313a70617373776f726431403139322e3136382e312e3130
- end
Er.. isn't 168 A8, not A0?
ReplyDeleteOf course it is .. isn't that what it says? ;) (Yeah yeah .. I fixed it)
ReplyDeleteThanks, very helpful. The string value I needed to use was also shown with "quotes" but I had to remove the quotes when I converted to HEX. I had never done this before, so that was not obvious to me.
ReplyDeletehi
ReplyDeleteI hope you can help me.
Im tring to get send my ip phone the address of my NTP server so i have created a option 4 and and converted the ip address to hex the problem is that the ip address that the ip phone get is not the ip address the i converted to hex
hex code"
31302e35372e302e31"
ip address 10.57.0.1
for NTP do i just uses the ip adress or should i be useing a different formate?
never mind I have just seen what i was doing wrong
ReplyDeleteThanks man!
ReplyDeleteIs there any way to add more than 3 options? I'm using MS Lync and it needs 7 options added.
ReplyDeleteJust wondering if anyone has tried using an MS Server DHCP scope and option 138 to dynamically configure a FortiAP?
ReplyDeleteMy customer has a remote network with DHCP relay to a central server (Windows 2k3), so configuring the Hex option 138 on the FortiGate is not an option. Once would assume that a 'string' type is configured on the MS DHCP scope, but the AP doesn't seem to work with this...
Keen to hear some feedback on this...
Hi there,
ReplyDeleteThis works for me:
C:\WINDOWS\system32>netsh
netsh>dhcp
netsh dhcp>server \\
netsh dhcp>add optiondef 138 Capwap IPADDRESS 1 comment=CAPWAP
netsh dhcp>set optionvalue 138 IPADDRESS 10.66.66.10 10.222.222.10
netsh dhcp>exit
your ip addresses will obviously be different. ;)
enjoy
Sebastian you are my new Hero...nowhere in the Fortinet site could I find information regarding "invalid input option"
ReplyDeleteMany Thanks my friend....
Happy to help "Bubba" :)
ReplyDeleteSo how does one know when to use the string versus digit value for the IP address? Example above, it is digit value on option 42, but string on 66.
ReplyDeleteJohn Ward, Awesome answer buddy, it worked perfectly. Muddled through context a little, but in the end I have an option 138 on my win2k8 server. Thanks man!
ReplyDeleteThis comment has been removed by the author.
ReplyDelete