Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ted_barker
New Contributor

FGT6.4 DHCP PXE and multiple VCI-MATCH? e.g. vmware ESXI HTTP Boot

Hi,

 

I'm playing around with ESXi and FGT 6.4 and I wanted to do a PXE HTTP boot. But it requires to deliver 2 different files for the same machine. Here is the example config from VMware:

 

 

#

# ISC DHCPv6 server configuration file snippet. This is not a complete

# configuration file; see the ISC server documentation for details on

# how to configure the DHCP server.

#

allow booting;

allow bootp;

option client-system-arch code 93 = unsigned integer 16;

 

class "pxeclients" {

    match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";

    next-server xxx.xxx.xxx.xxx;

 

if option client-system-arch = 00:07 or option client-system-arch = 00:09 {

    if exists user-class and option user-class = "iPXE" {

             # Instruct iPXE to load mboot.efi as secondary bootloader

              filename = "mboot.efi";

        }

        else {

             # Load the snponly.efi configuration of iPXE as initial bootloader

             filename = "snponly.efi";

        }

    }

    else {

         filename "gpxelinux.0";

    }

}

 

Have not been able to achieve this with Fortigate.

 

I thought that I should be able to maybe achieve it with:

 

multiple dhcp server entries where

   set vci-match is disabled on one, i.e. last catch

       define all parameters

       interface internal

   set vci-match is Arch:00007

       only specify filename, netmask, same ip-range as for all others

       interface internal

   set vci-match is Arch:00009

       only specify filename, netmask, same ip-range as for all others

       interface internal

 

 

But my tests so far did not succeed. 

 

1) How does FGT handle multiple DHCP Server entries on the same interface?

 

I was able to configure multiple, but not sure if the order of the configuration is what counts, i.e. first-match wins.

dhcp server entries cannot be moved, only renamed, but that did not help

 

???

 

1 REPLY 1
ted_barker
New Contributor

2) not even sure if you could have multiple dhcp-server entries with different options with vci-match

 

Another DHCP server with the same subnet has already been created

object set operator error, -526 discard the setting

Command fail. Return code -526

 

It won't let you create a 2nd entry with the error message above. (even while the first entry was disabled)

 

 

Labels
Top Kudoed Authors