How to configure DHCP options to include SIADDR(next server IP address) in DHCP offer

How to configure DHCP options to include SIADDR(next server IP address) in DHCP offer

25551
Created On 09/17/19 05:56 AM - Last Modified 12/16/22 00:23 AM


Objective


  • Configure Palo Alto Networks firewall DHCP server to include the next server IP address SIADDR field along with SNAME and FNAME fields for IP phones/PXE with option 66.
  • This will enable the IP phone clients to get the information about TFTP server to continue the boot process.

Environment


  • PXE/IP-Phones obtaining IP address from DHCP server configured on Palo Alto Strata Firewall.
  • Palo Alto NGFW
  • PAN-OS 9.1 and above. 

Procedure


Following DHCP options needs to be configured to make firewall include required information.

  1. DHCP Option 150 (TFTP Server Address) corresponds to SIADDR (first IP address) > Option Type IP Address > Value = TFTP IP Address and

  2. DHCP Option 66 (TFTP Server Name) corresponds to SNAME > Option Type ASCII > Value = TFTP Server Hostname

  3. DHCP Option 67 (Boot File Name) corresponds to FNAME > Option type ASCII > Value = Boot File Name

Below is the screenshot of how the option looks like in capture.
User-added image

Additional Information


If the DHCP server is configured only with option 150 and 66, Firewall does not include the SIADDR information. Option 67 should also be configured to make sure the firewall populates the SIADDR info in DHCP offer/ack packets.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000HAD6CAO&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language