The history of DHCP and DHCP options traces back to the Bootstrap Protocol (BOOTP). BOOTP was used by a host to configure itself dynamically during its booting procedure. A host could receive an IP address and a file from which to download a boot program from a server, along with the server’s address and the address of an Internet gateway.
Included in the BOOTP packet was a vendor information field, which could contain a number of tagged fields containing various types of information, such as the subnet mask, the BOOTP file size, and many other values. RFC 1497 describes the BOOTP Vendor Information Extensions. DHCP replaces BOOTP; BOOTP is not supported on the firewall.
These extensions eventually expanded with the use of DHCP and DHCP host configuration parameters, also known as options. Similar to vendor extensions, DHCP options are tagged data items that provide information to a DHCP client. The options are sent in a variable-length field at the end of a DHCP message. For example, the DHCP Message Type is option 53, and a value of 1 indicates the DHCPDISCOVER message. DHCP options are defined in RFC 2132, DHCP Options and BOOTP Vendor Extensions.
A DHCP client can negotiate with the server, limiting the server to send only those options that the client requests.
Predefined DHCP Options
Palo Alto Networks firewalls support user-defined and predefined DHCP options in the DHCP server implementation. Such options are configured on the DHCP server and sent to the clients that sent a DHCPREQUEST to the server. The clients are said to inherit and implement the options that they are programmed to accept.
The firewall supports the following predefined options on its DHCP servers, shown in the order in which they appear on the DHCP Server configuration screen:
DHCP Option DHCP Option Name
51 Lease duration
3 Gateway
1 IP Pool Subnet (mask)
6 Domain Name System (DNS) server address (primary and secondary)
44 Windows Internet Name Service (WINS) server address (primary and secondary)
41 Network Information Service (NIS) server address (primary and secondary)
42 Network Time Protocol (NTP) server address (primary and secondary)
70 Post Office Protocol Version 3 (POP3) server address
69 Simple Mail Transfer Protocol (SMTP) server address
15 DNS suffix
As mentioned, you can also configure vendor-specific and customized options, which support a wide variety of office equipment, such as IP phones and wireless infrastructure devices. Each option code supports multiple values, which can be IP address, ASCII, or hexadecimal format. With the firewall enhanced DCHP option support, branch offices do not need to purchase and manage their own DHCP servers in order to provide vendor-specific and customized options to DHCP clients.
Multiple Values for a DHCP Option
You can enter multiple option values for an Option Code with the same Option Name, but all values for a particular code and name combination must be the same type (IP address, ASCII, or hexadecimal). If one type is inherited or entered, and later a different type is entered for the same code and name combination, the second type will overwrite the first type.
You can enter an Option Code more than once by using a different Option Name. In this case, the Option Type for the Option Code can differ among the multiple option names. For example, if option Coastal Server (option code 6) is configured with IP address type, option Server XYZ (option code 6) with ASCII type is also allowed.
The firewall sends multiple values for an option (strung together) to a client in order from top to bottom. Therefore, when entering multiple values for an option, enter the values in the order of preference, or else move the options to achieve your preferred order in the list. The order of options in the firewall configuration determines the order that the options appear in DHCPOFFER and DHCPACK messages.
You can enter an option code that already exists as a predefined option code, and the customized option code will override the predefined DHCP option; the firewall issues a warning.
DHCP Options 43, 55, and 60 and Other Customized Options
The following table describes the option behavior for several options described in RFC 2132.
Option Code Option Name Option Description/Behavior
43 Vendor Specific Information Sent from server to client. Vendor-specific information that the DHCP server has been configured to offer to the client. The information is sent to the client only if the server has a Vendor Class Identifier (VCI) in its table that matches the VCI in the client’s DHCPREQUEST. An Option 43 packet can contain multiple vendor-specific pieces of information. It can also include encapsulated, vendor-specific extensions of data.
55 Parameter Request List Sent from client to server. List of configuration parameters (option codes) that a DHCP client is requesting, possibly in order of the client’s preference. The server tries to respond with options in the same order.
60 Vendor Class Identifier (VCI) Sent from client to server. Vendor type and configuration of a DHCP client. The DHCP client sends option code 60 in a DHCPREQUEST to the DHCP server. When the server receives option 60, it sees the VCI, finds the matching VCI in its own table, and then it returns option 43 with the value (that corresponds to the VCI), thereby relaying vendor-specific information to the correct client. Both the client and server have knowledge of the VCI.
You can send custom, vendor-specific option codes that are not defined in RFC 2132. The option codes can be in the range 1-254 and of fixed or variable length.
Custom DHCP options are not validated by the DHCP Server; you must ensure that you enter correct values for the options you create.
For ASCII and hexadecimal DHCP option types, the option value can be a maximum of 255 octets.

Related Documentation