Skip to content

DHCP Option 43 on a Fortigate

2014 Februar 28
Kommentare deaktiviert für DHCP Option 43 on a Fortigate
by 0x002

We all know, that DHCP-Servers can provide more options than just an IP and a default-gateway. Especially if it comes to VoIP-phones, you have send a ton of configuration stuff to the phones – mostly through DHCP-options.
I recently struggled with this situation. We had a customer who got new Aastra VoIP-Phones, and no dhcp-server on site, so the Fortigate 60C Firewall had to play DHCP-Server. I knew from previous projects, that DHCP-Options on the Fortigate need to be entered as a HEX-string. As long as you send just one information (e.g. just an ip), there’s nothing too complicated about that, and its well documented by fortinet.
But if it comes to DHCP option 43, things get serious. Option 43 are the „vendor specific options“, and as you can see from the name, it’s written optionS, plural. This means, you can encapsulate multiple options, in one option 43 string. This is (somehow) documented in RFC2132, but i needed some additional time to adapt this so it worked with fortigate. Hopefully this helps someone in the same situation.

So how did it work. Let’s say, you have three options to encapsulate. Every option has his own option-code, a specific length, and a value:

  • PBX_ADDRESS, Code 03, Length 4 (Byte), Data
  • VLAN_PRIO, Code 07, Length 1, Data 5
  • VLAN_ID, Code 08, Length 2, Data 20

The syntax for the option 43 string is like this:


So our string has to be:


The fortigate wants everything in HEX, so we convert each value. (Note that you have to convert the ip octet by octet, and leave away the dots)


Put this all together, and you have the complete string which you can enter in the DHCP-config on your fortigate:

config system dhcp server
edit 1
set auto-configuration disable
set default-gateway
set interface "voip"
config ip-range
edit 1
set end-ip
set start-ip
set netmask
set option1 43 '0304C0A8860A07010508020014'

As soon as you get the pattern, it’s not as complicated as ist seems to be in the beginning.

Rsync like a pro over SSH

2012 Januar 14
Kommentare deaktiviert für Rsync like a pro over SSH
by 0x001

Just in case you need to transfer data from a server to your machine via rsync over ssh:

$ rsync -avz –partial –progress –human-readable -e ssh remoteuser@remotehost:/remote/dir /local/dir/

a : archive mode
v : verbose
z : compress
partial : keep partial transferred files
progress : show progress during transfer
human-readable : output numbers in a human-readable format
e : remote shell

Instead of –partial –progress you can use -P which will be the same.

Daily Scrum

2011 November 21
Kommentare deaktiviert für Daily Scrum
by 0x001

Sounds so familiar!


2011 August 25
Kommentare deaktiviert für STEVE, STEVE, STEVE….
by 0x001

Beyond all the noise caused by the resignment of Steve Jobs i found a great short read about this over at Faronheit.

To be perfectly clear though, we have no real idea how much influence Jobs had over the creation of these devices, except to look at them, decide they were worthy of the Apple name, and then showing up at a big tech conference to unveil them. I’d like to think there’s a team of people that invented the iPod and that Jobs was the guy soaking up all the credit.

cmus – console music player

2011 August 24
Kommentare deaktiviert für cmus – console music player
by 0x001

If i had to tell which „program“ i use most during my workdays i have to confess that it is the console.

As i work often on remote machines i’m quite familiar with vi. If you get familiar with vi commands you won’t miss them. So i try to have as much of my applications available by command line. So is cmus – the console music player.

if you want to use cmus on a osx, you can install it using brew

just fire:

brew update && brew install cmus

IOS: Default Interface

2011 Juli 25
Kommentare deaktiviert für IOS: Default Interface
by 0x002

What are you doing if you’re cleaning a cisco switch and remove some connections? You delete the configuration on every interface. Description, some vlan or trunk settings, speed, duplex, port-channel… doesn’t need much and you have a lot to delete on that interface. No big deal if you clean just two or three interfaces. But if you clean about 50 interfaces, with 4-8 commands on every interface… i guess you can calculate…
I had to do this today… and luckily i found the ‚default interface‘ command.

switch(config)# default interface giga 1/0/10
Interface GigabitEthernet 1/0/10 set to default configuration

It just deletes every command on the specified interface, and sets it to default. I’m working everyday on cisco devices, and never came to the idea to find an easyier way to clean interfaces. I guess the pain wasn’t big enough.

Puppet : Moving from Webrick to Passenger for scaling reasons

2011 Mai 13
Kommentare deaktiviert für Puppet : Moving from Webrick to Passenger for scaling reasons
by 0x001

I found an interesting part about Scaling Puppet on the Puppet documentation itself.

WEBrick, the default web server used to enable Puppet’s web services connectivity, is essentially a reference implementation, and becomes unreliable beyond about ten managed nodes.

Next i will try to move my Puppet Testserver from WEBrick to Passenger. See the Documentation for more Information.

MySQL : Dump structure or data only on commandline

2011 Mai 9
by 0x001

I had to dump the structure or the data only from an entire database. After some searching around i found an very easy approach for doing each, dumping only the data or only the structure of a database to a file.

Dump only the Data:
mysqldump --skip-triggers --compact --no-create-info databasename > dumpfile.sql

Dump only the Structure:
mysqldump -d databasename > dumpfile.sql

Have a nice day



Printer Hacking 101 – Reset your Toner Counter

2011 Mai 7
Kommentare deaktiviert für Printer Hacking 101 – Reset your Toner Counter
tags: ,
by 0x001

I use a HP HL-4050CDN Colour Laser Printer for my own. Recently i wanted to print a B/W sheet of paper and the printer came up with the red warning display saying that i have to change some toner cardriges for printing any further.

Hence i don’t like the dictatorship of my printer i searched around the internet and found andrews blog which shows to reset the toner counts *sweet*!.

  1. With power on, open the toner access main door. You will get a “Cover is Open” message on the LCD.
  2. Press the “Clear/Back” button and you will be taken to the toner “Reset Menu” UPDATE: Try to Hold Cancel and Reprint Button
  3. You can then scroll through the reset options for the printer’s toner cartridges:
    • B.TNR-S – Black toner small cartridge (TN-110)
    • B.TNR-H – Black toner high-capacity cartridge (TN-115)
    • C.TNR-S – Cyan toner small cartridge (TN-110)
    • C.TNR-H – Cyan toner high-capacity cartridge (TN-115)
    • M.TNR-S – Magenta toner small cartridge (TN-110)
    • M.TNR-H – Magenta toner high-capacity cartridge (TN-115)
    • Y.TNR-S – Yellow toner small cartridge (TN-110)
    • Y.TNR-H – Yellow toner high-capacity cartridge (TN-115)
  4. Select the cartridge size you have and the colour you want to reset, and press OK. Since I had small cartridges, I used the S options for all three colours.
  5. Each cartridge must be reset individually. Press “1″ to reset.
  6. Press “Clear/Back” to get out of the menu, then close the door.

If you want to go the real deal way just get a letter scale and weight the „empty“ cartridge. According to a commenter on the original blogpost an empty cartridge has exactly 605 grammes.

Well this made my saturday and also saving me spending some serious amounts of money on new toner cartridges.

Security in Google Datacenters

2011 April 27
Kommentare deaktiviert für Security in Google Datacenters
by 0x002

We already posted a video about the technique in Googles datacenters last september. Now google released a pretty interesting video about the security in their datacenters. Not only the logical security, but also the physical security. I want that harddrive-shredder too!