Skip to main content
jamestiberius
jamestiberius
Explorer
June 11, 2015
Solved

DHCP conflict issue

  • June 11, 2015
  • 4 replies
  • 14689 views

90d, running firmware 5.2

 

user complained today that they have been having issues with their outlook connection.

when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).

we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.

 

I look at DHCP Monitor, and I do not see any conflicts.

 

how do I troubleshoot this?  are their CLI commands I can use, how do I see history of DHCP conflicts?

 

    Best answer by Jeroen

    jamestiberius wrote:

    90d, running firmware 5.2

     

    user complained today that they have been having issues with their outlook connection.

    when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).

    we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.

     

    I look at DHCP Monitor, and I do not see any conflicts.

     

    how do I troubleshoot this?  are their CLI commands I can use, how do I see history of DHCP conflicts?

     

     

    You can monitor DHCP events under System events. You can also use the command: diagnose debug application dhcps -1

    To find a possible conflict.

     

    Hope this helps.

    4 replies

    Jeroen
    JeroenAnswer
    New Member
    June 12, 2015

    jamestiberius wrote:

    90d, running firmware 5.2

     

    user complained today that they have been having issues with their outlook connection.

    when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).

    we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.

     

    I look at DHCP Monitor, and I do not see any conflicts.

     

    how do I troubleshoot this?  are their CLI commands I can use, how do I see history of DHCP conflicts?

     

     

    You can monitor DHCP events under System events. You can also use the command: diagnose debug application dhcps -1

    To find a possible conflict.

     

    Hope this helps.

    jamestiberius
    jamestiberiusAuthor
    Explorer
    June 12, 2015

    thanks for that.

     

    so I ran "diagnose debug application dhcps -1 "

    and it did not return anything, no error, just blank line.

     

    so apparently according to the fortinet box I am not having duplicate IP address issues.

    tell that to the laptop.

    oy.

    Dave_Hall
    Dave_Hall
    New Member
    June 12, 2015

    Shut down the affected computer (keep it shutdown); either clear the arp table or reboot the fgt.  Wait about 5 mins then perform a ping to the affected IP address then perform a "get system arp" or "get system arp | grep <IP address>".  If there is a MAC Address showing up then there is a device configured for a static IP.  Otherwise there is likely a problem with the computer's network card/TCP stack, etc.  (e.g. try swapping out/in a new NIC.)  Other things to check for is a loop (but here should be other signs for that).  [strike]If the Fortigate has device monitoring/logging enabled, try disabling that[/strike].

     

    Edit: the above is just some quick and simple suggestions.

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    June 13, 2015

    hi,

     

    you did not see any messages probably because they were not enabled:

    diag deb enable

    prior to starting the application debug. Check that the DHCP server is actually running by connecting your notebook to the LAN, you should see the negotiations.

     

    To pinpoint that one IP address usage you could run the sniffer which will show you every conversation to and from that IP address:

    diag deb ena
    diag sniffer packet internal 'host 1.2.3.4' 6

    Now you can see

    - if the address is in use

    - find out by which device using the arp table

    - if not in use, see how it gets assigned to the host and if it is used afterwards

     

    Stop the sniffer by hitting Ctrl-C.

     

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    June 13, 2015

    @Dave:

    why not use the Device detection? The FGT is running v5.2. At least it shows in a nice GUI table the address and the MAC.

    Dave_Hall
    Dave_Hall
    New Member
    June 13, 2015

    ede_pfau wrote:

    @Dave:

    why not use the Device detection? The FGT is running v5.2. At least it shows in a nice GUI table the address and the MAC.

    A while back someone here reported similar weird DHCP/IP issue, but can't find that post now, so I strike that part out.  I think the solution in that was to disable the device detection.

    Dave_Hall
    Dave_Hall
    New Member
    June 13, 2015

    See this thread; try upgrading to 5.2.3.

    Terms & ConditionsAccessibility statement