Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
vpatil
Staff
Staff

Created on ‎08-16-2024 06:32 AM Edited on ‎10-21-2024 03:27 AM By Community Manager

Article Id 333812

Troubleshooting Tip: DHCP failure on F series FortiAP (23xF, 43xF, 83xF)

Description This article describes how to minimize the DHCP failure rate on F series FortiAP (23xF, 43xF, 83xF).
Scope FortiAP (23xF, 43xF, 83xF) v7.2 and v7.4.
Solution
  1. 'klog' on the FortiAP should show DHCP Discover/Offer packets drop messages:


[852826.114363] [CWD_BMCS] cpu0 vap-11(wlan11): ftnt_wlan_bmcs dhcp discover xid 0809e673 ff:ff:ff:ff:ff:ff-00:50:15:14:1c:ea-0800 DROP...
[852829.054385] [CWD_BMCS] cpu0 vap-11(wlan11): ftnt_wlan_bmcs dhcp discover xid0809e673 ff:ff:ff:ff:ff:ff-00:50:15:14:1c:ea-0800 DROP...

 

  1. Potential fixes are added to the new FortiAP v7.4.3 GA. Therefore:
  • Upgrade FortiAPs to the new v7.4.3 build 0680 GA (upgrade in batches).
  • Enable 11ax on all radios in the FortiAP profile.
  • Apply BSS Color settings on all the SSIDs and the current FortiAP profile.


Note:

FortiAP radio will display the bss-color option only when 11ax is enabled in the FortiAP profile:

 

config wireless-controller wtp-profile
    edit <FortiAP-profile>
        config radio-1
            set bss-color-mode static
            set bss-color 10
        end

        config radio-2
            set bss-color-mode static
            set bss-color 10
        end
end


On all the SSIDs:


config wireless-controller vap
    edit <SSID>
        set bss-color-partial disable
end

 

  1. Thereafter, if the DHCP issue remains then validate if FortiAPs are on v7.4.3 GA and are BSS color settings applied in the latest FortiGate config.
  2. If the config is good then get fap-tech, klog, latest FortiGate config, Wireless OTA capture, and AP uplink port-mirror captures (applicable for Bridge SSID) in the problem state.

 

Note:

Collect Wireless OTA for either Open or WPA2-PSK SSIDs. Make sure the capture covers the fresh WiFi user association phase (starting Probe Req/Response). To decrypt WPA2-PSK captures, get the SSID Name and Passphrase.

 

  1. Other causes of the DHCP issue #0923964 are resolved on the new FortiAP v7.4.4 GA release:
    Resolved issues
  2. Last resort: Disable 11ax as a temporary workaround.
  3. If disabling 11ax on the FortiAP profile has not helped in resolving the DHCP issue then the cause of DHCP failure is most likely not related to FortiAP, instead, it can be an Infrastructure (FortiGate/DHCP Server/DHCP Relay) side issue.

 

Refer to the following KB articles links to debug DHCP issues on the FortiGate:

Technical Tip: Diagnosing DHCP on a FortiGate
Troubleshooting Tip: DHCP relay issue

 

1481
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.