FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kaurs
Staff
Staff
Article Id 230320
Description This article gives information about the vci-match enable/disable option.
Scope FortiGate.
Solution

Connected devices are not able to get an IP address from DHCP server configured on FortiGate's interface and get the following error.

 

SC-FG100F # [debug]locate_network prhtype(1) pihtype(1)

[warn]Can't locate subnet in shared network of packet and packet is not a DHCPREQUEST and htype(1) != intf htype(1)..dropping

[debug]locate_network prhtype(1) pihtype(1)

 

This could be because vci-match is enabled and vci-string is configured on that interface’s DHCP server.

 

For example:

 

config system dhcp server

    edit 1

        set dns-service default

        set default-gateway 10.2.2.131

        set netmask 255.255.255.0

        set interface "port3"

            config ip-range

                edit 1

                    set start-ip 10.2.2.133

                    set end-ip 10.2.2.133

                    set vci-match enable

                    set vci-string "FortiSwitch"

                next

 

In this example, devices that match vci-string 'FortiSwitch' only would be able to connect otherwise will not get an IP.

 

The solution would be to either disable the vci-match or configure an appropriate vci-string.

 

config system dhcp server

    edit 1

        config ip-range

            edit 1

                set vci-match disable

        end

end

 

Related document:

VCI pattern matching for DHCP assignment