Technical Tip: Devices are unable to get an IP address from DHCP server

Connected devices are not able to get an IP address from DHCP server configured on FortiGate's interface and get the following error.

SC-FG100F # [debug]locate_network prhtype(1) pihtype(1)

[warn]Can't locate subnet in shared network of packet and packet is not a DHCPREQUEST and htype(1) != intf htype(1)..dropping

[debug]locate_network prhtype(1) pihtype(1)

This could be because vci-match is enabled and vci-string is configured on that interface’s DHCP server.

For example:

config system dhcp server

    edit 1

        set dns-service default

        set default-gateway 10.2.2.131

        set netmask 255.255.255.0

        set interface "port3"

            config ip-range

                edit 1

                    set start-ip 10.2.2.133

                    set end-ip 10.2.2.133

                    set vci-match enable

                    set vci-string "FortiSwitch"

                next

In this example, devices that match vci-string 'FortiSwitch' only would be able to connect otherwise will not get an IP.

The solution would be to either disable the vci-match or configure an appropriate vci-string.

config system dhcp server

    edit 1

        config ip-range

            edit 1

                set vci-match disable

        end

end

Related document:

VCI pattern matching for DHCP assignment