Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fwilliams
Staff
Staff

Created on ‎04-18-2024 07:50 AM

Article Id 310357

Troubleshooting Tip: DHCP Relay agent error 'can't find xitem. Drop the response'

Description

This article describes possible causes for the DHCP error 'can't find xitem, Drop the response' in DHCP relay implementation.
Scope FortiOS
Solution

DHCP is a client-server protocol for providing or assigning IP addresses (as well as other important configuration parameters) to a client.

The server and the client sit on the same broadcast domain since the DHCP discover message is a broadcast.

As a result, a DHCP relay is required in any implementation/environment where the DHCP client and the DHCP server sit on different broadcast domains. The relay, as the name suggests, serves as an intermediary between the client and the server.

 

The following takes place for a DHCP client to successfully get an IP assignment from a DHCP server:

 

  • The client sends a DHCP discover message/packet, since a client will not know the IP address of a DHCP server.
  • The DHCP server responds with a DHCP offer upon receiving the DHCP discover message/packet.
  • The client acknowledges the DHCP offer with a DHCP request packet/message (this effectively serves as a confirmation that the IP can be used in the offer message).
  • Lastly, the server finalizes the assignment with DHCP Ack (this serves as a go-ahead to use the IP address in the DHCP offer message/packet).

 

FortiOS uses xid & DHCP client MAC address to search for xitem.

If the MAC address in the DHCP discover message/packet (MAC address of the client seeking IP address assignment) is different from the MAC address in the DHCP offer packet (the MAC address the DHCP server is assigning an IP address to), this error will be visible or will become visible in the dhcp debug logs. See the example below:

 

(xid:0000001f) got a DHCPOFFER <- This is the offer packet from the DHCP server.

(xid:0000001f) from server 192.0.0.20 <- IP address of the DHCP server.

(xid:0000001f) Can't find xitem. Drop the response. <- FortiOS was unable to find xitem.

<- This is because the MAC address in the discover packet and that in the offer packet is NOT the same.

 

  1. Investigate why this is happening on the DHCP server.
  2. Collect PCAP on the DHCP server, note the MAC address in the discover packet from client, and compare it with the MAC in the offer from the DHCP server to client.
115
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.