FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
VThipparthi
Staff
Staff
Description This document describes steps to troubleshoot, if the clients are not getting IP address from bridged ssid. 
Scope FortiGate, all firmware.
Solution

Check if DHCP is enabled on the vlan interface that is configured as the bridge ssid.

 

VThipparthi_0-1658177827345.png

 

If yes, Run the following sniffer command:

  

   # diag sniffer packet <interfacename> 'port 67 or port 68' 4 0 l 

 

VThipparthi_1-1658177856273.png

 

In the above screen shot 'Test1' is the vlan interface name.

 

If there is no traffic seen, that means FortiGate is not receiving any discover packet from client.

If there is any switch in between, check if DHCP snooping is enabled on the switch.

 

If the switch is a FortiSwitch, try to add FortiGate interface as the trusted interfaces.

 

# config switch-controller managed-switch 

     edit <FortiSwitch_serial_number> 

       config ports 

          edit <port_name> 

            set dhcp-snooping {trusted | untrusted}

                       next

       end 

     next

  end 

Contributors