Created on 08-23-2022 08:31 AM Edited on 08-23-2022 08:31 AM By Anonymous
|Description||The article describes the limitation on Applying DHCP-snooping on VLAN for 1XX series FortiSwitch|
|Scope||FortiSwitch 1XX series Switch version v6.x / v 7.x|
In these 1XX series switch, DHCP-snooping can only be enabled on 25 VLANS.
Additional VLAN with DHCP-snooping enabled won't be pushed until and unless the DHCP-snooping is disabled.
In scenarios of FortiSwitch managed by FortiGate, following error is seen when more than 25 VLANS with DHCP-snooping enabled is tried to push:
# execute switch-controller get-sync-status all
Managed-devices in current vdom root:
FortiLink interface : fortilink
S108EF59XXXXXXXX Up SyncError SyncError Idle
On FortiSwitch, If a user tries to enable DHCP-snooping on more than 25 VLANS following error is seen:
set dhcp-snooping enable
error locating available acl_id for VLAN 108
ACL-ID not available for VLAN 108
attribute set operator error, -9999, roll back the setting
Note: DHCP-snooping can be enabled on 25 VLANS but on the same switch more vlans (without DHCP-snooping) can be configured as per datasheet.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.