Topology.

The issue may arise in a topology where a FortiGate is connected to an MC-LAG, which is further connected to a switch on the printer's VLAN. In certain configurations, an unmanaged switch or a printer may be directly connected to the switch.

Observations:

• The DHCP snooping might be disabled for the problematic VLAN.
• The problem may persist even if the unmanaged switch is replaced with another FSW.
• Directly connecting a host to the mentioned switch can reproduce the problem.

Further findings.

On checking the MAC addresses on various switches, the printer's MAC address can be located on VLAN 4039, both in the MC-LAG switch and the designated switch. Extra blank lines in the switch's output might be observed, the cause of which is currently unknown.

Possible solutions.

1. Switch Reboot: A common troubleshooting step is to reboot the switch. However, this might not always resolve the problem.

2. MC-LAG Configuration: There could be issues with MC-LAG configuration. Errors such as 'ISL timing-out for trunk' might be observed. This indicates issues with the Inter-Switch Link (ISL) not receiving packets within a given timeframe.

3. LLDP Profile Modification: Changing the LLDP profile on tier1 MCLAG-ICL ports to 'default-auto-mclag-icl' and setting FortiLink detection to LLDP (from the default FortiLink) might resolve the issue. Clearing out old trunks can also be beneficial.

4. InterVlan Blocking: Disabling 'interVlan blocking' on the VLANs might help in some cases, but it is necessary to ensure this doesn't introduce security concerns in the network.

Recommendations.

If the DHCP issue described is experienced:

1. Review the MC-LAG configurations, especially any settings related to ISL.
2. Experiment with changing the LLDP profile settings.
3. Temporarily disable 'interVlan blocking' on the VLANs to determine if this resolves the issue. If it does, ensure users understand the security implications and consult relevant documentation or support for alternative configurations.