Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
40User
New Contributor

Urgent! DHCP issue-" removed due to conflict"

Please help! I have used dchp lease-clear command and tried to reset the DHCP server on the FOrtinet but i am getting REMOVED DUE TO CONFLICT" on 90% of the IP addresses on the internal network!!! I have rebooted everything but nothing works and only a handful of users are able to access the network. What to do???
9 REPLIES 9
40User
New Contributor

...running out of options...i have plugged in a diffrent fortinet and set up a new DHCP server (same subnet) still having major issues with IP conflicts... help!
abelio
Valued Contributor

IP conflict only can happen if you' ve more than one dhcp server in the segment or there' re NICs cards in the network segment wit pre-assigned IP numbers to same MAC address. Did you define some ip-mac binding table in your FTG? Could you post the output of cli commands: show system dhcp server ?? and show system dhcp reserved-address ??

regards


__ Abel

40User
New Contributor


Fortigate 100 # show system dhcp server config system dhcp server edit " Internal" set default-gateway 10.0.10.11 set dns-server1 64.XXX.XX.XX set dns-server2 64.XXX.XX.XX set end-ip 10.0.10.254 config exclude-range edit 1 set end-ip 10.0.10.77 set start-ip 10.0.10.76 next edit 2 set end-ip 10.0.10.102 set start-ip 10.0.10.100 next edit 3 set end-ip 10.0.10.124 set start-ip 10.0.10.123 next edit 4 set end-ip 10.0.10.202 set start-ip 10.0.10.201 next end --More-- Dont ask about the odd exclude ranges.....i was given this crazy setup.... We ere able to get something going by creating another DCHP server with different subnet, let clients connect to that....Requested the old DHCP server and clients conncted to that.... Only few conflicts....but keeping fingers crossed....Also say this in the DHCP address lease table: 10.0.10.119 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict 10.0.10.122 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict 10.0.10.128 00:1a:73:53:24:f6 Tue May 26 15:08:03 2009 Removed due to conflict There were 100+ enties like this with the SAME MAC ADDRESS but different IP????? we are checking that also.....Possibly the DHCP server just whacked out?
emnoc
Esteemed Contributor III

00:1a:73:53:24:f6
Have you tried to isolate the host that conflicting with the dhcp server ? mac_addr 00:1a:73:53:24:f6 , falls back to some wireless manufacture. You might want to reverifies it' s configuration or isolate it into another lan segment. You might have a wireless client that' s screwed up and the wireless AP could be be proxying dhcp request for that client.

PCNSE 

NSE 

StrongSwan  

Fabro83
New Contributor

Hi! I have the same problem! Could you find a solution?

yuj_FTNT
Staff
Staff

one thing you can do is to check if there is any other DHCP server running on your network.

first turn off DHCP on the Fortigate.

you can capture packets from a PC using wireshark and see if there are any DHCP packets coming from another device. (filter with BOOTP protocol on wireshark)

 

Dave_Hall
Honored Contributor

@Fabricio

 

If not already already done - enable device detection on the internal interface (e.g. lan) then go into "User & Device->Device Inventory".  (If needed, apply an "online" status filter.)  You should be looking for any "unusual" devices connected to your network (e.g. 3rd party routers, Internet Connection sharing). 

 

If the fgt is running a DHCP service for your internal devices - go into "Monitor->DHCP Monitor" and check for any errors (or conflicts) - compare the lease IPs against those found in "User & Device->Device Inventory".  

 

I have only encountered this issue "IP Removed due to conflict...100+ entries like this with the SAME MAC ADDRESS but different IP" 1-2 times before, but never fully narrowed down the actual cause (due to only having remote access) and 3rd party on site non-technical support.  We ended up enabling DHCP snooping on the network switch's switchports.  

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ede_pfau
Esteemed Contributor III

You could as well use the built-in sniffer to detect DHCP offers on the LAN port:

diag deb ena

diag sniffer packet port1 'udp and (port 67 or port 68)' 4

 

and see if some instance offers a DHCP lease. This would give you a MAC address to chase for.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
romanr
Valued Contributor

Hi,

 

this might be caused due to a normal behavior and not from any error!

 

DHCP will trigger the DHCP Server to check whether adresses are available in the phase of offering.  If you have a utilized DHCP pool and there are new clients requesting IP adresses - and the dhcp server does not know of already given out leases - it will ping an adress first before offering. The stated error message comes after 3 tries - then the dhcp server gives up trying to allocate an address.

 

You might have to reboot some devices a couple of times and wait for some time to have the DHCP server have full visibility over the pool utilization again.

 

Br,

Roman