I have used dchp lease-clear command and tried to reset the DHCP server on the FOrtinet but i am getting REMOVED DUE TO CONFLICT" on 90% of the IP addresses on the internal network!!!
I have rebooted everything but nothing works and only a handful of users are able to access the network.
What to do???
IP conflict only can happen if you' ve more than one dhcp server in the segment or
there' re NICs cards in the network segment wit pre-assigned IP numbers to same MAC address.
Did you define some ip-mac binding table in your FTG?
Could you post the output of cli commands:
show system dhcp server ??
show system dhcp reserved-address ??
Fortigate 100 # show system dhcp server
config system dhcp server
edit " Internal"
set default-gateway 10.0.10.11
set dns-server1 64.XXX.XX.XX
set dns-server2 64.XXX.XX.XX
set end-ip 10.0.10.254
set end-ip 10.0.10.77
set start-ip 10.0.10.76
set end-ip 10.0.10.102
set start-ip 10.0.10.100
set end-ip 10.0.10.124
set start-ip 10.0.10.123
set end-ip 10.0.10.202
set start-ip 10.0.10.201
Dont ask about the odd exclude ranges.....i was given this crazy setup....
We ere able to get something going by creating another DCHP server with different subnet, let clients connect to that....Requested the old DHCP server and clients conncted to that....
Only few conflicts....but keeping fingers crossed....Also say this in the DHCP address lease table:
10.0.10.119 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict
10.0.10.122 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict
10.0.10.128 00:1a:73:53:24:f6 Tue May 26 15:08:03 2009 Removed due to conflict
There were 100+ enties like this with the SAME MAC ADDRESS but different IP?????
we are checking that also.....Possibly the DHCP server just whacked out?
Have you tried to isolate the host that conflicting with the dhcp server ?
mac_addr 00:1a:73:53:24:f6 , falls back to some wireless manufacture. You might want to reverifies it' s configuration or isolate it into another lan segment. You might have a wireless client that' s screwed up and the wireless AP could be be proxying dhcp request for that client.
If not already already done - enable device detection on the internal interface (e.g. lan) then go into "User & Device->Device Inventory". (If needed, apply an "online" status filter.) You should be looking for any "unusual" devices connected to your network (e.g. 3rd party routers, Internet Connection sharing).
If the fgt is running a DHCP service for your internal devices - go into "Monitor->DHCP Monitor" and check for any errors (or conflicts) - compare the lease IPs against those found in "User & Device->Device Inventory".
I have only encountered this issue "IP Removed due to conflict...100+ entries like this with the SAME MAC ADDRESS but different IP" 1-2 times before, but never fully narrowed down the actual cause (due to only having remote access) and 3rd party on site non-technical support. We ended up enabling DHCP snooping on the network switch's switchports.
this might be caused due to a normal behavior and not from any error!
DHCP will trigger the DHCP Server to check whether adresses are available in the phase of offering. If you have a utilized DHCP pool and there are new clients requesting IP adresses - and the dhcp server does not know of already given out leases - it will ping an adress first before offering. The stated error message comes after 3 tries - then the dhcp server gives up trying to allocate an address.
You might have to reboot some devices a couple of times and wait for some time to have the DHCP server have full visibility over the pool utilization again.