I have FG 100 E, and I have it setup
DHCP Server
Address range 192.168.2.2-192.168.2.254
Netmask 255.255.255.0
is there something missing so that some devices sometimes can't get the IP address
Thanks.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi efelledi,
The key question is how many users and devices will access this interface over the course of 1 week?
At the moment you have set the “Lease Time” to 604800 seconds (7 days). That means that every device attaching to the interface will have an IP address reserved for the next 7 days.
So in your original config (subnet 255.255.255.0) you had 252 IP addresses available to be leased out.
If device number 253 tries connect to this interface over the course of a week (eg your phone) no addresses will be available to be leased out.
So Alex is right- you can make the subnet bigger if you need to allow for more devices.
Or if you only ever have a few guest devices that come and go each day with new devices the next make the lease time shorter to allow the IP addresses to be reused.
I would typically use a 4 hour lease time (14400 seconds). That’s enough for devices coming and going and the DHCP protocol doesn’t generate a lot of traffic.
If you don’t have a clear idea how many devices will use this interface I would make the lease time shorter anyway. 7 days is unusually long I think.
Hope that helps you.
Kind Regards,
Andy.
"Couldn't get IP address" in most cases it means that the pool of IPs is exhausted. The clients are probably not releasing the IPs, so this can happen even if you don't see 253 active users at the same time.
You can start by increasing the range of IPs that FortiGate can hand out to clients (starting with a /23), or lower the time these IPs are assigned.
If you want to troubleshoot the DHCP message exchange on the fortigate, you can run a packet capture filtered to ports 67 and 68 and/or a debug:
diag debug app dhcpd -1
diag debug enable
Hi AlexC
Thanks, please notice this IP what should i add.
Hi Efel,
Right now, your Address range in DHCP server has 253 IPs (.2 > .254)
If you change the IP mask to 255.255.254.0 you will double the number of available IPs in the DHCP range: 192.168.2.2 - 192.168.3.254
Make sure that this network doesn't overlap any other networks you may have on the FortiGate.
Dear AlexC
Is the change like this?
The answer is yes, but you should get the confidence to make these changes without asking on a public forum for such basic changes ;) In the worst case, you break something, then you will have to fix it and learn a lesson in the process.
I'm throwing this on the forum because on the ticket the response is slow and on the forum it's faster, that's normal with service
Hi efelledi,
The key question is how many users and devices will access this interface over the course of 1 week?
At the moment you have set the “Lease Time” to 604800 seconds (7 days). That means that every device attaching to the interface will have an IP address reserved for the next 7 days.
So in your original config (subnet 255.255.255.0) you had 252 IP addresses available to be leased out.
If device number 253 tries connect to this interface over the course of a week (eg your phone) no addresses will be available to be leased out.
So Alex is right- you can make the subnet bigger if you need to allow for more devices.
Or if you only ever have a few guest devices that come and go each day with new devices the next make the lease time shorter to allow the IP addresses to be reused.
I would typically use a 4 hour lease time (14400 seconds). That’s enough for devices coming and going and the DHCP protocol doesn’t generate a lot of traffic.
If you don’t have a clear idea how many devices will use this interface I would make the lease time shorter anyway. 7 days is unusually long I think.
Hope that helps you.
Kind Regards,
Andy.
Hi Andy,
Thank you, your advice really helped me.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.