90d, running firmware 5.2
user complained today that they have been having issues with their outlook connection.
when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).
we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.
I look at DHCP Monitor, and I do not see any conflicts.
how do I troubleshoot this? are their CLI commands I can use, how do I see history of DHCP conflicts?
Solved! Go to Solution.
jamestiberius wrote:90d, running firmware 5.2
user complained today that they have been having issues with their outlook connection.
when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).
we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.
I look at DHCP Monitor, and I do not see any conflicts.
how do I troubleshoot this? are their CLI commands I can use, how do I see history of DHCP conflicts?
You can monitor DHCP events under System events. You can also use the command: diagnose debug application dhcps -1
To find a possible conflict.
Hope this helps.
jamestiberius wrote:90d, running firmware 5.2
user complained today that they have been having issues with their outlook connection.
when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).
we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.
I look at DHCP Monitor, and I do not see any conflicts.
how do I troubleshoot this? are their CLI commands I can use, how do I see history of DHCP conflicts?
You can monitor DHCP events under System events. You can also use the command: diagnose debug application dhcps -1
To find a possible conflict.
Hope this helps.
thanks for that.
so I ran "diagnose debug application dhcps -1 "
and it did not return anything, no error, just blank line.
so apparently according to the fortinet box I am not having duplicate IP address issues.
tell that to the laptop.
oy.
Shut down the affected computer (keep it shutdown); either clear the arp table or reboot the fgt. Wait about 5 mins then perform a ping to the affected IP address then perform a "get system arp" or "get system arp | grep <IP address>". If there is a MAC Address showing up then there is a device configured for a static IP. Otherwise there is likely a problem with the computer's network card/TCP stack, etc. (e.g. try swapping out/in a new NIC.) Other things to check for is a loop (but here should be other signs for that). [strike]If the Fortigate has device monitoring/logging enabled, try disabling that[/strike].
Edit: the above is just some quick and simple suggestions.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
hi,
you did not see any messages probably because they were not enabled:
diag deb enable
prior to starting the application debug. Check that the DHCP server is actually running by connecting your notebook to the LAN, you should see the negotiations.
To pinpoint that one IP address usage you could run the sniffer which will show you every conversation to and from that IP address:
diag deb ena
diag sniffer packet internal 'host 1.2.3.4' 6
Now you can see
- if the address is in use
- find out by which device using the arp table
- if not in use, see how it gets assigned to the host and if it is used afterwards
Stop the sniffer by hitting Ctrl-C.
@Dave:
why not use the Device detection? The FGT is running v5.2. At least it shows in a nice GUI table the address and the MAC.
ede_pfau wrote:@Dave:
why not use the Device detection? The FGT is running v5.2. At least it shows in a nice GUI table the address and the MAC.
A while back someone here reported similar weird DHCP/IP issue, but can't find that post now, so I strike that part out. I think the solution in that was to disable the device detection.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
See this thread; try upgrading to 5.2.3.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.