Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jamestiberius
New Contributor II

DHCP conflict issue

90d, running firmware 5.2

 

user complained today that they have been having issues with their outlook connection.

when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).

we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.

 

I look at DHCP Monitor, and I do not see any conflicts.

 

how do I troubleshoot this?  are their CLI commands I can use, how do I see history of DHCP conflicts?

 

1 Solution
Jeroen
Contributor

jamestiberius wrote:

90d, running firmware 5.2

 

user complained today that they have been having issues with their outlook connection.

when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).

we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.

 

I look at DHCP Monitor, and I do not see any conflicts.

 

how do I troubleshoot this?  are their CLI commands I can use, how do I see history of DHCP conflicts?

 

 

You can monitor DHCP events under System events. You can also use the command: diagnose debug application dhcps -1

To find a possible conflict.

 

Hope this helps.

View solution in original post

7 REPLIES 7
Jeroen
Contributor

jamestiberius wrote:

90d, running firmware 5.2

 

user complained today that they have been having issues with their outlook connection.

when I look at their event viewer, I see multiple instances of an IP address conflict (each time network hardware address of conflicting device is 00-00-00-00-00-00, weird).

we only have 10-12 devices on the network, and only one device with static IP (printer) and its address is not in the DHCP scope.

 

I look at DHCP Monitor, and I do not see any conflicts.

 

how do I troubleshoot this?  are their CLI commands I can use, how do I see history of DHCP conflicts?

 

 

You can monitor DHCP events under System events. You can also use the command: diagnose debug application dhcps -1

To find a possible conflict.

 

Hope this helps.

jamestiberius

thanks for that.

 

so I ran "diagnose debug application dhcps -1 "

and it did not return anything, no error, just blank line.

 

so apparently according to the fortinet box I am not having duplicate IP address issues.

tell that to the laptop.

oy.

Dave_Hall

Shut down the affected computer (keep it shutdown); either clear the arp table or reboot the fgt.  Wait about 5 mins then perform a ping to the affected IP address then perform a "get system arp" or "get system arp | grep <IP address>".  If there is a MAC Address showing up then there is a device configured for a static IP.  Otherwise there is likely a problem with the computer's network card/TCP stack, etc.  (e.g. try swapping out/in a new NIC.)  Other things to check for is a loop (but here should be other signs for that).  [strike]If the Fortigate has device monitoring/logging enabled, try disabling that[/strike].

 

Edit: the above is just some quick and simple suggestions.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ede_pfau
Esteemed Contributor III

hi,

 

you did not see any messages probably because they were not enabled:

diag deb enable

prior to starting the application debug. Check that the DHCP server is actually running by connecting your notebook to the LAN, you should see the negotiations.

 

To pinpoint that one IP address usage you could run the sniffer which will show you every conversation to and from that IP address:

diag deb ena
diag sniffer packet internal 'host 1.2.3.4' 6

Now you can see

- if the address is in use

- find out by which device using the arp table

- if not in use, see how it gets assigned to the host and if it is used afterwards

 

Stop the sniffer by hitting Ctrl-C.

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
ede_pfau
Esteemed Contributor III

@Dave:

why not use the Device detection? The FGT is running v5.2. At least it shows in a nice GUI table the address and the MAC.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Dave_Hall
Honored Contributor

ede_pfau wrote:

@Dave:

why not use the Device detection? The FGT is running v5.2. At least it shows in a nice GUI table the address and the MAC.

A while back someone here reported similar weird DHCP/IP issue, but can't find that post now, so I strike that part out.  I think the solution in that was to disable the device detection.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave_Hall
Honored Contributor

See this thread; try upgrading to 5.2.3.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Top Kudoed Authors