Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
InetSupport
New Contributor

DHCP issues on Fortiswitch Core

Hello dear good afternoon,

I am doing a lab with a Fortiswitch 1048E with v7.0.3 and I connect Fortiswitch 148F-FPoE to simulate a network.
All the operation and configuration are adequate and work correctly, but when in the Core I create several segments with their respective DHCP, a problem occurs at the time of assignment. For example, I create VLAN 10 and 20 with their respective segments and DHCP scop, I connect a laptop to a port on the Access Switch in VLAN 10 and it gives me the IP of that VLAN, but when I connect to a port in the VLAN 20 does not assign me DHCP.
I am going to check the Core and I see that the MAC is stuck to the IP of VLAN 10 and I have to execute the exec dhco lease-clear command so that it can assign me an IP from another VLAN, which should not be the case due to the operation suitable from the network.
I have verified the configuration in the Fortinet documents and it seems that everything is fine. I would like to know how to solve this problem, since I want to implement this solution in a client, but with this I cannot advance.

thanks for your attention.

5 REPLIES 5
gfleming
Staff
Staff

Are you sure the port where the ednpoint is connected is configured for VLAN 20? And is the trunk port between the switches tagging vLAN 20 appropriately?

 

Considering it's working for VLAN 10 OK but not VLAN 20 I would assume you have a tagging / VLAN assignment issue somewhere.

Cheers,
Graham
InetSupport

All the configuration has been reviewed and it is fine as I put above:
- When I connect to a port in VLAN 10 it gives me IP but when I change it to a port in VLAN 20 it doesn't give me IP.
- For VLAN 20 to be IP, I must disconnect the port and go to 1024E to execute the exec dhcp lease-clear all command. After this, I reconnect the equipment to the port of VLAN 20 and if it gives me the IP of that segment.

In conclusion, there is a flaw in the operation of dhcp since it should not work like this.

I attach the config that I make for DHCP.

config system dhcp server
edit 1
set default-gateway 192.132.20.1
set interface "ADMINISTRATIVOS"
config ip-range
edit 20
set end-ip 192.132.20.250
set start-ip 192.132.20.10
next
end
set netmask 255.255.255.0
set dns-server1 10.107.0.202
set dns-server2 10.107.0.201
next

gfleming

Does it ever work for an endpoint that connects to VLAN 20 initially (i.e. without connecting to VLAN 10 first?).

 

Sounds like it might be a bug or issue with DHCP not issuing a new lease in VLAN 20 if an existing lease exists for VLAN 10.

 

But also I only see one DHCP scope in your config output. Can you show the full DHCP config? You would need at least two configuraitons, one for VLAN 10 and one for VLAN 20. I only see one range here....

Cheers,
Graham
InetSupport

Of course, it also works the other way around, so first it gives you an IP from VLAN 20 and when I change to a port from VLAN 10 it doesn't give an IP either.
For proper operation, it should assign IP dynamically, but I cannot be applying the exec dhcp lease-clear command every time.
I would like to know if there is any extra configuration that has to be done for that in the system.

the configuration:

config system dhcp server
edit 1
set default-gateway 192.132.10.1
set interface "ADMINISTRATIVOS"
config ip-range
edit 10
set end-ip 192.132.10.250
set start-ip 192.132.10.10
next
end
set netmask 255.255.255.0
set dns-server1 10.107.0.202
set dns-server2 10.107.0.201
next
edit 2
set default-gateway 192.132.20.1
set interface "ALUMNOS"
config ip-range
edit 20
set end-ip 192.132.20.250
set start-ip 192.132.20.10
next
end
set netmask 255.255.255.0
set dns-server1 10.107.0.202
set dns-server2 10.107.0.201
next

gfleming

Can you please try setting the following for each DHCP server entry (1 and 2) in your config:

 

set interface <string> (where string is your L3 interface)
Cheers,
Graham
Labels
Top Kudoed Authors