Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kimrdk
New Contributor II

DHCP server not working on soft switch interface

Hi I cannot get DHCP server to work on a software switch, configured like this:

config system switch-interface
    edit "soft_switch"
  set vdom root
        set member "Vlan16" "VxLan-IPsec-DR"
        set intra-switch-policy explicit
    next
end
Computer configured with static IP, then I can ping 172.16.0.1, so the interface and VLAN works. Why do I not get an DHCP address? See images

FortiGate 30E v6.0.4 build0231 (GA) /Kim

1 Solution
emnoc
Esteemed Contributor III

You really need to look at the dhcp server status and ensure it's enabled. I would also see if you diag sniffer packet  on the member or softswitch to look for dhcp info.

 

 

e.g

 

FWFXXXXXXX (switch-interface) # showconfig system switch-interface    e

edit "internal"       

set vdom "root"       

set member "wifi" "lan"   

next    edit "HjSkist.root"       

set vdom "root"       

set member "HjSkist.wifi"   

next

end 

 

 

 diag sniffer packet  HjSkist.root 

 

 

 

Also, I notice you have  "set intra-switch-policy" set to explicit,  I would not do that.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
5 REPLIES 5
kimrdk
New Contributor II

DHCP is enabled under the interface:

emnoc
Esteemed Contributor III

You really need to look at the dhcp server status and ensure it's enabled. I would also see if you diag sniffer packet  on the member or softswitch to look for dhcp info.

 

 

e.g

 

FWFXXXXXXX (switch-interface) # showconfig system switch-interface    e

edit "internal"       

set vdom "root"       

set member "wifi" "lan"   

next    edit "HjSkist.root"       

set vdom "root"       

set member "HjSkist.wifi"   

next

end 

 

 

 diag sniffer packet  HjSkist.root 

 

 

 

Also, I notice you have  "set intra-switch-policy" set to explicit,  I would not do that.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
kimrdk
New Contributor II

Nothing is logged with:

diag sniffer packet soft_switch

But

diagnose sniffer packet Vlan16
Gives:


58.853437 arp who-has 169.254.72.173 tell 169.254.72.173
58.868285 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
58.868301 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
58.875325 169.254.72.173.5353 -> 224.0.0.251.5353: udp 39
58.875776 169.254.72.173.5353 -> 224.0.0.251.5353: udp 49
58.897388 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
58.932229 169.254.72.173.137 -> 169.254.255.255.137: udp 68
59.345761 169.254.72.173 -> 224.0.0.22:  ip-proto-2 32
59.463281 0.0.0.0.68 -> 255.255.255.255.67: udp 300
59.693053 169.254.72.173.137 -> 169.254.255.255.137: udp 68
60.493275 169.254.72.173.137 -> 169.254.255.255.137: udp 68
61.263915 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.071418 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.071703 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.835231 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.835513 169.254.72.173.137 -> 169.254.255.255.137: udp 68
63.609650 169.254.72.173.137 -> 169.254.255.255.137: udp 68
63.609691 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.366325 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.366367 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.410836 0.0.0.0.68 -> 255.255.255.255.67: udp 300
72.835085 0.0.0.0.68 -> 255.255.255.255.67: udp 300

89.650249 0.0.0.0.68 -> 255.255.255.255.67: udp 300
91.851527 arp who-has 169.254.72.173 tell 0.0.0.0
92.851487 arp who-has 169.254.72.173 tell 0.0.0.0
93.851322 arp who-has 169.254.72.173 tell 0.0.0.0
94.634018 0.0.0.0.68 -> 255.255.255.255.67: udp 300
94.851275 arp who-has 169.254.72.173 tell 169.254.72.173
94.868494 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
94.875555 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
94.880352 169.254.72.173.5353 -> 224.0.0.251.5353: udp 39
94.880709 169.254.72.173.5353 -> 224.0.0.251.5353: udp 49
94.893271 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
94.929725 169.254.72.173.137 -> 169.254.255.255.137: udp 68
95.351361 169.254.72.173 -> 224.0.0.22:  ip-proto-2 32
95.679633 169.254.72.173.137 -> 169.254.255.255.137: udp 68
96.445210 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.210830 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.982607 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.982651 169.254.72.173.137 -> 169.254.255.255.137: udp 68
98.741852 169.254.72.173.137 -> 169.254.255.255.137: udp 68
98.741889 169.254.72.173.137 -> 169.254.255.255.137: udp 68
99.507548 169.254.72.173.137 -> 169.254.255.255.137: udp 68
99.507585 169.254.72.173.137 -> 169.254.255.255.137: udp 68
100.272999 169.254.72.173.137 -> 169.254.255.255.137: udp 68
100.273037 169.254.72.173.137 -> 169.254.255.255.137: udp 68
102.508838 0.0.0.0.68 -> 255.255.255.255.67: udp 300

 

kimrdk
New Contributor II

Okay, DHCP issue resolved when recreating soft switch without intra-switch-policy explicit.

I had tried to enable traffic with polices, but that did not work.

 

emnoc
Esteemed Contributor III

Okay good, glad work out for you and bet now the diag sniffer packet will display data grams

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors