Hi I cannot get DHCP server to work on a software switch, configured like this:
config system switch-interfaceComputer configured with static IP, then I can ping 172.16.0.1, so the interface and VLAN works. Why do I not get an DHCP address? See images
edit "soft_switch"
set vdom root
set member "Vlan16" "VxLan-IPsec-DR"
set intra-switch-policy explicit
next
end
FortiGate 30E v6.0.4 build0231 (GA)
/Kim
Solved! Go to Solution.
You really need to look at the dhcp server status and ensure it's enabled. I would also see if you diag sniffer packet on the member or softswitch to look for dhcp info.
e.g
FWFXXXXXXX (switch-interface) # showconfig system switch-interface e
edit "internal"
set vdom "root"
set member "wifi" "lan"
next edit "HjSkist.root"
set vdom "root"
set member "HjSkist.wifi"
next
end
diag sniffer packet HjSkist.root
Also, I notice you have "set intra-switch-policy" set to explicit, I would not do that.
Ken Felix
PCNSE
NSE
StrongSwan
You really need to look at the dhcp server status and ensure it's enabled. I would also see if you diag sniffer packet on the member or softswitch to look for dhcp info.
e.g
FWFXXXXXXX (switch-interface) # showconfig system switch-interface e
edit "internal"
set vdom "root"
set member "wifi" "lan"
next edit "HjSkist.root"
set vdom "root"
set member "HjSkist.wifi"
next
end
diag sniffer packet HjSkist.root
Also, I notice you have "set intra-switch-policy" set to explicit, I would not do that.
Ken Felix
PCNSE
NSE
StrongSwan
Nothing is logged with:
diag sniffer packet soft_switch
But
diagnose sniffer packet Vlan16Gives:
58.853437 arp who-has 169.254.72.173 tell 169.254.72.173
58.868285 169.254.72.173 -> 224.0.0.22: ip-proto-2 16
58.868301 169.254.72.173 -> 224.0.0.22: ip-proto-2 16
58.875325 169.254.72.173.5353 -> 224.0.0.251.5353: udp 39
58.875776 169.254.72.173.5353 -> 224.0.0.251.5353: udp 49
58.897388 169.254.72.173 -> 224.0.0.22: ip-proto-2 16
58.932229 169.254.72.173.137 -> 169.254.255.255.137: udp 68
59.345761 169.254.72.173 -> 224.0.0.22: ip-proto-2 32
59.463281 0.0.0.0.68 -> 255.255.255.255.67: udp 300
59.693053 169.254.72.173.137 -> 169.254.255.255.137: udp 68
60.493275 169.254.72.173.137 -> 169.254.255.255.137: udp 68
61.263915 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.071418 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.071703 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.835231 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.835513 169.254.72.173.137 -> 169.254.255.255.137: udp 68
63.609650 169.254.72.173.137 -> 169.254.255.255.137: udp 68
63.609691 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.366325 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.366367 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.410836 0.0.0.0.68 -> 255.255.255.255.67: udp 300
72.835085 0.0.0.0.68 -> 255.255.255.255.67: udp 300
89.650249 0.0.0.0.68 -> 255.255.255.255.67: udp 300
91.851527 arp who-has 169.254.72.173 tell 0.0.0.0
92.851487 arp who-has 169.254.72.173 tell 0.0.0.0
93.851322 arp who-has 169.254.72.173 tell 0.0.0.0
94.634018 0.0.0.0.68 -> 255.255.255.255.67: udp 300
94.851275 arp who-has 169.254.72.173 tell 169.254.72.173
94.868494 169.254.72.173 -> 224.0.0.22: ip-proto-2 16
94.875555 169.254.72.173 -> 224.0.0.22: ip-proto-2 16
94.880352 169.254.72.173.5353 -> 224.0.0.251.5353: udp 39
94.880709 169.254.72.173.5353 -> 224.0.0.251.5353: udp 49
94.893271 169.254.72.173 -> 224.0.0.22: ip-proto-2 16
94.929725 169.254.72.173.137 -> 169.254.255.255.137: udp 68
95.351361 169.254.72.173 -> 224.0.0.22: ip-proto-2 32
95.679633 169.254.72.173.137 -> 169.254.255.255.137: udp 68
96.445210 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.210830 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.982607 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.982651 169.254.72.173.137 -> 169.254.255.255.137: udp 68
98.741852 169.254.72.173.137 -> 169.254.255.255.137: udp 68
98.741889 169.254.72.173.137 -> 169.254.255.255.137: udp 68
99.507548 169.254.72.173.137 -> 169.254.255.255.137: udp 68
99.507585 169.254.72.173.137 -> 169.254.255.255.137: udp 68
100.272999 169.254.72.173.137 -> 169.254.255.255.137: udp 68
100.273037 169.254.72.173.137 -> 169.254.255.255.137: udp 68
102.508838 0.0.0.0.68 -> 255.255.255.255.67: udp 300
Okay, DHCP issue resolved when recreating soft switch without intra-switch-policy explicit.
I had tried to enable traffic with polices, but that did not work.
Okay good, glad work out for you and bet now the diag sniffer packet will display data grams
Ken Felix
PCNSE
NSE
StrongSwan
| User | Count |
|---|---|
| 2207 | |
| 1202 | |
| 770 | |
| 451 | |
| 355 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.
