Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segmentation_fault
New Contributor III

Every few months some users can't connect to our Wifi network ( running out of 255 ip addresses )?

I've inherited a fortigate 60E in a business location. The owners say every few months people can't connect to the wifi network. The business gets dozens of people a day who connect to the Wifi. So my suspicion is the Fortigate is hitting some limit of 255 192.168.1.X ip addresses? In the past I would tell them to reboot the Internet modem going into the fortigate. That would clear things up. But now looking to get to the bottom of this and solve it :)

 

Here's what I see in the settings below. Ignore the "Guest Wifi VLAN" as nobody uses that as it does not work. Folks connect to the regular Wifi network and get a 192.168.1.x address.

 

wifi.PNG

 

1 Solution
gfleming

Sure, try one day for now and see how it goes. If you still have issues you can reduce it to 6 hours and so on...

Cheers,
Graham

View solution in original post

9 REPLIES 9
gfleming
Staff
Staff

Most likely a DHCP lease time issue. Set the DHCP lease time to something really short like 30 minutes. Especially if this wi-fi network services visitors who come and go. That way DHCP leases won't be stuck and filling up the table preventing new leases for new visitors.

 

If it's a concurrent connection issue (i.e. you have >255 users at once on the network) you need to increase the subnet size.

Cheers,
Graham
segmentation_fault

Thanks. Whereabouts in the web GUI for the fortigate 60e can I edit the DHCP lease settings? At most we will have 50 concurrent users so I guess no need to increase the subnet size. However we have staff who connect to the Wifi everyday. Will changing the lease to 30 minutes potentially adversely affect them?

gfleming

Depends on which version of FOS you are on. Later versions you can access Lease Time setting in GUI. But you will for sure be able to do it via CLI: https://docs.fortinet.com/document/fortigate/6.4.10/administration-guide/783526/dhcp-servers-and-rel... (look at section for configuring lease time).

 

Shortening the lease time should not adversely affect clients. If 30 minutes improves things you can slowly increase to 1 hour, 2 hours etc to see what works best. 

Cheers,
Graham
segmentation_fault

Thanks, I am using this version of the GUI. I am very nervous about making any changes via command line as I don't want to risk breaking anything.. Would prefer if I can post screenshots of what I want to do before actually doing them :)

 

fortgate.PNG

gfleming

I beleive for this version you must do it in the CLI. You cannot break anything using CLI as long as you only input the appropriate command..

 

You may check your GUI under interface settings under the DHCP Server section if you see Lease Time option:

gfleming_0-1667331470785.png

 

Cheers,
Graham
segmentation_fault

I don't think I see any options for DHCP lease in our GUI. However, I am not sure I am looking at the right place. In the guide you linked to it says, "On low-end FortiGate units, a DHCP server is configured on the internal interface". So if I "Edit" the internal interface I get the options below.

 

If I have to do via command line what would I have to enter for the values:

Again, I am very nervous one wrong entry is going to break the whole system...

 

 

config system dhcp server
    edit <server_entry_number>
        set interface <interface>
        set netmask <netmask>
        set lease-time <seconds>
    next
end

Capture.PNGCapture2.PNG

gfleming

That's the GUI setting for the interface to receive an IP using DHCP (ie. as a client). If you scroll down you should see the options for "DCHP server".

 

For CLI, if you paste the output of " show system dhcp server" I will tell you exactly what you need to put in.

Cheers,
Graham
segmentation_fault

Ah ok, think I found it after scrolling down! Seems it is set to 1 week. I will change it to 1 day ( 86400 ) unless you think otherwise . I know you mentioned 30 minutes, but seems 1 day should work, no?

Capture.PNG

gfleming

Sure, try one day for now and see how it goes. If you still have issues you can reduce it to 6 hours and so on...

Cheers,
Graham
Top Kudoed Authors