Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
_panda_
New Contributor

Created on ‎04-04-2025 07:59 AM Edited on ‎04-04-2025 08:07 AM

FortiManager: Error when enabling DHCP on FortiSwitch VLAN

Hi,

 

FortiManager Version - v7.4.6 build9266 (Mature), ADOM - 7.4

FortiGate-40F-3G4G - v7.4.7,build2731 (GA) (Mature)

FortiSwitch-108E-POE - v7.4.5-build880,241127 (GA)

 

Just trying to build a little lab setup using the kit above. When creating a VLAN (FortiSwitch Manager > FortSwitch VLANs), I am able to create the VLAN without issue and apply the VLAN to the switch using a template. The VLAN shows up on the FortiGate and all looks good. 

 

The issue is when I enable DHCP on the VLAN. When attempting to save the config I get the error message: - 

 

Copy device global objects
Copy objects for vdom root
 
Commit failed:
error -999 - TCL error(missing operand at _@_
in expression "(24<<24)+(_@_<<16)+(<<8)+")
 
namespace import global::cli_ip2val
set startip_str [cli_get_value $CLI_CUR_NODE "" "" "start-ip"]
set endip_str [cli_get_value $CLI_CUR_NODE "" "" "end-ip"]
set id [cli_get_value $CLI_CUR_NODE "" "" "id"]
set startip [cli_ip2val $startip_str]
set endip [cli_ip2val $endip_str]
if {$startip > $endip} {
cli_set_errmsg "startip greater than endip"
return 0
}
set match_nr [cli_get_match_nr $CLI_CUR_PARENT_NODE 1 "" "start-ip" 0 $startip_str "end-ip" 0 $endip_str]
if {$match_nr > 1} {
cli_set_errmsg "duplicate"
return 0
}
## check overlap with current ip-range list
set tbllist [cli_get_tbl_list $CLI_CUR_PARENT_NODE ""]
foreach e $tbllist {
set id2 [cli_get_value $e "" "" "id"]
if {$id eq $id2} {
continue
}
set startip2_str [cli_get_value $e "" "" "start-ip"]
set endip2_str [cli_get_value $e "" "" "end-ip"]
set startip2 [cli_ip2val $startip2_str]
set endip2 [cli_ip2val $endip2_str]
if { ($startip2 <= $endip) && ($endip2 >= $
 
Attached is a picture of the config. It is using variables, but I get the exact same message if I use fully defined IP's instead. FortiManager accepts the config and lets me save it, but whenever I then try to go through the Install Wizard I get the message above. It seems to be suggesting a problem with the DHCP address range having the start IP be greater than the end IP (cli_set_errmsg "startip greater than endip"), but as you can see it definitely isn't. Or a syntax issue (error -999 - TCL error(missing operand at _@_in expression "(24<<24)+(_@_<<16)+(<<8)+")?
 

VLAN_Config_with_var.png

 

Any advice would be greatly appreciated.

Thanks in advance!

 

Labels:
207
0 Kudos
1 Solution
singhl
Staff
Staff

Created on ‎04-08-2025 10:40 AM

Hello,

Looks like the netmask set for DHCP is the cause here. Please use decimal notation (255.255.255.0) instead.

Regards,

Lovepreet Singh

View solution in original post

125
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎04-06-2025 09:08 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
165
0 Kudos
singhl
Staff
Staff

Created on ‎04-08-2025 10:40 AM

Hello,

Looks like the netmask set for DHCP is the cause here. Please use decimal notation (255.255.255.0) instead.

Regards,

Lovepreet Singh
126
_panda_
New Contributor
In response to singhl

Created on ‎04-09-2025 03:23 AM

Thanks Lovepreet,

 

That has fixed it. Further info for anyone else, FortiManager (this version at least) actually puts '24' into that field automatically, which is why I didn't even think that might be the issue. When creating the VLAN, if you leave the Netmask setting as 'Same as Interface IP', it won't let you click OK.

 

Screenshot 2025-04-09 111643.png

 

But when you click Specify, it automatically fills in the '24' and lets you click OK and Save.

 

Screenshot 2025-04-09 111713.png

92
0 Kudos
_panda_
New Contributor
In response to _panda_

Created on ‎04-09-2025 04:38 AM

One last comment, for anyone else new to FortiManager that might see this with the same issue, the issue looks to be with the IP/Network Mask field. In my example above, when I said it wouldn't accept the DHCP setting for Netmask 'Same as Interface Netmask', I had formatted the IP/Netmask field with a space and not a forward slash. FortiManager accepts this as ok, but without the forward slash, it won't allow you to select the 'Same as Interface Netmask option'

 

FMG_003.PNG

88
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.