regards
/ Abel
00:1a:73:53:24:f6Have you tried to isolate the host that conflicting with the dhcp server ? mac_addr 00:1a:73:53:24:f6 , falls back to some wireless manufacture. You might want to reverifies it' s configuration or isolate it into another lan segment. You might have a wireless client that' s screwed up and the wireless AP could be be proxying dhcp request for that client.
PCNSE
NSE
StrongSwan
Hi! I have the same problem! Could you find a solution?
one thing you can do is to check if there is any other DHCP server running on your network.
first turn off DHCP on the Fortigate.
you can capture packets from a PC using wireshark and see if there are any DHCP packets coming from another device. (filter with BOOTP protocol on wireshark)
@Fabricio
If not already already done - enable device detection on the internal interface (e.g. lan) then go into "User & Device->Device Inventory". (If needed, apply an "online" status filter.) You should be looking for any "unusual" devices connected to your network (e.g. 3rd party routers, Internet Connection sharing).
If the fgt is running a DHCP service for your internal devices - go into "Monitor->DHCP Monitor" and check for any errors (or conflicts) - compare the lease IPs against those found in "User & Device->Device Inventory".
I have only encountered this issue "IP Removed due to conflict...100+ entries like this with the SAME MAC ADDRESS but different IP" 1-2 times before, but never fully narrowed down the actual cause (due to only having remote access) and 3rd party on site non-technical support. We ended up enabling DHCP snooping on the network switch's switchports.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
You could as well use the built-in sniffer to detect DHCP offers on the LAN port:
diag deb ena
diag sniffer packet port1 'udp and (port 67 or port 68)' 4
and see if some instance offers a DHCP lease. This would give you a MAC address to chase for.
Hi,
this might be caused due to a normal behavior and not from any error!
DHCP will trigger the DHCP Server to check whether adresses are available in the phase of offering. If you have a utilized DHCP pool and there are new clients requesting IP adresses - and the dhcp server does not know of already given out leases - it will ping an adress first before offering. The stated error message comes after 3 tries - then the dhcp server gives up trying to allocate an address.
You might have to reboot some devices a couple of times and wait for some time to have the DHCP server have full visibility over the pool utilization again.
Br,
Roman
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.