Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Urgent! DHCP issue-" removed due to conflict"

Please help! I have used dchp lease-clear command and tried to reset the DHCP server on the FOrtinet but i am getting REMOVED DUE TO CONFLICT" on 90% of the IP addresses on the internal network!!! I have rebooted everything but nothing works and only a handful of users are able to access the network. What to do???
New Contributor

...running out of options...i have plugged in a diffrent fortinet and set up a new DHCP server (same subnet) still having major issues with IP conflicts... help!

IP conflict only can happen if you' ve more than one dhcp server in the segment or there' re NICs cards in the network segment wit pre-assigned IP numbers to same MAC address. Did you define some ip-mac binding table in your FTG? Could you post the output of cli commands: show system dhcp server ?? and show system dhcp reserved-address ??


/ Abel

regards / Abel
New Contributor

Fortigate 100 # show system dhcp server config system dhcp server edit " Internal" set default-gateway set dns-server1 64.XXX.XX.XX set dns-server2 64.XXX.XX.XX set end-ip config exclude-range edit 1 set end-ip set start-ip next edit 2 set end-ip set start-ip next edit 3 set end-ip set start-ip next edit 4 set end-ip set start-ip next end --More-- Dont ask about the odd exclude ranges.....i was given this crazy setup.... We ere able to get something going by creating another DCHP server with different subnet, let clients connect to that....Requested the old DHCP server and clients conncted to that.... Only few conflicts....but keeping fingers crossed....Also say this in the DHCP address lease table: 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict 00:1a:73:53:24:f6 Tue May 26 15:08:03 2009 Removed due to conflict There were 100+ enties like this with the SAME MAC ADDRESS but different IP????? we are checking that also.....Possibly the DHCP server just whacked out?
Esteemed Contributor III

Have you tried to isolate the host that conflicting with the dhcp server ? mac_addr 00:1a:73:53:24:f6 , falls back to some wireless manufacture. You might want to reverifies it' s configuration or isolate it into another lan segment. You might have a wireless client that' s screwed up and the wireless AP could be be proxying dhcp request for that client.




PCNSE NSE StrongSwan
New Contributor

Hi! I have the same problem! Could you find a solution?


one thing you can do is to check if there is any other DHCP server running on your network.

first turn off DHCP on the Fortigate.

you can capture packets from a PC using wireshark and see if there are any DHCP packets coming from another device. (filter with BOOTP protocol on wireshark)


Honored Contributor



If not already already done - enable device detection on the internal interface (e.g. lan) then go into "User & Device->Device Inventory".  (If needed, apply an "online" status filter.)  You should be looking for any "unusual" devices connected to your network (e.g. 3rd party routers, Internet Connection sharing). 


If the fgt is running a DHCP service for your internal devices - go into "Monitor->DHCP Monitor" and check for any errors (or conflicts) - compare the lease IPs against those found in "User & Device->Device Inventory".  


I have only encountered this issue "IP Removed due to conflict...100+ entries like this with the SAME MAC ADDRESS but different IP" 1-2 times before, but never fully narrowed down the actual cause (due to only having remote access) and 3rd party on site non-technical support.  We ended up enabling DHCP snooping on the network switch's switchports.  




NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

You could as well use the built-in sniffer to detect DHCP offers on the LAN port:

diag deb ena

diag sniffer packet port1 'udp and (port 67 or port 68)' 4


and see if some instance offers a DHCP lease. This would give you a MAC address to chase for.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Valued Contributor



this might be caused due to a normal behavior and not from any error!


DHCP will trigger the DHCP Server to check whether adresses are available in the phase of offering.  If you have a utilized DHCP pool and there are new clients requesting IP adresses - and the dhcp server does not know of already given out leases - it will ping an adress first before offering. The stated error message comes after 3 tries - then the dhcp server gives up trying to allocate an address.


You might have to reboot some devices a couple of times and wait for some time to have the DHCP server have full visibility over the pool utilization again.





Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors