Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fabs
New Contributor III

Created on ‎07-28-2023 08:22 AM Edited on ‎07-28-2023 08:24 AM

device on specfic VLAN not getting ip address

Hello all,

 

I have a very strange problem here.
I have an iOT device here that does not get an IP address in a specific VLAN. But in all other VLANS it gets an IP address.
But this is only since a short time. There was no change on the Fortigate, or on the DHCP server of the Fortigate.
I have also restarted the Fortigate, unfortunately without success.

In this specific VLAN, i see DHCPOFFER, but not DHCPREQUEST and no DHCPACK.

In the other VLANS, DHCPOFFER, DHCPREQUEST and DHCPACK.

DHCP debug from this specific VLAN not getting IP.

 

 

2023-07-28 16:02:04 [debug]sending on VLAN69(ethernet)
2023-07-28 16:02:04 [debug]sending using lpf_dhcpd_send_packet
2023-07-28 16:02:07 [debug]locate_network prhtype(1) pihtype(1)
2023-07-28 16:02:07 [debug]find_lease(): leaving function with lease set
2023-07-28 16:02:07 [debug]find_lease(): the lease's IP is 10.10.69.36
2023-07-28 16:02:07 [note]DHCPDISCOVER from xx:xx:xx:xx:1c:36 via VLAN69(ethernet)
2023-07-28 16:02:07 [debug]deled ip 10.10.69.36 mac xx:xx:xx:xx:1c:36 in vd root
2023-07-28 16:02:07 [debug]added ip 10.10.69.36 mac xx:xx:xx:xx:1c:36 in vd root
2023-07-28 16:02:07 [debug]packet length 300
2023-07-28 16:02:07 [debug]op = 1  htype = 1  hlen = 6  hops = 0
2023-07-28 16:02:07 [debug]xid = 3137f04e  secs = 1536  flags = 0
2023-07-28 16:02:07 [debug]ciaddr = 0.0.0.0
2023-07-28 16:02:07 [debug]yiaddr = 0.0.0.0
2023-07-28 16:02:07 [debug]siaddr = 0.0.0.0
2023-07-28 16:02:07 [debug]giaddr = 0.0.0.0
2023-07-28 16:02:07 [debug]chaddr = xx:xx:xx:xx:1c:36
2023-07-28 16:02:07 [debug]filename = 
2023-07-28 16:02:07 [debug]server_name = 
2023-07-28 16:02:07 [debug]  dhcp-message-type = 1
2023-07-28 16:02:07 [debug]  dhcp-parameter-request-list = 1,3,6,12,15,28,42
2023-07-28 16:02:07 [debug]  dhcp-max-message-size = 576
2023-07-28 16:02:07 [debug]  dhcp-class-identifier = "udhcp 1.26.2"
2023-07-28 16:02:07 [debug]  dhcp-client-identifier = 1:xx:xx:xx:xx:1c:36
2023-07-28 16:02:07 [debug]
2023-07-28 16:02:07 [pkt]000: 01 01 06 00 4e f0 37 31  00 06 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]010: 00 00 00 00 00 00 00 00  00 00 00 00 d0 c8 57 00
2023-07-28 16:02:07 [pkt]020: 1c 36 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0e0: 00 00 00 00 00 00 00 00  00 00 00 00 63 82 53 63
2023-07-28 16:02:07 [pkt]0f0: 35 01 01 3d 07 01 d0 c8  57 00 1c 36 39 02 02 40
2023-07-28 16:02:07 [pkt]100: 37 07 01 03 06 0c 0f 1c  2a 3c 0c 75 64 68 63 70
2023-07-28 16:02:07 [pkt]110: 20 31 2e 32 36 2e 32 ff  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]120: 00 00 00 00 00 00 00 00  00 00 00 00
2023-07-28 16:02:07 [note]DHCPOFFER on 10.10.69.36 to xx:xx:xx:xx:1c:36 via VLAN69(ethernet)
2023-07-28 16:02:07 [pkt]000: 02 01 06 00 4e f0 37 31  00 06 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]010: 0a 0a 45 24 00 00 00 00  00 00 00 00 d0 c8 57 00
2023-07-28 16:02:07 [pkt]020: 1c 36 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
2023-07-28 16:02:07 [pkt]0e0: 00 00 00 00 00 00 00 00  00 00 00 00 63 82 53 63
2023-07-28 16:02:07 [pkt]0f0: 35 01 02 36 04 0a 0a 45  fe 33 04 00 0a 8c 00 01
2023-07-28 16:02:07 [pkt]100: 04 ff ff ff 00 03 04 0a  0a 45 fe 06 04 0a 0a 45
2023-07-28 16:02:07 [pkt]110: fe 2a 04 0a 0a 45 fe 3a  04 00 05 46 00 3b 04 00
2023-07-28 16:02:07 [pkt]120: 09 3a 80 e0 11 46 47 31  30 30 46 54 4b 32 31 30
2023-07-28 16:02:07 [pkt]130: 33 35 32 39 39 00 ff
2023-07-28 16:02:07 [debug]sending on VLAN69(ethernet)
2023-07-28 16:02:07 [debug]sending using lpf_dhcpd_send_packet

 

 

 

DHCP debug of VLAN getting ip address

 

 

debug]locate_network prhtype(1) pihtype(1)
[debug]find_lease(): leaving function with lease set
[debug]find_lease(): the lease's IP is 192.168.99.2
[note]DHCPDISCOVER from d0:c8:57:00:1c:36 via VLAN99(ethernet)
[debug]deled ip 192.168.99.2 mac d0:c8:57:00:1c:36 in vd root
[debug]added ip 192.168.99.2 mac d0:c8:57:00:1c:36 in vd root
[debug]packet length 300
[debug]op = 1  htype = 1  hlen = 6  hops = 0
[debug]xid = 75a1adbc  secs = 0  flags = 0
[debug]ciaddr = 0.0.0.0
[debug]yiaddr = 0.0.0.0
[debug]siaddr = 0.0.0.0
[debug]giaddr = 0.0.0.0
[debug]chaddr = d0:c8:57:00:1c:36
[debug]filename = 
[debug]server_name = 
[debug]  dhcp-message-type = 1
[debug]  dhcp-parameter-request-list = 1,3,6,12,15,28,42
[debug]  dhcp-max-message-size = 576
[debug]  dhcp-class-identifier = "udhcp 1.26.2"
[debug]  dhcp-client-identifier = 1:d0:c8:57:0:1c:36
[debug]
[pkt]000: 01 01 06 00 bc ad a1 75  00 00 00 00 00 00 00 00
[pkt]010: 00 00 00 00 00 00 00 00  00 00 00 00 d0 c8 57 00
[pkt]020: 1c 36 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0e0: 00 00 00 00 00 00 00 00  00 00 00 00 63 82 53 63
[pkt]0f0: 35 01 01 3d 07 01 d0 c8  57 00 1c 36 39 02 02 40
[pkt]100: 37 07 01 03 06 0c 0f 1c  2a 3c 0c 75 64 68 63 70
[pkt]110: 20 31 2e 32 36 2e 32 ff  00 00 00 00 00 00 00 00
[pkt]120: 00 00 00 00 00 00 00 00  00 00 00 00
[debug]Sending ICMP echo-request to 192.168.99.2
[note]DHCPOFFER on 192.168.99.2 to d0:c8:57:00:1c:36 via VLAN99(ethernet)
[pkt]000: 02 01 06 00 bc ad a1 75  00 00 00 00 00 00 00 00
[pkt]010: c0 a8 63 02 00 00 00 00  00 00 00 00 d0 c8 57 00
[pkt]020: 1c 36 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0e0: 00 00 00 00 00 00 00 00  00 00 00 00 63 82 53 63
[pkt]0f0: 35 01 02 36 04 c0 a8 63  fe 33 04 00 0a 8c 00 01
[pkt]100: 04 ff ff ff 00 03 04 c0  a8 63 fe 06 04 c0 a8 63
[pkt]110: fe 2a 04 c0 a8 63 fe 3a  04 00 05 46 00 3b 04 00
[pkt]120: 09 3a 80 e0 11 46 47 31  30 30 46 54 4b 32 31 30
[pkt]130: 33 35 32 39 39 00 ff

[debug]sending on VLAN99(ethernet)
[debug]sending using lpf_dhcpd_send_packet
[debug]locate_network prhtype(1) pihtype(1)
[debug]find_lease(): packet contains preferred client IP, cip.s_addr is 192.168.99.2
[debug]find_lease(): leaving function with lease set
[debug]find_lease(): the lease's IP is 192.168.99.2
[note]DHCPREQUEST for 192.168.99.2 from xx:xx:xx:xx:1c:36 via VLAN99(ethernet)
[debug]deled ip 192.168.99.2 mac xx:xx:xx:xx:1c:36 in vd root
[debug]added ip 192.168.99.2 mac xx:xx:xx:xx:1c:36 in vd root
[debug]packet length 300
[debug]op = 1  htype = 1  hlen = 6  hops = 0
[debug]xid = 75a1adbc  secs = 256  flags = 0
[debug]ciaddr = 0.0.0.0
[debug]yiaddr = 0.0.0.0
[debug]siaddr = 0.0.0.0
[debug]giaddr = 0.0.0.0
[debug]chaddr = xx:xx:xx:xx:1c:36
[debug]filename = 
[debug]server_name = 
[debug]  dhcp-requested-address = 192.168.99.2
[debug]  dhcp-message-type = 3
[debug]  dhcp-server-identifier = 192.168.99.254
[debug]  dhcp-parameter-request-list = 1,3,6,12,15,28,42
[debug]  dhcp-max-message-size = 576
[debug]  dhcp-class-identifier = "udhcp 1.26.2"
[debug]  dhcp-client-identifier = 1:d0:c8:57:0:1c:36
[debug]
[pkt]000: 01 01 06 00 bc ad a1 75  00 01 00 00 00 00 00 00
[pkt]010: 00 00 00 00 00 00 00 00  00 00 00 00 d0 c8 57 00
[pkt]020: 1c 36 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
[pkt]0e0: 00 00 00 00 00 00 00 00  00 00 00 00 63 82 53 63
[pkt]0f0: 35 01 03 3d 07 01 d0 c8  57 00 1c 36 32 04 c0 a8
[pkt]100: 63 02 36 04 c0 a8 63 fe  39 02 02 40 37 07 01 03
[pkt]110: 06 0c 0f 1c 2a 3c 0c 75  64 68 63 70 20 31 2e 32
[pkt]120: 36 2e 32 ff 00 00 00 00  00 00 00 00
[note]DHCPACK on 192.168.99.2 to xx:xx:xx:xx:1c:36 via VLAN99(ethernet)

 

 

 

Labels:
1473
6 REPLIES 6
ebilcari
Staff
Staff

Created on ‎07-28-2023 08:33 AM

it looks like the IOT device is not "liking" the DHCP offer or the DHCP offer is dropped by some other device in the middle and is not reaching the end device. Maybe an ACL or DHCP snooping enabled for that VLAN in the switch? In case of DHCP snooping you have to add the port connected to FGT as a trusted port.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1467
0 Kudos
Mrinmoy
Staff
Staff

Created on ‎07-28-2023 08:49 AM

Whats is the FortiGate firmware version? Are you using any DHCP relay?

Mrinmoy Purkayastha
1462
0 Kudos
Christian_89
Contributor III

Created on ‎07-29-2023 12:05 PM

The issue you're facing where the IoT device doesn't get an IP address in a specific VLAN, even though there doesn't seem to be any change in your configuration, can be caused by a number of factors. Let's try to troubleshoot this:

1. **Check VLAN Configuration:** It's possible that something changed with the VLAN configuration. Ensure that the VLAN is still correctly configured on the Fortigate and on any switches involved.

2. **Check DHCP Server Configuration:** Make sure that the DHCP server is configured correctly for the VLAN in question. Ensure that it has enough IP addresses to assign and that the correct DHCP options are set.

3. **Check DHCP Relay or Helper Address:** If you're using a DHCP relay or helper address, make sure that it's still correctly configured. Check both the Fortigate and any switches or routers that might be involved.

4. **Check for IP Conflicts:** Sometimes a device might not get an IP address because of an IP conflict. You can check the DHCP server's logs for any error messages related to this.

5. **Check for Network Issues:** Make sure there are no network issues, like a misconfigured switch or a bad network cable, that might be interfering with DHCP traffic.

6. **Check Device Configuration:** The issue could also be on the IoT device itself. Try resetting it to its default settings and see if that helps.

7. **Check Firewall Rules:** Ensure that there are no firewall rules on the Fortigate that could be blocking DHCP traffic.

8. **DHCP Snooping:** If DHCP Snooping is enabled on the switch, it could potentially cause issues if not correctly configured.

Given that you see a DHCPOFFER but not a DHCPREQUEST or DHCPACK, it seems like the DHCP server is offering an IP address, but the IoT device is not requesting it (or the request is not reaching the server). This suggests that the issue might be on the IoT device itself or somewhere in the network between the device and the DHCP server.

If none of these steps help, it might be necessary to do a packet capture to see exactly what's happening with the DHCP traffic.

Let me know if you need further help with any of these steps.

1393
0 Kudos
Emma02
New Contributor II

Created on ‎08-02-2023 12:24 AM

It seems the iOT device is stuck between the DHCPOFFER and DHCPREQUEST stages on a specific VLAN. This could be due to a configuration mismatch between the client and the VLAN, such as incorrect DHCP options or an unsupported DHCP version. Verify that the DHCP configurations on the specific VLAN match those of the working VLANs. Check the settings on the device and ensure they match the DHCP options expected by the server. Consider using a network packet analyzer to trace the entire process for further troubleshooting.

Emma Wilson
Emma Wilson
1359
0 Kudos
fabs
New Contributor III

Created on ‎08-02-2023 01:40 AM Edited on ‎08-02-2023 01:41 AM

Hello all,

first of all, I would like to thank you for your comments.
I have checked all switches and could not find any problem.
This problem is also already present on the core switch, I have also checked this switch.
Strangely enough, it is actually only this one type of device as well. All other devices get an IP address in this VLAN from the DHCP server as expected.
Again, this type of device in all other VLANs also gets an IP address from the DHCP server. I am currently in contact with the manufacturer of the device.

Best Regards

fabs

1345
0 Kudos
ebilcari
Staff
Staff
In response to fabs

Created on ‎08-02-2023 03:07 AM

It may happen that this particular device has another IP on the same subnet configured for another physical or virtual adapter so it may refuse this offer as not valid.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1329
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.