I have a very strange problem here. I have an iOT device here that does not get an IP address in a specific VLAN. But in all other VLANS it gets an IP address. But this is only since a short time. There was no change on the Fortigate, or on the DHCP server of the Fortigate. I have also restarted the Fortigate, unfortunately without success.
In this specific VLAN, i see DHCPOFFER, but not DHCPREQUEST and no DHCPACK.
In the other VLANS, DHCPOFFER, DHCPREQUEST and DHCPACK.
DHCP debug from this specific VLAN not getting IP.
it looks like the IOT device is not "liking" the DHCP offer or the DHCP offer is dropped by some other device in the middle and is not reaching the end device. Maybe an ACL or DHCP snooping enabled for that VLAN in the switch? In case of DHCP snooping you have to add the port connected to FGT as a trusted port.
- Emirjon If you have found a solution, please like and accept it to make it easily accessible for others.
The issue you're facing where the IoT device doesn't get an IP address in a specific VLAN, even though there doesn't seem to be any change in your configuration, can be caused by a number of factors. Let's try to troubleshoot this:
1. **Check VLAN Configuration:** It's possible that something changed with the VLAN configuration. Ensure that the VLAN is still correctly configured on the Fortigate and on any switches involved.
2. **Check DHCP Server Configuration:** Make sure that the DHCP server is configured correctly for the VLAN in question. Ensure that it has enough IP addresses to assign and that the correct DHCP options are set.
3. **Check DHCP Relay or Helper Address:** If you're using a DHCP relay or helper address, make sure that it's still correctly configured. Check both the Fortigate and any switches or routers that might be involved.
4. **Check for IP Conflicts:** Sometimes a device might not get an IP address because of an IP conflict. You can check the DHCP server's logs for any error messages related to this.
5. **Check for Network Issues:** Make sure there are no network issues, like a misconfigured switch or a bad network cable, that might be interfering with DHCP traffic.
6. **Check Device Configuration:** The issue could also be on the IoT device itself. Try resetting it to its default settings and see if that helps.
7. **Check Firewall Rules:** Ensure that there are no firewall rules on the Fortigate that could be blocking DHCP traffic.
8. **DHCP Snooping:** If DHCP Snooping is enabled on the switch, it could potentially cause issues if not correctly configured.
Given that you see a DHCPOFFER but not a DHCPREQUEST or DHCPACK, it seems like the DHCP server is offering an IP address, but the IoT device is not requesting it (or the request is not reaching the server). This suggests that the issue might be on the IoT device itself or somewhere in the network between the device and the DHCP server.
If none of these steps help, it might be necessary to do a packet capture to see exactly what's happening with the DHCP traffic.
Let me know if you need further help with any of these steps.
It seems the iOT device is stuck between the DHCPOFFER and DHCPREQUEST stages on a specific VLAN. This could be due to a configuration mismatch between the client and the VLAN, such as incorrect DHCP options or an unsupported DHCP version. Verify that the DHCP configurations on the specific VLAN match those of the working VLANs. Check the settings on the device and ensure they match the DHCP options expected by the server. Consider using a network packet analyzer to trace the entire process for further troubleshooting.
first of all, I would like to thank you for your comments. I have checked all switches and could not find any problem. This problem is also already present on the core switch, I have also checked this switch. Strangely enough, it is actually only this one type of device as well. All other devices get an IP address in this VLAN from the DHCP server as expected. Again, this type of device in all other VLANs also gets an IP address from the DHCP server. I am currently in contact with the manufacturer of the device.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.