Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
smalatif
New Contributor

Created on ‎04-29-2024 04:40 AM

Users do not get VLANs DHCP IP on VLAN Switch on FortiGate

Hi I need a quick solution:

My users can get DHCP IPs from FortiGate Physical Interface DHCP Servers shown below (both from 172.16.55.1 and 192.168.56.1). However my users did not get IP from VLANs DHCP Server shown here (from 172.16.52.253 and 192.168.135.1).

Users are connected via Juniper EX4100 Switches. 

 

 

fortiGate.png

Firewall policy is allowed.

The same problems happen on the internal VLAN switch and it's VLAN too.

Anyone has any solution please.

Labels:
328
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎04-29-2024 05:15 AM

Hi @smalatif 

Usually that means the clients are not on the same broadcast domain as your firewall interface. That means the issue can be probably somewhere at L2 level, like the misconfiguration in trunk interface, a wrong VLAN id, a wrong VLAN config, etc...

AEK
AEK
309
smalatif
New Contributor
In response to AEK

Created on ‎04-29-2024 06:19 AM

The Juniper switch configuration is just a very straightforward: 

 

show interfaces ge-0/2/3
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 52 all ];
}
}
}

 

291
0 Kudos
vinceneil666-01
New Contributor III
In response to smalatif

Created on ‎04-29-2024 10:30 PM

Thats the config for the port that is connected to the Fortigate, right ? .. Can you also show the config of the port you have connected your client. ? 

---
---
230
0 Kudos
ebilcari
Staff
Staff
In response to smalatif

Created on ‎05-01-2024 12:51 AM

When a new interface type VLAN is created in FGT tied to a physical interface it means that the VLAN interface (Event and Test in your example) will receive the traffic that is tagged with that VLAN header only. The interface itself (that is currently working in your setup) will receive only untagged traffic. Make sure that the VLAN ID is allowed as tagged on the switchport that connects with FGT and configured as access on the port where the end host is connected.

vlan interface.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
172
0 Kudos
alwis
Staff
Staff

Created on ‎04-29-2024 05:50 PM

Hi @smalatif 

 

Are your user port has been configure with correct vlan id? 

 

Alwis

250
hbac
Staff
Staff

Created on ‎04-30-2024 07:09 AM

Hi @smalatif,

 

FortiGate will lease out DHCP IPs according to the VLAN ID of DHCP requests. Please check on EX4100 Switches and make sure the ports are configured with correct VLAN IDs. You can also run DHCP debug and you will see which interface the request is coming from: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Diagnosing-DHCP-on-a-FortiGate/ta-p/192960

 

Regards,

213
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.