Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersFortigate/FortiAP - Specific Client Not Receiving DHCP from single SIDD
Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


#310806 23-Nov-2023 14:43
Send private message

Weird situation...

 

We have a Fortigate with a FortiAP for WiFi. DHCP relay to a DHCP server on a different subnet. One specific Windows device is not obtaining a DHCP address when connecting to one of the SSIDs being broadcast. If it connects to any other SIIDs being broadcast from the same AP it obtains an IP without issue. There are plenty of available addresses (and have tried with and without a reservation). If I manually assign a static IP the device has full connectivity.

 

On the client I've forgotten the network and rebooted, made no difference. Have also reset networking on client, no difference.

 

Has anyone come across this issue before?

Create new topic
networkn
Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified
Trusted
Lifetime subscriber

  #3162833 23-Nov-2023 14:44
Send private message

DHCP pool full?

 

 



tatbaird
142 posts

Master Geek
+1 received by user: 8


  #3162883 23-Nov-2023 15:01
Send private message

Can you look at some logs? Try this:

 

diag debug application dhcprelay -1
diag debug enable

 

Try and connect with the device, see if anything is reaching the FGT.

 

Don't forget to diag deb disable and diag deb reset

 

 




Well let me just quote the late-great Colonel Sanders, who said "Im too drunk to taste this chicken." -Ricky Bobby

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3162889 23-Nov-2023 15:25
Send private message

What FortiAP / FortiOS version is both the Fortigate and FortiAP running? There was a bug that was fixed in some recent firmware that did that. Since upgrading I’ve never had it happen again. 




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


  #3162895 23-Nov-2023 15:59
Send private message

michaelmurfy:

 

What FortiAP / FortiOS version is both the Fortigate and FortiAP running? There was a bug that was fixed in some recent firmware that did that. Since upgrading I’ve never had it happen again. 

 

 

  • FortiAP was on 7.0.6. Upgraded today to 7.0.7 (latest 7.0.x release) and problem persisted.
  • Fortigate is 7.0.12. Planning to upgrade all sites to 7.0.13 (latest 7.0.x release) tonight.

We are intentionally not moving to 7.2.x or 7.4.x as our branch sites connect to a hosted VDOM which is running 7.0.x and we want to keep them all consistent for ease of management.

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


  #3162920 23-Nov-2023 16:40
Send private message

tatbaird:

 

Can you look at some logs? Try this:

 

diag debug application dhcprelay -1
diag debug enable

 

Try and connect with the device, see if anything is reaching the FGT.

 

Don't forget to diag deb disable and diag deb reset

 

 

Easiest way to test this was to connect client to LAN via ethernet to see what a successful DHCP address issuance looks like, then attempt to connect same client to WLAN to see what happens when it fails. Again, note that no other clients are failing to receive DHCP addresses when connecting to the WLAN.

 

  • Client LAN = 192.168.2.0/24
  • Client WLAN = 192.168.3.0/24
  • Server LAN = 192.168.1.0/24
  • DHCP server = 192.168.1.2

 

 

When an address is successfully issued to client via ethernet when connected to LAN:

 

(xid:8897af5c) received request message from 0.0.0.0:68 to 255.255.255.255 at client_lan_interface
(xid:8897af5c) got a DHCPREQUEST
(xid:8897af5c) Warning! can't get server id from client message
Insert option(82), len(10)
found route to 192.168.1.2 via 192.168.4.254 iif=34 oif=37/server_lan_interface, mode=auto, ifname=
(xid:8897af5c) forwarding dhcp request from 192.168.2.254:67 to 192.168.1.2:67
(xid:8897af5c) received request message from 192.168.1.2:67 to 192.168.2.254 at server_lan_interface
(xid:8897af5c) got a DHCPACK
(xid:8897af5c) from server 192.168.1.2
(xid:8897af5c) sending dhcp reply from 192.168.2.254:67 to 255.255.255.255:68

 

 

 

When trying from this client when connecting to WLAN:

 

(xid:1a6fcd19) received request message from 0.0.0.0:68 to 255.255.255.255 at client_wlan_interface
(xid:1a6fcd19) got a DHCPDISCOVER
(xid:1a6fcd19) Warning! can't get server id from client message
Insert option(82), len(17)
found route to 192.168.1.2 via 192.168.4.254 iif=25 oif=37/server_lan_interface, mode=auto, ifname=
(xid:1a6fcd19) forwarding dhcp request from 192.168.3.254:67 to 192.168.1.2:67
(xid:1a6fcd19) received request message from 0.0.0.0:68 to 255.255.255.255 at client_wlan_interface
(xid:1a6fcd19) got a DHCPDISCOVER
(xid:1a6fcd19) Warning! can't get server id from client message
Insert option(82), len(17)
found route to 192.168.1.2 via 192.168.4.254 iif=25 oif=37/server_lan_interface, mode=auto, ifname=
(xid:1a6fcd19) forwarding dhcp request from 192.168.3.254:67 to 192.168.1.2:67
(xid:1a6fcd19) received request message from 0.0.0.0:68 to 255.255.255.255 at client_wlan_interface
(xid:1a6fcd19) got a DHCPDISCOVER
(xid:1a6fcd19) Warning! can't get server id from client message
Insert option(82), len(17)
found route to 192.168.1.2 via 192.168.4.254 iif=25 oif=37/server_lan_interface, mode=auto, ifname=
(xid:1a6fcd19) forwarding dhcp request from 192.168.3.254:67 to 192.168.1.2:67

 

 

 

What's got me even more confused looking at this is it appears to be routing via 192.168.4.254, which is the Fortigate address of another interface used exclusively for SIP traffic which should have nothing to do with it. But it's doing this even when an address is successfully issued, so probably not related?

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


  #3163120 24-Nov-2023 09:10
Send private message

Updated firmware to 7.0.13 and rebooted, no change.

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


  #3163129 24-Nov-2023 09:39
Send private message

This morning I changed it from a DHCP relay to a DHCP server and it successfully issued the impacted client device an address. I then changed it back to a DHCP relay, and the relay started working again for this client device. Doesn't make any sense, but it fixed the immediate problem.

 

If it happens again I'll try just disabling and re-enabling the relay (I'll skip converting it to a DHCP server in between) and see if it has the same effect.

 

Very strange.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright