AnsweredHot!DHCP server not working on soft switch interface

Author
kimrdk
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/02/28 00:26:10
  • Location: Denmark
  • Status: offline
2019/10/02 02:12:47 (permalink)
0

DHCP server not working on soft switch interface

Hi

I cannot get DHCP server to work on a software switch, configured like this:
config system switch-interface
    edit "soft_switch"
  set vdom root
        set member "Vlan16" "VxLan-IPsec-DR"
        set intra-switch-policy explicit
    next
end

Computer configured with static IP, then I can ping 172.16.0.1, so the interface and VLAN works.

Why do I not get an DHCP address?

See images


FortiGate 30E v6.0.4 build0231 (GA)

/Kim


Attached Image(s)

#1
kimrdk
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/02/28 00:26:10
  • Location: Denmark
  • Status: offline
Re: DHCP server not working on soft switch interface 2019/10/02 02:18:41 (permalink)
0
DHCP is enabled under the interface:

Attached Image(s)

#2
emnoc
Expert Member
  • Total Posts : 5397
  • Scores: 355
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: DHCP server not working on soft switch interface 2019/10/02 04:14:41 (permalink) ☼ Best Answerby kimrdk 2019/10/02 05:44:50
0
You really need to look at the dhcp server status and ensure it's enabled. I would also see if you diag sniffer packet  on the member or softswitch to look for dhcp info.
 
 
e.g
 
FWFXXXXXXX (switch-interface) # showconfig system switch-interface    e
edit "internal"       
set vdom "root"       
set member "wifi" "lan"   
next    edit "HjSkist.root"       
set vdom "root"       
set member "HjSkist.wifi"   
next
end 
 
 
 diag sniffer packet  HjSkist.root 
 
 
 
Also, I notice you have  "set intra-switch-policy" set to explicit,  I would not do that.
 
Ken Felix
post edited by emnoc - 2019/10/02 04:17:35

PCNSE 
NSE 
StrongSwan  
#3
kimrdk
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/02/28 00:26:10
  • Location: Denmark
  • Status: offline
Re: DHCP server not working on soft switch interface 2019/10/02 05:29:38 (permalink)
0
Nothing is logged with:
diag sniffer packet soft_switch



But
diagnose sniffer packet Vlan16

Gives:

58.853437 arp who-has 169.254.72.173 tell 169.254.72.173
58.868285 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
58.868301 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
58.875325 169.254.72.173.5353 -> 224.0.0.251.5353: udp 39
58.875776 169.254.72.173.5353 -> 224.0.0.251.5353: udp 49
58.897388 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
58.932229 169.254.72.173.137 -> 169.254.255.255.137: udp 68
59.345761 169.254.72.173 -> 224.0.0.22:  ip-proto-2 32
59.463281 0.0.0.0.68 -> 255.255.255.255.67: udp 300
59.693053 169.254.72.173.137 -> 169.254.255.255.137: udp 68
60.493275 169.254.72.173.137 -> 169.254.255.255.137: udp 68
61.263915 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.071418 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.071703 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.835231 169.254.72.173.137 -> 169.254.255.255.137: udp 68
62.835513 169.254.72.173.137 -> 169.254.255.255.137: udp 68
63.609650 169.254.72.173.137 -> 169.254.255.255.137: udp 68
63.609691 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.366325 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.366367 169.254.72.173.137 -> 169.254.255.255.137: udp 68
64.410836 0.0.0.0.68 -> 255.255.255.255.67: udp 300
72.835085 0.0.0.0.68 -> 255.255.255.255.67: udp 300

89.650249 0.0.0.0.68 -> 255.255.255.255.67: udp 300
91.851527 arp who-has 169.254.72.173 tell 0.0.0.0
92.851487 arp who-has 169.254.72.173 tell 0.0.0.0
93.851322 arp who-has 169.254.72.173 tell 0.0.0.0
94.634018 0.0.0.0.68 -> 255.255.255.255.67: udp 300
94.851275 arp who-has 169.254.72.173 tell 169.254.72.173
94.868494 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
94.875555 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
94.880352 169.254.72.173.5353 -> 224.0.0.251.5353: udp 39
94.880709 169.254.72.173.5353 -> 224.0.0.251.5353: udp 49
94.893271 169.254.72.173 -> 224.0.0.22:  ip-proto-2 16
94.929725 169.254.72.173.137 -> 169.254.255.255.137: udp 68
95.351361 169.254.72.173 -> 224.0.0.22:  ip-proto-2 32
95.679633 169.254.72.173.137 -> 169.254.255.255.137: udp 68
96.445210 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.210830 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.982607 169.254.72.173.137 -> 169.254.255.255.137: udp 68
97.982651 169.254.72.173.137 -> 169.254.255.255.137: udp 68
98.741852 169.254.72.173.137 -> 169.254.255.255.137: udp 68
98.741889 169.254.72.173.137 -> 169.254.255.255.137: udp 68
99.507548 169.254.72.173.137 -> 169.254.255.255.137: udp 68
99.507585 169.254.72.173.137 -> 169.254.255.255.137: udp 68
100.272999 169.254.72.173.137 -> 169.254.255.255.137: udp 68
100.273037 169.254.72.173.137 -> 169.254.255.255.137: udp 68
102.508838 0.0.0.0.68 -> 255.255.255.255.67: udp 300

 
#4
kimrdk
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/02/28 00:26:10
  • Location: Denmark
  • Status: offline
Re: DHCP server not working on soft switch interface 2019/10/02 05:37:15 (permalink)
0
Okay, DHCP issue resolved when recreating soft switch without intra-switch-policy explicit.
I had tried to enable traffic with polices, but that did not work.
 
#5
emnoc
Expert Member
  • Total Posts : 5397
  • Scores: 355
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: DHCP server not working on soft switch interface 2019/10/02 08:20:33 (permalink)
0
Okay good, glad work out for you and bet now the diag sniffer packet will display data grams
 
Ken Felix

PCNSE 
NSE 
StrongSwan  
#6
Jump to:
© 2019 APG vNext Commercial Version 5.5