Hot!Urgent! DHCP issue-" removed due to conflict"

Author
40User
Silver Member
  • Total Posts : 66
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/02/15 13:20:09
  • Location: Southern California
  • Status: offline
2009/05/26 12:11:41 (permalink)
0

Urgent! DHCP issue-" removed due to conflict"

Please help!
I have used dchp lease-clear command and tried to reset the DHCP server on the FOrtinet but i am getting REMOVED DUE TO CONFLICT" on 90% of the IP addresses on the internal network!!!
I have rebooted everything but nothing works and only a handful of users are able to access the network.

What to do???
#1

9 Replies Related Threads

    40User
    Silver Member
    • Total Posts : 66
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/02/15 13:20:09
    • Location: Southern California
    • Status: offline
    RE: Urgent! DHCP issue-" removed due to conflict" 2009/05/26 14:37:33 (permalink)
    0
    ...running out of options...i have plugged in a diffrent fortinet and set up a new DHCP server (same subnet) still having major issues with IP conflicts...


    help!
    #2
    abelio
    Expert Member
    • Total Posts : 3655
    • Scores: 57
    • Reward points: 0
    • Joined: 2005/03/31 13:28:59
    • Location: Buenos Aires, Argentina
    • Status: offline
    RE: Urgent! DHCP issue-" removed due to conflict" 2009/05/26 15:35:38 (permalink)
    0
    IP conflict only can happen if you' ve more than one dhcp server in the segment or
    there' re NICs cards in the network segment wit pre-assigned IP numbers to same MAC address.

    Did you define some ip-mac binding table in your FTG?

    Could you post the output of cli commands:
    show system dhcp server ??
    and
    show system dhcp reserved-address ??

    regards
    --
    Abel
    #3
    40User
    Silver Member
    • Total Posts : 66
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/02/15 13:20:09
    • Location: Southern California
    • Status: offline
    RE: Urgent! DHCP issue-" removed due to conflict" 2009/05/26 16:03:48 (permalink)
    0



    Fortigate 100 # show system dhcp server

    config system dhcp server

    edit " Internal"

    set default-gateway 10.0.10.11

    set dns-server1 64.XXX.XX.XX

    set dns-server2 64.XXX.XX.XX

    set end-ip 10.0.10.254

    config exclude-range

    edit 1

    set end-ip 10.0.10.77

    set start-ip 10.0.10.76

    next

    edit 2

    set end-ip 10.0.10.102

    set start-ip 10.0.10.100

    next

    edit 3

    set end-ip 10.0.10.124

    set start-ip 10.0.10.123

    next

    edit 4

    set end-ip 10.0.10.202

    set start-ip 10.0.10.201

    next

    end

    --More--



    Dont ask about the odd exclude ranges.....i was given this crazy setup....

    We ere able to get something going by creating another DCHP server with different subnet, let clients connect to that....Requested the old DHCP server and clients conncted to that....

    Only few conflicts....but keeping fingers crossed....Also say this in the DHCP address lease table:

    10.0.10.119 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict
    10.0.10.122 00:1a:73:53:24:f6 Tue May 26 15:08:04 2009 Removed due to conflict
    10.0.10.128 00:1a:73:53:24:f6 Tue May 26 15:08:03 2009 Removed due to conflict
    There were 100+ enties like this with the SAME MAC ADDRESS but different IP?????

    we are checking that also.....Possibly the DHCP server just whacked out?
    < Message edited by 40user -- 5/26/2009 4:05:26 PM >
    #4
    emnoc
    Expert Member
    • Total Posts : 5537
    • Scores: 353
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    RE: Urgent! DHCP issue-" removed due to conflict" 2009/05/26 20:21:17 (permalink)
    0
    00:1a:73:53:24:f6


    Have you tried to isolate the host that conflicting with the dhcp server ?

    mac_addr 00:1a:73:53:24:f6 , falls back to some wireless manufacture. You might want to reverifies it' s configuration or isolate it into another lan segment. You might have a wireless client that' s screwed up and the wireless AP could be be proxying dhcp request for that client.
    < Message edited by emnoc -- 5/26/2009 8:21:23 PM >

    PCNSE 
    NSE 
    StrongSwan  
    #5
    Fabro83
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/21 05:48:20
    • Status: offline
    Re: RE: Urgent! DHCP issue-" removed due to conflict" 2020/02/21 05:50:07 (permalink)
    0
    Hi! I have the same problem! Could you find a solution?
    #6
    yuj_FTNT
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/21 07:53:45
    • Status: offline
    Re: Urgent! DHCP issue-" removed due to conflict" 2020/02/21 08:22:36 (permalink)
    0
    one thing you can do is to check if there is any other DHCP server running on your network.
    first turn off DHCP on the Fortigate.
    you can capture packets from a PC using wireshark and see if there are any DHCP packets coming from another device. (filter with BOOTP protocol on wireshark)
     
    #7
    Dave Hall
    Expert Member
    • Total Posts : 1636
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Urgent! DHCP issue-" removed due to conflict" 2020/02/21 13:53:31 (permalink)
    0
    @Fabricio
     
    If not already already done - enable device detection on the internal interface (e.g. lan) then go into "User & Device->Device Inventory".  (If needed, apply an "online" status filter.)  You should be looking for any "unusual" devices connected to your network (e.g. 3rd party routers, Internet Connection sharing). 
     
    If the fgt is running a DHCP service for your internal devices - go into "Monitor->DHCP Monitor" and check for any errors (or conflicts) - compare the lease IPs against those found in "User & Device->Device Inventory".  
     
    I have only encountered this issue "IP Removed due to conflict...100+ entries like this with the SAME MAC ADDRESS but different IP" 1-2 times before, but never fully narrowed down the actual cause (due to only having remote access) and 3rd party on site non-technical support.  We ended up enabling DHCP snooping on the network switch's switchports.  
     
     
     

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #8
    ede_pfau
    Expert Member
    • Total Posts : 6236
    • Scores: 522
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Urgent! DHCP issue-" removed due to conflict" 2020/02/22 10:49:35 (permalink)
    0
    You could as well use the built-in sniffer to detect DHCP offers on the LAN port:
    diag deb ena
    diag sniffer packet port1 'udp and (port 67 or port 68)' 4
     
    and see if some instance offers a DHCP lease. This would give you a MAC address to chase for.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #9
    romanr
    Platinum Member
    • Total Posts : 923
    • Scores: 34
    • Reward points: 0
    • Joined: 2004/06/08 08:29:56
    • Location: Vienna/Austria
    • Status: offline
    Re: Urgent! DHCP issue-" removed due to conflict" 2020/02/24 01:42:15 (permalink)
    0
    Hi,
     
    this might be caused due to a normal behavior and not from any error!
     
    DHCP will trigger the DHCP Server to check whether adresses are available in the phase of offering.  If you have a utilized DHCP pool and there are new clients requesting IP adresses - and the dhcp server does not know of already given out leases - it will ping an adress first before offering. The stated error message comes after 3 tries - then the dhcp server gives up trying to allocate an address.
     
    You might have to reboot some devices a couple of times and wait for some time to have the DHCP server have full visibility over the pool utilization again.
     
    Br,
    Roman
    #10
    Jump to:
    © 2020 APG vNext Commercial Version 5.5