Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff

Created on ‎06-14-2023 06:24 AM Edited on ‎06-14-2023 06:49 AM By Moderator

Article Id 260334

Troubleshooting Tip: DHCP debug message 'There is no requesting IP in subnet!'

Description This article describes the background of DHCP message exchange and explains the root cause of the DHCP debug message 'There is no requesting IP in subnet!'
Scope FortiGate.
Solution

While debugging the DHCP service running in the firewall, it is necessary to run the 'dhcps' debug commands.

 

dia de reset
dia de console timestamp enable
dia de app dhcps -1
dia de enable

 

Upon running the debug, the dhcp daemon debug output can be seen when FortiGate receives any DORA Discover, Offer, Request, Acknowledgement) message exchanges between FortiGate and the client. The debug also shows if there are any errors during the DORA process.

 

The following output can be seen when ortiGate receives a DHCPDISCOVER message:

 

2023-06-14 05:00:08 [note]DHCPDISCOVER from 00:50:79:66:68:09 via port2(ethernet)
2023-06-14 05:00:08 [debug]There is no requesting IP in subnet!
2023-06-14 05:00:09 [debug]locate_network prhtype(1) pihtype(1)
2023-06-14 05:00:09 [debug]find_lease(): leaving function WITHOUT a lease

 

This debug output is observed when all IP addresses in a DHCP IP range are assigned and there is no IP address available to assign to a new client.

Note: Each reserved-address is considered as a leased IP.

 

In these conditions, FortiGate will not send the offer message and will ignore the DHCPDISCOVER message.

 

To resolve this situation, increase the ip-range limit based on the total DHCP clients in the network.


Minimize the lease time to help in clearing leased IP entries in fortigate if the DHCP client system is in sleep mode, shut down, or is otherwise not active in the network.

 

Example:

 

DHCP config:

 

config system dhcp server

edit 2

set dns-service default

set default-gateway 10.0.0.1

set netmask 255.255.255.248

set interface "port2"

config ip-range <-- FortiGate can provide IPs to 5 clients.

edit 1

set start-ip 10.0.0.2

set end-ip 10.0.0.6

next

end

config reserved-address <-- 4 are reserved.

edit 1

set ip 10.0.0.2

set mac 74:78:27:9d:48:bf

next

edit 2

set ip 10.0.0.3

set mac 74:78:27:9d:48:a1

next

edit 3

set ip 10.0.0.4

set mac 74:11:27:9d:48:bf

next

edit 4

set ip 10.0.0.5

set mac 00:78:27:9d:48:bf

next

end

next

end

 

At this point, FortiGate can assign an IP address to a single client.

 

exe dhcp lease-list
port2
IP MAC-Address Hostname VCI SSID AP SERVER-ID Expiry
10.0.0.6 50:ff:f3:00:07:00 UNL MSFT 5.0 2 Wed Jun 21 04:57:58 2023

 

The DHCPDISCOVER request comes from 00:50:79:66:68:09 and FortiGate is out of IP addresses. DHCP debug will show the output 'There is no requesting IP in subnet!'

 

2023-06-14 05:00:08 [note]DHCPDISCOVER from 00:50:79:66:68:09 via port2(ethernet)
2023-06-14 05:00:08 [debug]There is no requesting IP in subnet!
2023-06-14 05:00:09 [debug]locate_network prhtype(1) pihtype(1)
2023-06-14 05:00:09 [debug]find_lease(): leaving function WITHOUT a lease
2215
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.