Catalyst 2960s Assign Wrong Vlan IP

shagrath01 · ‎08-03-2017

Hello folks.

In our company we had an ASA 5510 that we replaced with a FortiGate 200E using two Catalyst 2960 switches in the battery.

Since we made that replacement (ASA to Forti) the switch assigns IP addresses in the range 192.168.1.0/24 when it should assign IPs in the 192.168.3.0/24 range. Catalyst are the ones that do the work of DHCP, not the fortigate.

This happens the first time a device connects but if it disconnects and reconnects about 4 times, it is assigned a correct IP in the range 192.168.3.0/24 but this is quite annoying since users have complained a lot about this inconvenient.

Thanks for your help.

Best regards.

Julio E. Moisa · ‎08-03-2017

Hi

Is possible to know the configuration of the Catalyst?

Thank you

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

shagrath01 · ‎08-03-2017

Of course.

Here it is.

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$gGdL$8a4JVBMp6np4NIPAmuw8b.
!
username cen privilege 15 secret 5 $1$AUXD$J8fLT4hf8vQBDP4AdxN8/0
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ts-l
switch 2 provision ws-c2960s-24ts-l
ip dhcp excluded-address 192.168.2.250 192.168.2.254
ip dhcp excluded-address 192.168.3.250 192.168.3.254
ip dhcp excluded-address 192.168.4.250 192.168.4.254
ip dhcp excluded-address 192.168.5.250 192.168.5.254
ip dhcp excluded-address 192.168.6.250 192.168.6.254
ip dhcp excluded-address 192.168.7.250 192.168.7.254
ip dhcp excluded-address 192.168.1.120
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.234
ip dhcp excluded-address 192.168.1.140
!
ip dhcp pool vlan3
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
   lease 30
!
ip dhcp pool vlan4
   network 192.168.3.0 255.255.255.0
   domain-name GRUPOKABAT
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
   lease 30
   class CLASS1
      address range 192.168.3.161 192.168.3.239
!
ip dhcp pool vlan5
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
   lease 30
!
ip dhcp pool vlan6
   network 192.168.5.0 255.255.255.0
   dns-server 192.168.1.100 200.57.64.67
   default-router 192.168.5.254
   lease 30
!
ip dhcp pool vlan7
   network 192.168.6.0 255.255.255.0
   dns-server 200.57.64.67 200.57.64.66
   default-router 192.168.6.254
   lease 30
!
ip dhcp pool vlan8
   network 192.168.7.0 255.255.255.0
   dns-server 200.57.64.66 200.57.64.67
   default-router 192.168.7.254
   lease 30
!
ip dhcp pool C3-1
   host 192.168.2.1 255.255.255.0
   client-identifier 016c.3be5.2488.a9
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-2
   host 192.168.2.2 255.255.255.0
   client-identifier 0120.cf30.cab3.ed
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-3
   host 192.168.2.3 255.255.255.0
   client-identifier 0120.cf30.cab2.ca
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-4
   host 192.168.2.4 255.255.255.0
   client-identifier 0120.cf30.cab3.d7
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-5
   host 192.168.2.5 255.255.255.0
   client-identifier 0100.2522.e251.57
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-6
   host 192.168.2.6 255.255.255.0
   client-identifier 0100.2522.e252.ac
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-7
   host 192.168.2.7 255.255.255.0
   client-identifier 0190.2b34.c2c8.b2
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-8
   host 192.168.2.8 255.255.255.0
   client-identifier 0100.269e.48c2.82
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool Manuel
   host 192.168.2.210 255.255.255.0
   client-identifier 016c.3be5.268e.fa
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Gustavo
   host 192.168.3.212 255.255.255.0
   client-identifier 0154.e6fc.8fa7.46
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.66 200.57.64.67
!
ip dhcp pool Niv
   host 192.168.3.215 255.255.255.0
   client-identifier 015c.ac4c.1cf6.a8
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Gadi
   host 192.168.3.216 255.255.255.0
   client-identifier 0188.ae1d.61b6.f6
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Ruben
   host 192.168.3.217 255.255.255.0
   client-identifier 0188.9ffa.5fc8.70
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Paris
   host 192.168.3.218 255.255.255.0
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Gadi_Et
   host 192.168.3.220 255.255.255.0
   client-identifier 0178.e400.fc00.5c
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Emanuel
   host 192.168.3.219 255.255.255.0
   client-identifier 0100.1f3c.8555.5f
   default-router 192.168.3.254
   dns-server 200.57.64.66
!
ip dhcp pool Fernando
   host 192.168.3.221 255.255.255.0
!
ip dhcp pool ManulChan
   host 192.168.2.10 255.255.255.0
   client-identifier 0190.fba6.29a8.ab
   default-router 192.168.2.254
   dns-server 200.57.64.66
!
ip dhcp pool Linda
   host 192.168.3.12 255.255.255.0
   client-identifier 0154.e6fc.8eee.43
   default-router 192.168.3.254
   dns-server 200.57.64.66 200.57.64.67
!
ip dhcp pool Arnabal
   host 192.168.3.79 255.255.255.0
   client-identifier 0190.fba6.2b24.36
   default-router 192.168.3.254
   dns-server 192.168.3.100 4.2.2.2
!
ip dhcp pool Ivonne
   host 192.168.3.246 255.255.255.0
   client-identifier 0154.e6fc.8da7.5e
   default-router 192.168.3.254
   dns-server 200.57.64.66 200.57.64.67
!
ip dhcp pool Rita
   host 192.168.3.19 255.255.255.0
   client-identifier 0100.1921.110c.23
   default-router 192.168.3.254
   dns-server 192.168.3.100 4.2.2.2
!
ip dhcp pool Ricardo
   client-identifier 0154.e6fc.8f0c.db
   default-router 192.168.3.254
   dns-server 192.168.3.100 4.2.2.2
!
ip dhcp pool Vicenta
   client-identifier 016c.f049.a121.db
   default-router 192.168.3.254
   dns-server 192.168.3.100 4.2.2.2
!
ip dhcp pool Orion
   host 192.168.3.39 255.255.255.0
   client-identifier 010c.eee6.a54c.16
   default-router 192.168.3.254
   dns-server 200.57.64.66 200.57.64.67
!
ip dhcp pool JuanARam
   host 192.168.3.4 255.255.255.0
   client-identifier 0178.acc0.b5a2.b9
   default-router 192.168.3.254
   dns-server 192.168.3.100 4.2.2.2
!
ip dhcp pool Nancy
   host 192.168.3.247 255.255.255.0
   client-identifier 0154.e6fc.8eea.87
   default-router 192.168.3.254
   dns-server 192.168.3.100 4.2.2.2
!
ip dhcp pool Laura
   host 192.168.3.211 255.255.255.0
   client-identifier 0190.2b34.6a9e.ee
   default-router 192.168.3.254
   dns-server 200.57.64.66 200.57.64.67
!
ip dhcp pool RicardoH
   host 192.168.3.9 255.255.255.0
   client-identifier 01f8.d111.1012.da
   default-router 192.168.3.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-9
   host 192.168.2.9 255.255.255.0
   client-identifier 0120.cf30.caab.bb
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool C3-10
   client-identifier 0178.acc0.b3ac.f9
   default-router 192.168.2.254
   dns-server 192.168.1.100
!
ip dhcp pool Salvador
   host 192.168.3.222 255.255.255.0
   client-identifier 0154.e6fc.909e.49
   default-router 192.168.3.254
   dns-server 192.168.1.100
!
ip dhcp pool vlan2
   dns-server 192.168.1.100 200.57.64.66 200.57.64.67 200.57.64.85 200.57.64.86
!
ip dhcp pool GadPalatchiiPhone
   host 192.168.3.75 255.255.255.0
   client-identifier 01b4.8b19.1466.c6
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool AmiEthSurface
   host 192.168.3.134 255.255.255.0
   client-identifier 01c0.335e.c82c.7d
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool AndresLaptopEthernet
   host 192.168.3.113 255.255.255.0
   client-identifier 0114.58d0.b74a.bf
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool AmiiPad
   host 192.168.3.140 255.255.255.0
   client-identifier 019c.04eb.dc36.93
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool AdrianaAlmazanLaptopWiFi
   host 192.168.3.131 255.255.255.0
   client-identifier 01f8.1654.0fda.f2
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool ChavaSamsung5Mini
   host 192.168.3.116 255.255.255.0
   client-identifier 0164.b853.7303.ad
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool AmiiPhone
   host 192.168.3.139 255.255.255.0
   client-identifier 0150.7a55.c09d.d7
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool AdrianaAlmazanAndroid
   host 192.168.3.141 255.255.255.0
   client-identifier 01ec.1f72.60b9.3f
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool DanielMartinezMac
   host 192.168.3.51 255.255.255.0
   client-identifier 01b8.8d12.10da.d4
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool GadPalatchiLaptop
   host 192.168.3.73 255.255.255.0
   client-identifier 01a4.1731.5d3e.dd
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool LauraLozadaiPhone
   host 192.168.3.138 255.255.255.0
   client-identifier 0148.3b38.9e37.2c
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool NivSurface
!
ip dhcp pool MaikelNievesiPhone
   host 192.168.3.76 255.255.255.0
   client-identifier 0170.81eb.5ae4.2c
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
ip dhcp pool NivLaptopWiFi
   host 192.168.3.142 255.255.255.0
   client-identifier 01bc.8385.136c.e4
   default-router 192.168.3.254
   dns-server 192.168.1.100 200.57.64.85 200.57.64.86 189.204.33.66 189.204.33.67
!
!
ip dhcp class CLASS1
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-2760129792
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2760129792
revocation-check none
rsakeypair TP-self-signed-2760129792
!
!
crypto pki certificate chain TP-self-signed-2760129792
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373630 31323937 3932301E 170D3933 30333031 30303033
34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37363031
32393739 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C1A7 268ACF82 713CBD13 F0B5FE75 A6C5D808 6C18862E A8C5800F E4945C9F
03545820 C1C4A7CA 80CFB611 95F6165D E483B169 69F26EB4 C201A3D6 769EBE2E
842EEBAE CB814636 BC25CACA 204D4BF6 F5C54F84 FEB7AECA CE3DE71A 45C0FCD9
EEBA5510 B65DAA8E C2DCC502 0687908C 705A332D 184ECC5A ECC79D87 F3B9555A
B0DB0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 14902129
08433C64 92CB41A8 073D9C24 50549894 C9301D06 03551D0E 04160414 90212908
433C6492 CB41A807 3D9C2450 549894C9 300D0609 2A864886 F70D0101 04050003
81810076 3DBE4911 651AA99B 0CFB47B2 049B008B 4DC9FF59 3EC526BC 04BB51BB
C1CFC39D FB9D95C7 399A5369 432CFCEF 78415FA0 3BDB9809 77ED7AF7 7ADAE996
85CFA3A6 3C6D358F 500BA9D9 2CAD3273 A5DCA53B B9FC8694 37514E78 6738E526
DD6435E6 07EDFF19 CC739F44 9428283F 27E1F662 E8E82F64 B8018187 679DD4C9 66224F
quit
spanning-tree mode pvst
spanning-tree extend system-id
auto qos srnd4
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
description "Adriana Gallegos"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/2
description "RUBÉN RODRÍGUEZ"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/3
description "VLAN 3"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/4
description "SERV 123"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/5
description "VLAN 3"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/6
description "VLAN 3"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/7
description "HACIA ASA ANTI-X"
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/8
description "maquina de JCH"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/9
description "AP LOBBY"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/10
description "COBRANZA"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/11
description "RELOJ CHECADOR"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/12
description "SERV 234"
switchport access vlan 2
!
interface GigabitEthernet1/0/13
description "SISTEMAS"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/14
description "SERV 120 TRUNK"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/15
description "SERVER ETTS"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/16
description "VLAN 4"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/17
switchport trunk native vlan 5
switchport mode trunk
!
interface GigabitEthernet1/0/18
description "SERV 55"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/19
description "VLAN 2"
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/20
description "COPIADORA"
switchport trunk native vlan 4
switchport mode trunk
!
interface GigabitEthernet1/0/21
description "AP PISO 1"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/22
description "CONMUTADOR"
switchport trunk native vlan 4
switchport mode trunk
!
interface GigabitEthernet1/0/23
description "FILE SERVER"
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet1/0/24
description "ASA INSIDE TRUNK"
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/25
description "GBIC"
switchport access vlan 5
switchport mode trunk
!
interface GigabitEthernet1/0/26
description "GBIC"
!
interface GigabitEthernet1/0/27
description "GBIC"
!
interface GigabitEthernet1/0/28
description "GBIC"
!
interface GigabitEthernet2/0/1
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/2
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/3
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/4
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/5
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/6
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/7
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/8
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/9
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/10
description "C3"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/11
description "SALA DE JUNTAS"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet2/0/12
description "ANDRES"
switchport trunk native vlan 4
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet2/0/13
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet2/0/14
switchport access vlan 5
switchport trunk allowed vlan 1-10
switchport mode trunk
!
interface GigabitEthernet2/0/15
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet2/0/16
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet2/0/21
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet2/0/24
switchport trunk native vlan 4
switchport mode trunk
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan2
ip address 192.168.1.252 255.255.255.0
!
interface Vlan3
ip address 192.168.2.252 255.255.255.0
!
interface Vlan4
ip address 192.168.3.252 255.255.255.0
!
interface Vlan5
ip address 192.168.4.252 255.255.255.0
!
interface Vlan6
ip address 192.168.5.252 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
line vty 0 4
login local
line vty 5 15
login local
!
end

Julio E. Moisa · ‎08-03-2017

Hi

I see the vlan 2 is associated to 192.168.1.0/24 and the DNS for it is on tha vlan, Your config looks fine, I remember the fortinet can be the dhcp relay for the subnets, have you verified that to find a misconfiguration?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

shagrath01 · ‎08-03-2017

Hey Julio, do you speak spanish?

I have no DHCP relay o server configured in the Fortigate, I have no idea what could be wrong.

Julio E. Moisa · ‎08-03-2017

Hola,

Si hablo español. Tu configuración parece no tener ningun problema, si esta un poco extraña la situación.

Intenta agregar el siguiente comando

ip dhcp-server 192.168.3.252

Para ver si eso resuelve el problema.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎08-03-2017

Una consulta, quien es esta IP o donde esta ubicada: 192.168.3.254

ip dhcp pool vlan4
   network 192.168.3.0 255.255.255.0
   domain-name GRUPOKABAT
   default-router 192.168.3.254

El default-router representa la direccion IP de gateway de una red, usualmente esta en un equipo capa 3.

No se si este switch esta como capa 3 pero la SVI 4 tiene la IP 192.168.3.252 si representa el gateway intenta cambiarlo por la 254

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

shagrath01 · ‎08-03-2017

Es la puerta de enace que está configurada en el Fortigate como VLAN.

La dirección 192.168.3.252 es la que tiene configurada el switch y ahí me conecto para su administración.

El switch está configurado en capa 3.

Adjunto una imagen del Forti en donde viene la VLAN.

paul driver · ‎08-03-2017

Hello

Unless I am mistaken - If you clients are getting a 192.168.1.0 allocation then it looks like the fortigate could now be dishing out ip addressing for that vlan as you dont seen to have a dhcp scope for vlan 2, That or have a rouge dhcp server.

That can be easliy negated but first can you verfiry that the Fortigate doesnt have dhcp enabled

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

shagrath01 · ‎08-04-2017

Hey Paul.

As you can see in the attached image, there is no DHCP server or relay enbled.

Georg Pauwen · ‎08-03-2017

Hello

on a side note, and in addition to Julio's comments, on low-end FortiGate units, a DHCP server is configured, by default on the Internal interface. This DHCP server dishes out IP addresses in the range 192.168.1.0/24, which would correspond with what you are seeing.

Go to Network ---> Interfaces

and check if a DHCP server is configured. Check the document below for reference:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Advanced/DHCP%20servers%20and%20relays.htm