This document describes steps to troubleshoot if the clients are not getting IP address from bridged ssid.
Check if DHCP is enabled on the vlan interface that is configured as the bridge ssid.
If yes, Run the following sniffer command:
# diag sniffer packet <interfacename> 'port 67 or port 68' 4 0 l </interfacename>
In the above screen shot ‘Test1’ is the vlan interface name.
If there is no traffic seen, that means FortiGate is not receiving any discover packet from client.
If there is any switch in between, check if DHCP snooping is enabled on the switch.
If the switch is a FortiSwitch, try to add FortiGate interface as the trusted interfaces.
# config switch-controller managed-switch
edit <fortiswitch_serial_number> </fortiswitch_serial_number>
config ports
edit <port_name>
</port_name>
set dhcp-snooping {trusted | untrusted}
next
end
next
end