How do I find my MAC address table in FortiGate?
|
Description Show Solution In transparent mode, to forward L2 traffic, the FortiGate does actually rely on its L2 forwarding database, which can be dumped with the command '# diag netlink brctl name host root.b' (for the root VDOM), while the ARP table would only be used for it's own IP communications. The ARP/GARP that are sent by the external units will be used to populate the L2 FDB and change appropriately the destination MAC addresses for existing sessions in case of MAC changes. Those commands will dump the L2 forwarding table for each VDOM bridge instance. # Config global Example for the root VDOM. #diag netlink brctl name host root.b Hey guys, Setup is a Fortigate 60E and a Fortiswitch 108E. To save some free ports on the switch I'm using a hardware switch in the Fortigate for my public VLAN. The hardware switch consists of port 6 and 7 where one of the ports are connected to my ISP and the other to a WAN-interface of a server, in addition the hardware switch has an SVI to assign the Fortigate a public IP. What I'd like to do is find out what port the ISP is connected in of the two, if I do get system arp I get: fw01 # get sys arp Address Age(min) Hardware Addr Interface But there seems to be no way of knowing which of the two ports in the hardware switch the MAC-adress 08:96:ad:06:cd:24 belongs to? In addition, AFAIK, there is no way so set a description on individual ports in a hardware switch? Anyone know a solution for this? Running 6.0.4, thanks! Posted by on May 19, 2021 Tracking down MACs from a switch can be very beneficial. You can use the information from the MAC table to track down where a device is plugged into, or if there is some kind of loop in the network. This command is used from the Fortigate to drill down to the Fortiswitch. I do believe it would also work directly from the Fortiswitch. To display the whole MAC table: diagnose switch-controller switch-info mac-table Lets say I need to look for the last 4 of the MAC to find exactly where this device plugs into. diagnose switch-controller switch-info mac-table | grep 3a:fe 00:60:6e:ec:3a:fe port1 1 Now we can see that device is plugged into port 1 of the switch. I have a Fortinet FG-60E firewall running FortiOS v6.0.1. A wireless access point is connected to one of the ports (internal3). There are currently no other clients connected to the wireless access point. Is there a FortiOS command (or commands) that will tell the MAC address of the wireless access point? update 1
The interface is listed as "internal" and not "internal1", "internal2", etc.. The "internal" interface has 7 ports: update 2 The output from The first entry is the device I'm trying to identify via Fortinet CLI. As far as I can tell, there's no way to associate the MAC with a particular port on the firewall. How do I find the ARP table in FortiGate?Technical Tip: How to display the ARP table on a FortiGate unit, configured in NAT mode. Scope: FortiOS firmware versions 4.0 MR3 or 5.0.x.. When VDOMs are not enabled:. When VDOMs are enabled:. FGT # config vdom. FGT (vdom) # edit root. current vf=root:0.. FGT (root) # get system arp.. How do I change the MAC address on a Fortinet firewall?How to set or change the MAC addresses associated with a FortiGate interface. Set the MAC Address on the Interface.. Execute the commands: # config sys int. # edit Restart the routing engine on the FortiGate. FGT# exec router restart.. How do I allow MAC address in FortiGate firewall?0 | Fortinet Documentation Library.. For Category, select Address.. For Type, select MAC Address Range and enter the address range.. Enter the other fields and click OK.. How can I see what devices are connected to FortiGate?In the FortiGate GUI, User & Device > Device List displays a list of devices attached to the FortiSwitch ports. For each device, the table displays the IP address of the device and the interface (FortiSwitch name and port).
|
