FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Pedro_FTNT
Staff
Staff
Article Id 281960
Description This article describes some details about MAC behavior when 'VLAN Switch/hard-switch' is configured.
Scope FortiGate.
Solution
  • Topology:

 

140.png

 

 

  • 'Device_1' is directly connected to the FortiGate interface: 'port16'.
  • 'VLAN Switch / hard-switch' configuration:

 

141.png

 

 

  • Interface 'lan' configuration:

 

142.png

 

 

  • Virtual MAC Address to interface 'lan':

 

 

143.png

 

145.png

 

  • MAC Address to interface 'port16':

 

144.png

 

 

  • MAC Address to 'Device_1':  'e8:1c:ba:a7:e9:fd'.

When 'VLAN Switch / hard-switch' is configured in FortiGate.

  • FortiGate learns 'Device_1' MAC Address by 'lan' interface:

 

146.png

 

  • Due to interface 'lan' having 'device-identification' enabled its possible to filter by 'Device_1' MAC Address:

 

147.png

 

  • Event 'Device_1' is connected directly to interface 'port16' all traffic statistics will be displayed on interface 'lan'.
  • MAC Address Negotiation will be between the 'Device_1' MAC Address Physical interface and the Virtual MAC Address 'lan' interface.

148.png

 

Related articles:

Setup comparison between FortiGate Hardware switch, Software switch, VLAN switch

Technical Tip: Hardware switch, Software switch, VLAN switch - Use cases, compiled details

Technical Tip : What is and how to enable VLAN Switch on FortiGate

Contributors