Staff

Technical Tip: How to display MAC address table of a managed FortiSwitch from FortiGate CLI

Forum|Forum|20 days ago
May 18, 2026
0 replies
197 views

Description

This article describes how to display the MAC address list of a managed FortiSwitch from the FortiGate CLI.

Scope

Managed FortiSwitch, FortiGate.

Solution

Topology:

The full MAC address table of a managed FortiSwitch can be displayed with the FortiOS command 'diagnose switch-controller switch-info mac-table <FortiSwitch serial number>':

The output below shows the MAC address table of FortiSwitch in this topology:

# diagnose switch-controller switch-info mac-table S108EPXXXXXXXXXX 
Managed Switch : S108EPXXXXXXXXXX 0
flag bit pattern: 0x00000000
flag bit Mask:    0x00000000
vlan map: 0-4094
port-id map: 0-11
trunk-id map: 0-127
MAC: e0:23:ff:fc:bc:07  VLAN: 3 Trunk: FGT-PRIMARY(trunk-id 0)  # FortiGate virtual MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: e0:23:ff:fc:bc:07  VLAN: 2 Trunk: FGT-PRIMARY(trunk-id 0)  # FortiGate virtual MAC
Flags: 0x000000c1 [ hit trunk dynamic
MAC: e8:1c:ba:96:19:78  VLAN: 3 Port: port2(port-id 2)  # AP MAC 
Flags: 0x00000041 [ hit dynamic ]
MAC: 70:4c:a5:27:b4:5c  VLAN: 4094 Trunk: FGT-PRIMARY(trunk-id 0)  # internal6 physical MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: 70:4c:a5:27:b4:5b  VLAN: 4094 Trunk: FGT-PRIMARY(trunk-id 0)  # internal5 physical MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: 90:6c:ac:1a:a7:b0  VLAN: 2 Port: port4(port-id 4)  # Endpoint MAC  
Flags: 0x00000041 [ hit dynamic ]
MAC: e0:23:ff:fc:bc:07  VLAN: 4094 Trunk: FGT-PRIMARY(trunk-id 0)  # FortiGate virtual MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: e8:1c:ba:a2:f6:92  VLAN: 4094 Trunk: FGT-SECONDARY(trunk-id 1) # FGT-SECONDARY internal6 physical MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: e8:1c:ba:a2:f6:91  VLAN: 4094 Trunk: FGT-SECONDARY(trunk-id 1) # FGT-SECONDARY internal6 physical MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: e8:1c:ba:3a:e1:a6  VLAN: 4094 Port: internal(port-id 11) # FortiSwitch MAC
Flags: 0x00000060 [ static ]
Total Displayed: 10

The MAC address table of an individual VLAN can be displayed with the FortiOS command 'diagnose switch-controller switch-info mac-table <FortiSwitch serial number> <vlan-id>'.

The output below shows the MAC address table of FortiSwitch in vlan id 2:

# diagnose switch-controller switch-info mac-table S108EPXXXXXXXXXX 2
Managed Switch : S108EPXXXXXXXXXX 0
flag bit pattern: 0x00000000
flag bit Mask:    0x00000000
vlan map: 2
port-id map: 0-11
trunk-id map: 0-127
MAC: e0:23:ff:fc:bc:07  VLAN: 2 Trunk: FGT-PRIMARY(trunk-id 0) # FortiGate virtual MAC
Flags: 0x000000c1 [ hit trunk dynamic ]
MAC: 90:6c:ac:1a:a7:b0  VLAN: 2 Port: port4(port-id 4) # Endpoint MAC  
Flags: 0x00000041 [ hit dynamic ]
Total Displayed: 2

Related documents:

Cluster virtual MAC addresses

Technical Tip: How to isolate rogue DHCP on a network

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded