Skip to main content
SecurityPlus
SecurityPlus
Explorer III
February 18, 2021
Solved

How To Determine What Port Of Hardware Switch A Computer Is Connected To

  • February 18, 2021
  • 2 replies
  • 17856 views

Running a FortiWiFi 60D with FortiOS 6.0.9 located at a remote data center. We have the firewall Hardware Switch with ports 1 through 7 as members. One dual NIC server plus 4 PC's are connected to the ports 1 through 6. One PC, PC-Red, needs to be put on its own subnet. To do this I assume that we need to take its Internal Port out of the Hardware Switch, and assign it's port to a subnet, different from the subnet used by the Hardware Switch. We know the IP address, MAC address, and hostname. Is there a way to determine which port PC-Red is connected to so that we only remove PC-Red and not the server or other PC's from the Hardware Switch?

    Best answer by Yurisk

    @sw2090: This is for Fortiswitch only, not for Fortigate.

     

    @SecurityPlus: Actually, I think you can trace it by:

    [ol]
  • Run get hardware nic port1,port2,portN... on Fortigate to know MAC address of each physical Fortigate port, then
  • Look on CLI of your server (Red-PC) at the learned MAC table - ip neigh (Linux) / arp -a (Windows) and try to match with the Fortigate's one. I didn't verify though, so update us if does not help, for sure there are more ways to try to do it.[/ol] 

    • 2 replies

    flamengo
    flamengo
    Visitor III
    March 14, 2021

    Maybe this command can help you.

     

    get sys arp

    SecurityPlus
    SecurityPlusAuthor
    Explorer III
    March 14, 2021
    Thanks! I will give this a try.
    Yurisk
    SuperUser
    Yurisk
    SuperUser
    March 14, 2021

    get sys arp will show Layer 3 interfaces and hosts mapping, so all the physical ports inside the same Fortigate switch group will show as "LAN" or whatever logical name you have given  to your networks, and it will NOT show individual ports mappings like MAC of PC-REd is on port3,4,5 etc

     

    sw2090
    SuperUser
    sw2090
    SuperUser
    March 15, 2021

    Did you already try this?:

     

    diag switch mac-address list
    diag switch mac-address list | grep -i mac
    Yurisk
    SuperUser
    YuriskAnswer
    SuperUser
    March 15, 2021

    @sw2090: This is for Fortiswitch only, not for Fortigate.

     

    @SecurityPlus: Actually, I think you can trace it by:

    [ol]
  • Run get hardware nic port1,port2,portN... on Fortigate to know MAC address of each physical Fortigate port, then
  • Look on CLI of your server (Red-PC) at the learned MAC table - ip neigh (Linux) / arp -a (Windows) and try to match with the Fortigate's one. I didn't verify though, so update us if does not help, for sure there are more ways to try to do it.[/ol] 
    • SecurityPlus
    SecurityPlusAuthor
    Explorer III
    March 18, 2021
    sw2090: in this case there is no FortiSwitch involved. Good to know for future use though.

    Yurisk: will need to look into this a bit. Not enough time to do this now.. Thanks.
    Terms & ConditionsAccessibility statement