Physical mac addr is not found for "management-ip in physical mgmt interface"

Forum|Forum|5 years ago
February 11, 2021
1 reply
6336 views

Hi, Guys,

I am using Fortigate 600E HA-pair with FortiOS v6.44.

Based on the following articles, I set up the management-IP:

1. Fortigate Management Interface in HA Mode – UNIX fu

2. FortiGate HA Cluster Management IP - In Band Method v6 - (fullradius.com)

I can find the HA virtual mac add of the mgmt-IP interface (10.101.1.38 ), but can not find the physical mac addr of primary/secondary Fortigate device (10.101.2.37 ?); so that:

1. I can Pingtest to the mgmt IP (10.101.1.38), and management-IP (10.101.2.37) inside the Fortigate device

2. I can not pingtest to management-IP (10101.2.37) from outside ( out of the fortigate device, even within same subnet )

Noted: I can pingtest to outside world (WAN and LAN ) within the fortigate device

======my configuration==============

Mgmt interface configuration in primary Forti600e01 (CLI mode :(

Forti600E_01 # sh sys int mgmt config system interface edit "mgmt" set vdom "root" set management-ip 10.101.2.37 255.255.255.0 set allowaccess ping https ssh snmp set type physical set device-identification enable set lldp-reception disable set lldp-transmission disable set role lan set snmp-index 2 next end

Forti600E_01 # show sys int "HA_mgmt_Port" config system interface edit "HA_mgmt_Port" set vdom "root" set ip 10.101.1.38 255.255.255.0 set allowaccess ping https ssh snmp set role lan set snmp-index 27 set interface "mgmt" set vlanid 11 next end

Forti600E_01 # sh sys ha config system ha set group-id 1 set group-name "HA" set mode a-a set password 0000 set hbdev "ha" 299 "port1" 100 set override disable set priority 150 end

==========

Please advice.

Toshi_Esumi

SuperUser

This is our 1000D's mgmt1 (mutil-vdom env so under global) in HA. You're probably looking for the "Current_HWaddr".

xxx-fg1 (global) # diag hard device nic mgmt1 Driver_Name e1000e Driver_Version 3.2.4.2-NAPI MAC_Type 3 IRQ 17 System_Device_Name mgmt1 Current_HWaddr e8:1c:ba:6d:e5:9a Permanent_HWaddr e8:1c:ba:6d:e5:9a ---<snip>---

emnoc

New Member

To add, I would do a diag sniffer packet mgmt "arp or icmp" and see what reports when you do your testing.

Ken Felix

sekar_karthi

New Member

FGT (global) # diag hardware deviceinfo nic mgmt Description Intel(R) Gigabit Ethernet Network Driver Driver_Name igb Driver_Version 5.0.6 PCI_Vendor 8086 PCI_Device_ID 1533 PCI_Subsystem_Vendor ffff PCI_Revision_ID 0003 PCI_Bus 22 PCI_Slot 0 MAC_Type 6 PCI_Bus_Type PCI-E PCI_Bus_Speed 2.5Gb/s PCI_Bus_Width Width x1 IRQ 18 System_Device_Name mgmt Current_HWaddr e8:1c:ba:de:b2:aa Permanent_HWaddr e8:1c:ba:de:b2:aa Link up Speed 1000 Duplex full FlowControl current:0/requested:3 Interrupt mode MSI-X Rx queue(s) 1 Tx queue(s) 1

FGT (global) # fnsysctl ifconfig mgmt mgmt Link encap:Ethernet HWaddr E8:1C:BA:DE:B2:AA UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:10158137 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:5000 RX bytes:1557083299 (1.4 GB) TX bytes:90 (90 Bytes)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded