Skip to main content
laf
laf
New Member
July 22, 2017
Question

show mac address table on Fortigate

  • July 22, 2017
  • 4 replies
  • 227144 views

Hi guys,

 

I have configured a virtual-switch aka hardware-switch and binded 4 interfaces that belong to a VDOM.

 

config system interface edit "SW_Firewall" set vdom "Firewall" set ip 8x.4y.8z.254 255.255.255.0 set allowaccess ping https ssh set type hard-switch set snmp-index 18 set secondary-IP enable config secondaryip edit 1 set ip 10.22.33.1 255.255.255.0 set allowaccess ping next end next end

 

How can I find out learnt MAC addresses aka "show mac address table" on each physical interface?

 

Thanks!

    4 replies

    neonbit
    neonbit
    New Member
    July 23, 2017

    The command is 'get sys arp'. It will show you all learnt arps on the FortiGate with the interface that learnt them.

     

    If you'd like to quickly filter the results by portX then you can pipe a grep after the command (ie: get sys arp | grep portX)

      laf
      lafAuthor
      New Member
      July 23, 2017

      A hardware/virtual switch doesn't care about any ARP entries. I want to know the L2 mac addresses that were/are learnt per switch port.

      saneeshpv_FTNT
      Staff
      saneeshpv_FTNT
      Staff
      July 24, 2017

      Hi,

       

      Hardware Switch will give you an option to bind multiple Hardware Interfaces to form a Single Logical Interface. This Logical Interface is a Layer 3 interface with an IP assigned to it. It doesn't have a CAM/MAC table. You can view the ARP table to see the MAC address of the devices connected to these individual interfaces which are part of the Hardware Switch using command # get system arp.

       

      Hope this will answer your question.

       

      Regards,

      San

        ahwang
        Staff
        ahwang
        Staff
        May 2, 2024

        In TP mode, we can check L2 forwarding table on FGT. 

        The forwarding database (FDB) is populated with the network devices MAC addresses during a MAC learning process, based on the source addresses seen in the Ethernet frames ingressing a FortiGate port.


        FGT # diagnose netlink brctl list  -> List Bridge information
        list bridge information
        1. root.b fdb: size=256 used=6 num=7 depth=2 simple=no
        2. mgmt.b fdb: size=256 used=5 num=4 depth=2 simple=no
        Total 2 bridges
        Here above we can see two bridge instances for 2 VDOMs in Transparent mode: root and mgmt.

         

        This command will dump the L2 forwarding table for each VDOM bridge instance:
        diagnose netlink brctl name host <VDOM_name>.b

         

        Example for the root VDOM:
        FGT# diag netlink brctl name host root.b

        show bridge control interface root.b host.
        fdb: size=256, used=6, num=7, depth=2, simple=no
        Bridge root.b host table
        port no device devname mac addr ttl atributes
        2 7 wan2 02:09:0f:78:69:00 0 Local Static
        5 6 trunk_1 02:09:0f:78:69:01 0 Local Static
        3 8 dmz 02:09:0f:78:69:01 0 Local Static
        4 9 internal 02:09:0f:78:69:02 0 Local Static
        3 8 dmz 00:80:c8:39:87:5a 194
        4 9 internal 02:09:0f:78:67:68 8
        1 3 wan1 00:09:0f:78:69:fe 0 Local Static

          delgrundy
          delgrundy
          New Member
          September 18, 2024

          While the above may work for some, I couldn't get any useful information from it on an 8-port Fortiswitch. The bigger issue for me is that this seems to be treated like a fringe topic rather than a mainstream thing. Checking the mac table in a Cisco switch is a routine thing to do when you have a cause where a connected device that should be pulling dhcp will not. 

            D_H_08
            D_H_08
            Visitor III
            January 13, 2025

            Hope this helps for future searchers:

            diagnose lldprx nei sum

            Terms & ConditionsAccessibility statement