|
In a situation where a FortiGate is operating in transparent mode, and there is a need to verify or adjust the timer of the MAC address table aging, as well as the name MAC address table TTL.
When the FortiGate is operating in transparent mode, the MAC addresses dynamically learned are stored in a MAC address table. The MAC address aging feature provides a mechanism to remove the dynamic MAC addresses that remain inactive for a specified amount of time.
By default, each learned MAC address is aged out after 300 seconds. After this amount of time, the inactive MAC address is removed from the table.
View configured parameter (at VDOM level if VDOM is enabled):
# get system settings | grep -i "opmode\|ttl"
opmode : transparent
mac-ttl : 300
The FortiGate (or VDOM) is well in transparent mode, and the MAC address table aging value is 300 seconds (default value).
Here is the information to change the MAC address table aging parameter.
Command Syntax (at VDOM level if VDOM is enabled):
config system settings
set mac-ttl 600
end
This example sets the MAC address aging time to 600 seconds (10 minutes). The valid range is 300–8640000 seconds.
The parameter 'set mac-ttl' on FortiGate defines how long a learned MAC address remains in FortiGate’s internal forwarding table before being aged out (removed), when no traffic is seen for that address.
When a MAC address is learned from a source device, FortiGate retains it in its bridging table (MAC address table). If no packets from that MAC address are observed during the value of max-ttl, the entry is aged out(removed).
This prevents stale forwarding information and ensures the FortiGate maintains efficient and accurate Layer 2 forwarding.
This setting is relevant in transparent mode only, where the FortiGate acts as a Layer 2 bridge, forwarding frames based on MAC addresses rather than IP routing.
Related articles:
Technical Tip: ARP and MAC addresses on FortiGate
Technical Tip: How to check MAC-address table in Transparent mode
|
