FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 223541



This article describes the ways users can see the connected device Mac address for the Hardware/Software switch.








Let’s consider a FortiGate which has a software switch configured as follows.


config system switch-interface

        edit "LAN"

            set vdom "root"

            set member "port2" "port3" "port4" "port5"




If one wants to know which device is connected to the LAN, run the following command and see the associated device MAC addresses.


get system arp


Address           Age(min)   Hardware Addr      Interface       0       00:41:72:74:1e:01      LAN      ß device connected to LAN       2       00:41:74:6c:11:01       LAN      ß device connected to LAN         0       00:09:0f:09:fe:0f       port1


But this command cannot provide us the granular information like, which device is connected to which member port of Software Switch (LAN).


More details is needed when wanted to track down the device connected to this software switch for any troubleshooting purpose.

To get more details for the mac address connected to which member port of Software switch, run the following command.


diagnose netlink brctl name host <LAN> ß- name of the software switch


show bridge control interface LAN host.

fdb: hash size=32768, used=6, num=6, depth=1, gc_time=4, ageing_time=3, simple=switch

Bridge LAN host table

port  no     device  devname mac addr      ttl     attributes

  1     4       port2   00:41:72:74:1e:01           30      Hit(30)

  2     5       port3   00:41:74:6c:11:01            7        Hit(7)


Where users can see 00:41:72:74:1e:01 ( is connected to port2 of the Software Switch , and 00:41:74:6c:11:01( is connected to port3.



If a virtual switch is used in the software switch, it is not possible to track ports grouped by the virtual switch, instead, it is only possible to see the virtual switch interface in the mapping. 

Related article:

Technical Tip: How to display the ARP table on a FortiGate unit, configured in NAT mode