Description
This article describes the ways users can see the connected device Mac address for the Hardware/Software switch.
Scope
FortiGate.
Solution
Let’s consider a FortiGate which has a software switch configured as follows.
config system switch-interface
edit "LAN"
set vdom "root"
set member "port2" "port3" "port4" "port5"
next
end
If one wants to know which device is connected to the LAN, run the following command and see the associated device MAC addresses.
get system arp
Address Age(min) Hardware Addr Interface
192.168.120.2 0 00:41:72:74:1e:01 LAN ß device connected to LAN
192.168.120.3 2 00:41:74:6c:11:01 LAN ß device connected to LAN
10.9.15.254 0 00:09:0f:09:fe:0f port1
But this command cannot provide us the granular information like, which device is connected to which member port of Software Switch (LAN).
More details is needed when wanted to track down the device connected to this software switch for any troubleshooting purpose.
To get more details for the mac address connected to which member port of Software switch, run the following command.
diagnose netlink brctl name host <LAN> ß- name of the software switch
show bridge control interface LAN host.
fdb: hash size=32768, used=6, num=6, depth=1, gc_time=4, ageing_time=3, simple=switch
Bridge LAN host table
port no device devname mac addr ttl attributes
1 4 port2 00:41:72:74:1e:01 30 Hit(30)
2 5 port3 00:41:74:6c:11:01 7 Hit(7)
Where users can see 00:41:72:74:1e:01 (192.168.120.2) is connected to port2 of the Software Switch , and 00:41:74:6c:11:01(192.168.120.3) is connected to port3.
Limitation:
If a virtual switch is used in the software switch, it is not possible to track ports grouped by the virtual switch, instead, it is only possible to see the virtual switch interface in the mapping.
Related article:
Technical Tip: How to display the ARP table on a FortiGate unit, configured in NAT mode
