Troubleshooting Tip: FortiGate MAC address issue with VLAN-switch configuration

nalexiou · ‎09-18-2025

Description

This article describes a technical issue with FortiGate devices where the MAC address of the gateway is advertised behind its port, causing the MAC address to bounce between ports on a connected Cisco switch. The issue is specific to FortiGates running FortiOS v7.2.x.

Scope

FortiOS v7.2.

Solution

To verify and resolve the issue, follow the steps below:

Verify that the interface is configured as a VLAN on the virtual hardware switch.

config system virtual-switch
edit "internal"
set physical-switch "sw0"

set vlan 46
config port
edit "internal3"
next
edit "internal5"
next
end

When the issue occurs on the Cisco switch, logs similar to the following will be generated:

Oct 13 13:42:05.656: %SW_MATM-4-MACFLAP_NOTIF: Host 06d5.9004.f89c in vlan 46 is flapping between port Gi0/1 and port Gi0/6

When a FortiGate interface is part of a VLAN-switch configuration (virtual-switch with VLAN tagging) in v7.2.x, the FortiGate may advertise the gateway of the MAC address on different physical ports. This behavior causes MAC flapping alerts on connected switches, such as Cisco Catalyst devices.

The issue is not present in v7.4.8 or later. An upgrade is required to avoid this issue.

Troubleshooting Tip: FortiGate MAC address issue with VLAN-switch configuration

You are leaving our website