Troubleshooting Tip: Useful commands for Troubleshooting VXLAN EVPN on FortiOS

ManpreetSingh · ‎10-29-2025

Description

This article provides a consolidated list of useful FortiOS commands for verifying and troubleshooting a VXLAN deployment that uses an EVPN-MP-BGP control plane.

These commands allow an administrator to check the BGP neighbor status, verify MAC address learning, and inspect the EVPN tables.

Scope

FortiGate.

Solution

The following commands can be used from the FortiGate CLI to diagnose and validate the VXLAN EVPN configuration:

Command	Purpose	Check/observe
diagnose sys vxlan fdb list <vxlan1>	Show the VXLAN forwarding database	Verify MAC addresses learned from remote VTEPs.
diagnose netlink brctl name host <sw1>	Show the bridge MAC table	Confirm local and remote MACs are learned in the bridge domain.
get router info bgp evpn summary	Display the BGP EVPN neighbor summary	Check the BGP session state and uptime.
get router info bgp evpn network	Show the EVPN MAC/IP routes.	Verify Route Type 2 and 3 advertisements
get router info bgp evpn context	Show EVPN context / VNI info.	Validate the bridge domain, VNI, and source interface
get router info bgp neighbors <IP> routes evpn	Show EVPN routes from a specific neighbor	Check MAC/IP routes advertised/received from the peer
get l2vpn evpn instance	Show EVPN instance information	Confirm IP learning, ARP suppression, and VNI/bridge mapping.
get l2vpn evpn table	Show the EVPN MAC/IP tables.	Verify local/remote MACs, IPs, and VNI binding.
diagnose ip parp list	Show the proxy ARP table.	Check for ARP proxy entries for remote hosts (if ARP suppression is enabled).

Troubleshooting Tip: Useful commands for Troubleshooting VXLAN EVPN on FortiOS

You are leaving our website