Help
FortiNAC
FortiNAC is a s a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
bmeta
Staff
Staff

Created on ‎08-22-2021 07:43 AM

Article Id 194752

Technical Tip: Reading IP to MAC info from L3 unit

Description
This article describes how to read IP to MAC information from one of the layer 3 units.

Scope
For version 8.8 and 9.1.

Solution
From GUI, go to Network Devices -> L3 Polling.





Identify a L3 ( IP-> MAC ) unit.

Connect to FortiNAC using a SSH terminal.

Use this command 'ReadArpCache -ip x.x.x.x'  to read IP to MAC information from one of the layer 3 units:
FortiNAC_CLI> ReadArpCache -ip 192.168.1.1
main PortNameMapper:
        Te:TenGigabitEthernet   Gi:GigabitEthernet      Fi:FiveGigabitEthernet  Tw:TwoGigabitEthernet   Twe:TwentyFiveGigabitEthernet   eth:Ethernet    Eth:Ethernet    Fo:FortyGigabitEthernet Fa:FastEthernet Po:Port-channel
main PortNameMapper:
        Ma:Management   Et:Ethernet     Po:Port-channel
Forwarder =com.bsc.forwarding.Fortigate for device 1.3.6.1.4.1.12356.101.1.639
main FortigateCommon.parseIPsecVPNClientsVdom skipping entry with port {"creation_time":7152542,"rgwy":"10.191.252.11","comments":"VPN: 2FGT-VM [Created by VPN wizard]","wizard-type":"custom","incoming_bytes":13780278530,"connection_count":85,"name":"2FGT-VM","type":"automatic","outgoing_bytes":13200824945,"proxyid":[{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.1.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":16662074,"expire":11800,"p2serial":7,"outgoing_bytes":39164690,"status":"up","p2name":"2FGT-VM"},{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.100.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":34488234,"expire":11746,"p2serial":8,"outgoing_bytes":6840731,"status":"up","p2name":"2FGT-VM100"},{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.110.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":0,"expire":11793,"p2serial":9,"outgoing_bytes":0,"status":"up","p2name":"2FGT-VMISO"},{"proxy_dst":[{"subnet":"192.168.99.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.110.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":14944,"expire":11741,"p2serial":10,"outgoing_bytes":9704,"status":"up","p2name":"2FGT-VMISO99"},{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"10.100.100.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":0,"expire":11745,"p2serial":11,"outgoing_bytes":0,"status":"up","p2name":"2FGT-VMflink"}]}
Device: Probe
  IP Address = 192.168.100.111
  MAC Address = 70:4C:A5:DD:2E:B8
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 10.191.252.11
  MAC Address = 00:0C:29:AE:8A:26
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 192.168.100.222
  MAC Address = FC:FB:FB:38:6F:C2
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Tue Aug 17 10:08:34 CEST 2021
  InetAddress = null

Device: Probe
  IP Address = 10.191.252.5
  MAC Address = 70:4C:A5:A5:24:59
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 10.100.100.2
  MAC Address = E8:1C:BA:86:ED:9A
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 192.168.100.110
  MAC Address = 34:E6:D7:39:8A:C5
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Tue Aug 17 10:08:34 CEST 2021
  InetAddress = null

Device: Probe
  IP Address = 10.191.252.254
  MAC Address = 00:09:0F:09:00:13
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

FortiNAC FNVMCA
root@fnac88-std1:/var/run/mysqld
>
The output above is the update from the device.
Correlation example:
  IP Address = 10.191.252.254
  MAC Address = 00:09:0F:09:00:13

362
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.