Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
bmeta
Staff & Editor
Staff & Editor

Created on ‎08-22-2021 07:43 AM Edited on ‎05-21-2025 03:23 AM By Moderator

Article Id 194752

Technical Tip: Reading IP to MAC info from L3 unit

Description

 

This article describes how to read IP to MAC information from one of the layer 3 units.

Scope

 

FortiNAC.

Solution

 

From the GUI, go to Network Devices -> L3 Polling.

 
Identify a L3 (IP-> MAC) unit.
 
Connect to FortiNAC using an SSH terminal.
 
Use this command 'ReadArpCache -ip x.x.x.x'  to read IP to MAC information from one of the layer 3 units:    
 

FortiNAC_CLI> ReadArpCache -ip 192.168.1.1

main PortNameMapper:
        Te:TenGigabitEthernet   Gi:GigabitEthernet      Fi:FiveGigabitEthernet  Tw:TwoGigabitEthernet   Twe:TwentyFiveGigabitEthernet   eth:Ethernet    Eth:Ethernet    Fo:FortyGigabitEthernet Fa:FastEthernet Po:Port-channel
main PortNameMapper:
        Ma:Management   Et:Ethernet     Po:Port-channel
Forwarder =com.bsc.forwarding.Fortigate for device 1.3.6.1.4.1.12356.101.1.639
main FortigateCommon.parseIPsecVPNClientsVdom skipping entry with port {"creation_time":7152542,"rgwy":"10.191.252.11","comments":"VPN: 2FGT-VM [Created by VPN wizard]","wizard-type":"custom","incoming_bytes":13780278530,"connection_count":85,"name":"2FGT-VM","type":"automatic","outgoing_bytes":13200824945,"proxyid":[{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.1.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":16662074,"expire":11800,"p2serial":7,"outgoing_bytes":39164690,"status":"up","p2name":"2FGT-VM"},{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.100.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":34488234,"expire":11746,"p2serial":8,"outgoing_bytes":6840731,"status":"up","p2name":"2FGT-VM100"},{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.110.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":0,"expire":11793,"p2serial":9,"outgoing_bytes":0,"status":"up","p2name":"2FGT-VMISO"},{"proxy_dst":[{"subnet":"192.168.99.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"192.168.110.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":14944,"expire":11741,"p2serial":10,"outgoing_bytes":9704,"status":"up","p2name":"2FGT-VMISO99"},{"proxy_dst":[{"subnet":"192.168.40.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"proxy_src":[{"subnet":"10.100.100.0/255.255.255.0","protocol":0,"port":0,"protocol_name":""}],"incoming_bytes":0,"expire":11745,"p2serial":11,"outgoing_bytes":0,"status":"up","p2name":"2FGT-VMflink"}]}

Device: Probe
  IP Address = 192.168.100.111
  MAC Address = 70:4C:A5:DD:2E:B8
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 10.191.252.11
  MAC Address = 00:0C:29:AE:8A:26
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 192.168.100.222
  MAC Address = FC:FB:FB:38:6F:C2
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Tue Aug 17 10:08:34 CEST 2021
  InetAddress = null

Device: Probe
  IP Address = 10.191.252.5
  MAC Address = 70:4C:A5:A5:24:59
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 10.100.100.2
  MAC Address = E8:1C:BA:86:ED:9A
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

Device: Probe
  IP Address = 192.168.100.110
  MAC Address = 34:E6:D7:39:8A:C5
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Tue Aug 17 10:08:34 CEST 2021
  InetAddress = null

Device: Probe
  IP Address = 10.191.252.254
  MAC Address = 00:09:0F:09:00:13
  Device Id = -1
  Interface Id = -1
  User Name = null
  Session Id = -1
  Time Captured = Thu Jan 01 01:00:00 CET 1970
  InetAddress = null

FortiNAC FNVMCA
root@fnac88-std1:/var/run/mysqld
>


The output above is the update from the device. Correlation example:

IP Address = 10.191.252.254.
MAC Address = 00:09:0F:09:00:13.

1021
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.