Description

 

This article describes how to properly enable L2mac events on FortiSwitch.

 

Scope

 

FortiSwitch v7.2.3 and above.

 

Solution

 

Configure this SNMP feature by using the following documents.

On FortiLilnk environment:
Configuring SNMP

Stand Alone:
Configuring SNMP

But still, L2mac events are not registered on FortiSwitch logs when the configurations above are completed. Therefore the SNMP trap packet cannot be sent to the configured SNMP host

 

In order to generate, finish the configuration on needed FortiSwitch ports and make the event appear.

 

Example on a FortiSwitch CLI:

 

S548Dxxxxx # conf switch int

S548Dxxxxxxx (interface) # edit port31

S548DNxxxxxxx (port31) # show

 

config switch interface

    edit "port31"

        set allowed-vlans 11

        set auto-discovery-fortilink enable

        set snmp-index 31

        set log-mac-event enable   <----- Port31 log-mac-event enabled

    next

end

 

It is then, possible to connect a device on that port and confirm device MAC is learned on the incumbent port:

 

S548DN4K15000018 # diag switch mac-address list

 

flag bit pattern: 0x00000000

flag bit Mask: 0x00000000

vlan map: 0-4094

port-id map: 0-63

trunk-id map: 0-127

 

MAC: 90:6c:ac:0c:bb:d3 VLAN: 1 Port: internal(port-id 55)

Flags: 0x00000020 [ static ]

 

MAC: 90:6c:ac:0c:bb:d3 VLAN: 4094 Port: internal(port-id 55)

Flags: 0x00010460 [ static hit src-hit native ]

 

MAC: 70:4c:a5:6f:5e:6d VLAN: 1 Port: port41(port-id 41)

Flags: 0x00010441 [ hit dynamic src-hit native ]

 

MAC: 70:4c:a5:82:9d:3b VLAN: 1 Port: port41(port-id 41)

Flags: 0x00010441 [ hit dynamic src-hit native ]

 

MAC: 00:00:00:00:11:02 VLAN: 11 Port: port31(port-id 31) <----- The new MAC has been learned and the trap packet should be sent to the SNMP server.

Flags: 0x00010441 [ hit dynamic src-hit native ]

 

MAC: 70:4c:a5:82:9d:3f VLAN: 1 Port: port41(port-id 41)

Flags: 0x00010441 [ hit dynamic src-hit native ]

 

Total Displayed: 6

 

A log message should be also generated:

 

S548DNxxxxxx # exec log display

133 logs found.

10 logs returned.

 

1: 2022-03-22 11:10:42 log_id=0104011100 type=event subtype=switch pri=information vd=root user="ctrld" switch.interface="port31" vlan="11" msg="new MAC [00:00:00:00:11:02] learned" <----- New MAC learned log message.

 

If this feature is configured on a FortiLink managing a FortiSwitch, it would be useful to use scripts to configure it directly on the FortiSwitch controller section on the FortiGate config.

 

Related document:

Executing custom FortiSwitch scripts

 

This method provides support for FortiSwitch features not implemented yet on the switch controller section on FortiGate and provides persistency on the FortiGate configuration file in case it is necessary to factory restart FortiSwitch to replace it.