Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Maik
New Contributor

Changing WLAN MAC Adress after reboot

I grab a factory default FWF, the SSID " fortinet" / Interface " wifi" is already there. I only change the PSK that I can access. now, whenever I reboot the FWF, the MAC address behind the Interface IP 10.10.80.1 changes. I created a support ticket, and they say this is to be expected/by design. Now i' m puzzled. Can that really be? I mean, everytime the MAC changes, Windows and the Forticlient recognizes the SSID as a new network, asking me to reenter the PSK and asks if i trust this network. did I missunderstand the concept that the MAC should stay the same? Can anybody confirm this happening on your box as well? e.g. a FWF80C? I noticed this behaviour on FWF40C, FWF60C with OS5.0.1 i will test it with other Firmwareversions.
10 REPLIES 10
Carl_Wallmark
Valued Contributor

Ehm, I would say no to that. The MAC address should be the same unless you change it by yourself. the MAC address, is it completely new or is it only the last numbers that changed ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Maik

the MAC address, is it completely new or is it only the last numbers that changed ?
here is an example output of arp -a on a Win7 PC after a reboot: Interface: 10.10.80.5 --- 0xf Internet Address Physical Address Type 10.10.80.1 00-ff-b4-62-f1-e6 dynamic reboot Interface: 10.10.80.5 --- 0xf Internet Address Physical Address Type 10.10.80.1 00-ff-8a-6d-4a-63 dynamic reboot Interface: 10.10.80.5 --- 0xf Internet Address Physical Address Type 10.10.80.1 00-ff-88-66-ca-ba dynamic FGT: is a FWF60C with 4.3.11
Dave_Hall
Honored Contributor

I was never able to replicate this behaviour with my own fwf40C, currently running 4.0 MR3 patch 10. factoryreset to defaults then playing around with some of the wireless settings (at the CLI level too). The mac address never changed. The wireless-controller has some nice debug features...
# diag wireless-controller wlac wlac usage: wlac help --show this usage wlac kickmac mac --disassociate a sta wlac kickwtp ip cport --tear down a wtp session wlac plain-ctl [wtp-id] [0|1] --show or change current plain control setting wlac sniff-cfg ip port --set sniff server ip and port wlac sniff [wtp-id] [0|1|2] --enable/disable sniff packet for all wtps wlac scanclr --clear the scanned rogue ap list wlac scanstaclr --clear the scanned rogue sta list wlac sta_filter sta level --enable/disable log for sta wlac wtp_filter id vfid-ip:port level --enable/disable log for wtp wlac -d usage --list objects usage in data plane wlac -d all --list wlan/wtp/vap/sta info in data plane wlac -d wlan --list wlan info in data plane wlac -d wtp --list wtp info in data plane wlac -d vap --list vap info in data plane wlac -d sta --list sta info in data plane wlac -d wlsta wlan --list wlan' s sta info in data plane wlac -d wtpsta wtp-index --list wtp' s sta info in data plane wlac -c sta --show sta in control plane wlac -c wtpgrp --show configured wtp profiles in control plane wlac -c wtp --show configured wtps in control plane wlac -c wlan --show configured wlans in control plane wlac -c wlgrp --show configured wlan groups in control plane wlac -c ap-status --show configured ap status in control plane wlac -c ws --show current wtp sessions in control plane wlac -c vap --show vap list in control plane wlac -c ap-rogue --show rogue ap list in control plane wlac -c sta-rogue --show rogue sta list in control plane wlac -c rap-hostlist bssid --show hosts related to the ap wlac -c arp-req --show arp list on the controller wlac -c mac-table --show mac table wlac -c br-table --show bridge table wlac -c nol --list the AP' s NOL channels wlac -c scan-clr-all --clear the scanned rogue ap and sta data wlac -c ap-onwire-clr bssid --clear the rogue ap' s on wire flag wlac -c darrp --show darrp radio table #
Unless there are some new features or behaviour on 5.0 , I am more incline to think there may be a rogue AP or misconfigured wireless bridge/repeater near by. I would run some of those wireless controller commands (before/after a reboot) to confirm the baseid mac address is still the same or different.
I created a support ticket, and they say this is to be expected/by design.
If this was me, I would need for support to explain exactly how it is expected/by design and how to change that behaviour.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Maik
New Contributor

Unless there are some new features or behaviour on 5.0 , I am more incline to think there may be a rogue AP or misconfigured wireless bridge/repeater near by
I now can say this happens on a FWF60C with 4.3.11 as well. I also can rule out a third AP near by.
I would run some of those wireless controller commands (before/after a reboot) to confirm the baseid mac address is still the same or different.
wlac -c wlan shows the MAC adresse that I see on the client' s arp table behind the AP' s IP (Value " ip, mac" ). This one changes after the reboot. wlac -c vap shows a different MAC adress. this one stays the same after a reboot. BEFORE REBOOT: ------------------- FWF60C # diagnose wireless-controller wlac -d vap vf=0 wtp=1 wlan=wifi bssid=00:0e:8e:3f:0e:68 idx=0 use=5 FWF60C # diagnose wireless-controller wlac -c vap bssid ssid intf vfid:ip-port rId wId 00:0e:8e:3f:0e:68 fortinet wifi ws (0-127.0.0.1:15246) 0 0 FWF60C # diagnose wireless-controller wlac -c wlan WLAN (001/001) vdom,name: root, wifi ip, mac : 10.10.80.1, 00:ff:3e:c0:18:eb status : up refcnt, deleted : 3, 0 auth type : 0 mac type : 0xffffffff tunnel type : 0xffffffff fast roaming : 0x1 suppress ssid : 0 ssid : fortinet security : 7 auth : 0 key : keyindex : 1 password : testpsk radius_server : usergroup : intra privacy : disabled station info : 1/0 kern sock : 7 mf acl cfg : disabled, allow, 0 entries sta list 0000 a0:88:b4:85:12:98 ws (0-127.0.0.1:15246) 0 0 WTP 0001 : 0, FWF60C-WIFI0 ---- 0-127.0.0.1:15246 (11 - CWAS_RUN) REBOOT: ----------- FWF60C # diagnose wireless-controller wlac -d vap vf=0 wtp=1 wlan=wifi bssid=00:0e:8e:3f:0e:68 idx=0 use=4 FWF60C # diagnose wireless-controller wlac -c vap bssid ssid intf vfid:ip-port rId wId 00:0e:8e:3f:0e:68 fortinet wifi ws (0-127.0.0.1:15246) 0 0 FWF60C # diagnose wireless-controller wlac -c wlan WLAN (001/001) vdom,name: root, wifi ip, mac : 10.10.80.1, 00:ff:63:5a:a2:6a status : up refcnt, deleted : 3, 0 auth type : 0 mac type : 0xffffffff tunnel type : 0xffffffff fast roaming : 0x1 suppress ssid : 0 ssid : fortinet security : 7 auth : 0 key : keyindex : 1 password : testpsk radius_server : usergroup : intra privacy : disabled station info : 1/0 kern sock : 7 mf acl cfg : disabled, allow, 0 entries sta list 0000 a0:88:b4:85:12:98 ws (0-127.0.0.1:15246) 0 0 WTP 0001 : 0, FWF60C-WIFI0 ---- 0-127.0.0.1:15246 (11 - CWAS_RUN)
Maik
New Contributor

fwf40C, currently running 4.0 MR3 patch 10. factoryreset
I now tested with a FWF60C and Downgraded it to 4.3.10. I also see the changing MAC in this release. Currently I see this changing MAC on the following boxes: FWF30B: 4.3.10 FWF40C: 5.0.1 FWF60C: 4.3.10, 4.3.11, 5.0.1 FWF80C: 5.0.1 Thank you for the diag command " diagnose wireless-controller wlac -c wlan" this one helps me finding the changed mac easier :)
Dave_Hall
Honored Contributor

OK, I was able to replicate a similar behaviour if I enabled Explicit Web Proxy on the wifi interface, but my Windows XP test machine never treated the connection is a new wifi connection. (Don' t have a Windows 7 test machine to try out.)
d:\dummy>arp -a No ARP Entries Found d:\dummy>ping 192.168.90.1 Pinging 192.168.90.1 with 32 bytes of data: Reply from 192.168.90.1: bytes=32 time=10ms TTL=255 Reply from 192.168.90.1: bytes=32 time=3ms TTL=255 Ping statistics for 192.168.90.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 10ms, Average = 6ms Control-C ^C d:\dummy>arp -a Interface: 192.168.90.20 --- 0x80002 Internet Address Physical Address Type 192.168.90.1 00-ff-f8-d6-4e-16 dynamic d:\dummy>ping 192.168.90.1 Pinging 192.168.90.1 with 32 bytes of data: Reply from 192.168.90.1: bytes=32 time=9ms TTL=255 Reply from 192.168.90.1: bytes=32 time=5ms TTL=255 Ping statistics for 192.168.90.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 5ms, Maximum = 9ms, Average = 7ms Control-C ^C d:\dummy>arp -a Interface: 192.168.90.20 --- 0x90002 Internet Address Physical Address Type 192.168.90.1 00-ff-a4-f7-23-4d dynamic d:\dummy>ping 192.168.90.1 Pinging 192.168.90.1 with 32 bytes of data: Reply from 192.168.90.1: bytes=32 time=9ms TTL=255 Reply from 192.168.90.1: bytes=32 time=3ms TTL=255 Ping statistics for 192.168.90.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 9ms, Average = 6ms Control-C ^C d:\dummy>arp -a Interface: 192.168.90.20 --- 0xa0002 Internet Address Physical Address Type 192.168.90.1 00-ff-e6-c9-77-ae dynamic d:\dummy>
Update: scratch the above. Further testing shows the Explicit Web proxy doesn' t make a difference. Mac address still changing with/without this feature enabled. Resetting my little guy and restarting from scratch.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Dave_Hall
Honored Contributor

Thank you for the diag command " diagnose wireless-controller wlac -c wlan" this one helps me finding the changed mac easier :)
New command to try from a windows 7 workstation:
netsh wlan show networks mode=bssid

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Maik
New Contributor

netsh wlan show networks mode=bssid
SSID 2 : fortinet Network type : Infrastructure Authentication : WPA2-Personal Encryption : CCMP BSSID 1 : 00:0e:8e:3f:0e:68 Signal : 99% Radio type : 802.11n Channel : 11 Basic rates (Mbps) : 1 2 5.5 11 Other rates (Mbps) : 6 9 12 18 24 36 48 54 this is the MAC from: FWF60C # diagnose wireless-controller wlac -c vap bssid ssid intf vfid:ip-port rId wId 00:0e:8e:3f:0e:68 fortinet wifi ws (0-127.0.0.1:15246) 0 0 so the bssid MAC is matching (and persistent). but the MAC of the Gateway is not.
Maik
New Contributor

but the MAC of the Gateway is not.
To test, I wanted to assign a own MAC address to the interface. on a normal interface this is done with: set subst enable / set macaddr ..... sadly, this command is not available on a wifi interface. (4.3.10)