Hello
In cisco switches you are able to "show" mac address by port with "show mac address-table interface gigabitEthernet0/1" it is possible to do the same in a Fortigate appliance?
Thanks
Hi,
how about to "see" the mac address where it is connected to?
That would make my network "mapping" a lot easier.
Why not ask for the arp table right away?
diag ip arp list
get sys arp
the problem with is that it does not say what NIC is connected to where.
AFAIK you can only see direct partner's MAC in LACP bundles.
Hello to all
The previous doesn´t work for me, I´m looking for something like:
**************************************************************************
CISCO_SWITCH#sh mac address-table interface GigabitEthernet1/0/1 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- CISCO_SWITCH#sh mac address-table interface GigabitEthernet1/0/24 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 201 FFFF.FFFF.FFFF DYNAMIC Gi1/0/24 204 FFFF.FFFF.FFFF DYNAMIC Gi1/0/24 Total Mac Addresses for this criterion: 2 CISCO_SWITCH#
With this output I can know that there are 2 devices connected to that port in particular
**************************************************************************
**************************************************************************
"get hardware nic wan1" display the port mac not the mac addresses that are connected to that port:
FGT # get hardware nic wan1 Driver Name :Fortinet NP4Lite Driver Version :1.0.0 Admin :up Current_HWaddr FF:FF:FF:FF:FF:FF Permanent_HWaddr FF:FF:FF:FF:FF:FF Status :up Speed :1000 Duplex :Full Host Rx Pkts :206674384 Host Rx Bytes :661200042 Host Tx Pkts :143102099 Host Tx Bytes :1883562834 Rx Pkts :399838866 Rx Bytes :934198213 Tx Pkts :273216779 Tx Bytes :2646117299 rx_buffer_len :2048 Hidden :No cmd_in_list : 0 promiscuous : 1
**************************************************************************
**************************************************************************
FGT (VDOM_X) # get sys arp or FGT #get sys arp
display all mac addresses but "Interface" column only show logical port not physical Address Age(min) Hardware Addr Interface 192.168.2.152 0 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.155 1 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.156 0 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.160 0 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.161 0 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.163 1 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.165 0 FF:FF:FF:FF:FF:FF Internal_2 192.168.2.183 4 FF:FF:FF:FF:FF:FF Internal_2 192.168.70.12 4 FF:FF:FF:FF:FF:FF lan 192.168.70.14 0 FF:FF:FF:FF:FF:FF lan 192.168.70.15 0 FF:FF:FF:FF:FF:FF lan 192.168.70.16 1 FF:FF:FF:FF:FF:FF lan 192.168.70.17 0 FF:FF:FF:FF:FF:FF lan 192.168.70.19 0 FF:FF:FF:FF:FF:FF lan 192.168.70.24 0 FF:FF:FF:FF:FF:FF lan 192.168.70.27 4 FF:FF:FF:FF:FF:FF lan
**************************************************************************
Not sure about the CLI, but you can see what MACs are connected to the interface via the GUI.
On 5.2.X:
User & Device > Device > Device Definitions.
If nothing is showing you need to enable device identification on the interface.
#config system interface
#edit port1
#set device-identification enable
-FortiOSman,
Up, Up, and Away!
If logical port is all we've got IMHO that's not that bad...I think they comprise physical and virtual ports (VLAN etc.).
I'd combine the CLI command with a grep:
get sys arp | grep port10
diag switch mac-address list | grep -i mac
MAC: f0:d5:bf:f0:23:50 VLAN: 1 Port: port17(port-id 17) MAC: 5c:b9:01:0c:0f:4e VLAN: 1 Port: port8(port-id 8) MAC: 90:6c:ac:12:69:28 VLAN: 1 Port: internal(port-id 25) MAC: ac:d1:b8:26:dc:0c VLAN: 1 Port: port17(port-id 17) MAC: 98:ee:cb:48:14:50 VLAN: 1 Port: port20(port-id 20) MAC: 98:ee:cb:48:15:90 VLAN: 1 Port: port17(port-id 17) MAC: 34:f3:9a:14:8c:91 VLAN: 1 Port: port17(port-id 17) MAC: 34:f3:9a:14:b2:f2 VLAN: 1 Port: port17(port-id 17) MAC: 2c:41:38:28:74:c7 VLAN: 1 Port: port10(port-id 10) MAC: 30:05:5c:b4:7c:11 VLAN: 1 Port: port21(port-id 21) MAC: c4:9a:02:76:80:b9 VLAN: 1 Port: port10(port-id 10) MAC: 98:ee:cb:48:16:5e VLAN: 1 Port: port17(port-id 17) MAC: 98:ee:cb:48:16:62 VLAN: 1 Port: port18(port-id 18) MAC: 4c:cc:6a:79:f3:97 VLAN: 1 Port: port2(port-id 2)
Hello, i have Fortigate 200D connect with switch cisco 3750 layer 3, i created vlans and dhcp server on cisco switch, using RIP routing to Fortigate. But i cant see arp or mac table on fortigate. how can forwarding arp or mac table on switch to Firewall ?? thks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.