Showing MAC address on switch with configured Seco...

Support Forum

The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Hi ALL,

As we have different subnets which are connected to FG's different ports, it's really a huge and mess task to configure the policy set from portA to PortB and with other different ports. So we would like to create a new subnet in a faster way - by using Secondary IP. What we need to do is just add the new subnet address into the group of existing firewall policies, that would be more simplify our workload and would not increase the total no. of policies.

As the Secondary IP method do not segregated the 2 subnets, that means they are connected / communicated on layer 2 level, this is fine and our clients can reached with other subnets via the routing switches ( FW <---> switch <---> switch <--->), actually even no need to configure the VLAN statement for it as our PCs using static IP.

However, the PCs on new subnet could communicate with other subnets now, but from the switch point of view, I cannot trace the MAC address of the PCs... I think all of the PCs are using the same mac address of the secondard IP on FG. This may affecting the network troubleshoot performance.... I even cannot trace which switch the mac address is connected.... does anyone know there is another way to show the PC mac address in switches' arp table? Many thanks!

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA

1638

0 REPLIES 0

Top Kudoed Authors

User

Count

1744

1114

760

447

241

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Showing MAC address on switch with configured Secondary IP on FW

Nominate a Forum Post for Knowledge Article Creation