Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

show mac address table on Fortigate

Hi guys,


I have configured a virtual-switch aka hardware-switch and binded 4 interfaces that belong to a VDOM.


config system interface edit "SW_Firewall" set vdom "Firewall" set ip 8x.4y.8z.254 set allowaccess ping https ssh set type hard-switch set snmp-index 18 set secondary-IP enable config secondaryip edit 1 set ip set allowaccess ping next end next end


How can I find out learnt MAC addresses aka "show mac address table" on each physical interface?



The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
Valued Contributor

The command is 'get sys arp'. It will show you all learnt arps on the FortiGate with the interface that learnt them.


If you'd like to quickly filter the results by portX then you can pipe a grep after the command (ie: get sys arp | grep portX)

New Contributor II

A hardware/virtual switch doesn't care about any ARP entries. I want to know the L2 mac addresses that were/are learnt per switch port.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.



Hardware Switch will give you an option to bind multiple Hardware Interfaces to form a Single Logical Interface. This Logical Interface is a Layer 3 interface with an IP assigned to it. It doesn't have a CAM/MAC table. You can view the ARP table to see the MAC address of the devices connected to these individual interfaces which are part of the Hardware Switch using command # get system arp.


Hope this will answer your question.





Lets say hypothetically that you create a software or hardware switch on the Fortigate.  Then it DEFINITELY HAS a mac address table.  If you don't understand the difference between a MAC table and an ARP table, then you probably aren't going to be able to help.  Why is it so hard to basic information like this out of a FortiGate?  Is it a "get...." command, is it a "show...." command, is it a "diag....." command.  THEY ALL DO THE SAME THING!  Quit making it harder than it needs to be.  Showing the MAC table doesn't need to be any harder than "show system mac"  or "show switch mac".....

Derek Small
Derek Small

In TP mode, we can check L2 forwarding table on FGT. 

The forwarding database (FDB) is populated with the network devices MAC addresses during a MAC learning process, based on the source addresses seen in the Ethernet frames ingressing a FortiGate port.

FGT # diagnose netlink brctl list  -> List Bridge information
list bridge information
1. root.b fdb: size=256 used=6 num=7 depth=2 simple=no
2. mgmt.b fdb: size=256 used=5 num=4 depth=2 simple=no
Total 2 bridges
Here above we can see two bridge instances for 2 VDOMs in Transparent mode: root and mgmt.


This command will dump the L2 forwarding table for each VDOM bridge instance:
diagnose netlink brctl name host <VDOM_name>.b


Example for the root VDOM:
FGT# diag netlink brctl name host root.b

show bridge control interface root.b host.
fdb: size=256, used=6, num=7, depth=2, simple=no
Bridge root.b host table
port no device devname mac addr ttl atributes
2 7 wan2 02:09:0f:78:69:00 0 Local Static
5 6 trunk_1 02:09:0f:78:69:01 0 Local Static
3 8 dmz 02:09:0f:78:69:01 0 Local Static
4 9 internal 02:09:0f:78:69:02 0 Local Static
3 8 dmz 00:80:c8:39:87:5a 194
4 9 internal 02:09:0f:78:67:68 8
1 3 wan1 00:09:0f:78:69:fe 0 Local Static


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors