FortiGate show interface MAC address CLI

networking, linux, misc

networking

Fortigate – get interface MAC address

by tini 22/07/2020

Use CLI and enter: get hardware nic port <name> or diag hardware deviceinfo nic <name>

Leave a Reply

Your email address will not be published.

Comment

Name*

Email*

Δ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Posted by on May 19, 2021

Tracking down MACs from a switch can be very beneficial. You can use the information from the MAC table to track down where a device is plugged into, or if there is some kind of loop in the network.

This command is used from the Fortigate to drill down to the Fortiswitch. I do believe it would also work directly from the Fortiswitch.

To display the whole MAC table:

diagnose switch-controller switch-info mac-table

Lets say I need to look for the last 4 of the MAC to find exactly where this device plugs into.

diagnose switch-controller switch-info mac-table | grep 3a:fe

00:60:6e:ec:3a:fe port1 1

Now we can see that device is plugged into port 1 of the switch.

You can use theget hardware nic(ordiagnose hardware deviceinfo nic)CLI command to view the virtual MAC address of any FortiGate unit interface. Forexample, use the following command to view the port1 interface virtual MAC address(Current_HWaddr) and the port1 permanent MAC address (Permanent_HWaddr):get hardware nic port1...MAC: 00:09:0f:09:00:00Permanent_HWaddr: 02:09:0f:78:18:c9...

Example: HA and 802.3ad aggregated interfacesConfiguring and connecting HA clustersHigh Availability for FortiOS 4.0 MR210001-420-99686-20101117Feedback4Display the HA configuration (optional).get system hagroup-id: 0group-name: example5.commode: a-ppassword: *hbdev: "port5" 50 "port6" 50route-ttl: 10route-wait: 0route-hold: 10sync-config: enableencryption: disableauthentication: disablehb-interval: 2hb-lost-threshold: 20helo-holddown: 20arps: 5arps-interval: 8session-pickup: disablelink-failed-signal: disableuninterruptable-upgrade: enableha-mgmt-status: disableha-eth-type: 8890hc-eth-type: 8891l2ep-eth-type: 8893subsecond: disablevcluster2: disablevcluster-id: 1override: disablepriority: 128monitor:pingserver-monitor-interface:pingserver-failover-threshold: 0pingserver-flip-timeout: 60vdom: "root"5Repeat these steps for the other FortiGate unit.Set the other FortiGate unit host name to:config system globalset hostname 620_ha_2endTo connect the cluster to the network1Connect the port1 and port2 interfaces of 620_ha_1 and 620_ha_2 to a switchconnected to the Internet.Configure the switch so that the port1 and port2 of 620_ha_1 make up an aggregatedinterface and port1 and port2 of 620_ha_2 make up another aggregated interface.2Connect the port3 and port4 interfaces of 620_ha_1 and 620_ha_2 to a switchconnected to the internal network.Configure the switch so that the port3 and port4 of 620_ha_1 make up an interfacedand port3 and port4 of 620_ha_2 make up another aggregated interface.

Configuring and connecting HA clustersExample: HA and 802.3ad aggregated interfacesFortiOS™ Handbook v2: High Availability01-420-99686-20101117101Feedback3Connect the port5 interfaces of 620_ha_1 and 620_ha_2 together. You can use acrossover Ethernet cable or regular Ethernet cables and a switch or hub.4Connect the port5 interfaces of the cluster units together. You can use a crossoverEthernet cable or regular Ethernet cables and a switch or hub.5Power on the cluster units.The units start and negotiate to choose the primary unit and the subordinate unit. Thisnegotiation occurs with no user intervention and normally takes less than a minute.When negotiation is complete the cluster is ready to be configured for your network.To view cluster statusUse the following steps to view cluster status from the CLI.1Log into the CLI.2Enterget system statusto verify the HA status of the cluster unit that you loggedinto.Look for the following information in the command output.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 280 pages?

Upload your study docs or become a

Course Hero member to access this document

Tags

IP address, High availability, FortiGate

Newly Uploaded Documents

Newly Uploaded Documents

How do I find my FortiGate interface MAC address?

You can use the get hardware nic <interface_name_str> command to display both MAC addresses for any FortiGate interface. This command displays hardware information for the specified interface. Depending on their hardware configuration, this command may display different information for different interfaces.

How can check interface configuration in FortiGate command line?

To display the configuration of all config shells, you can use the show command from the root prompt..
show system admin setting. ... .
show system backup all-settings. ... .
show system dns. ... .
show system global. ... .
show system interface. ... .
show system ntp. ... .
show system route..

How do you get Arp in FortiGate?

Technical Tip: How to display the ARP table on a FortiGate unit, configured in NAT mode.
Scope: FortiOS firmware versions 4.0 MR3 or 5.0.x..
When VDOMs are not enabled:.
When VDOMs are enabled:.
FGT # config vdom. FGT (vdom) # edit root. current vf=root:0..
FGT (root) # get system arp..

How can I see what devices are connected to FortiGate?

In the FortiGate GUI, User & Device > Device List displays a list of devices attached to the FortiSwitch ports.