Description
This article describes how to find the interface's MAC address.
Solution
From GUI:
Go to Network -> Interfaces -> Edit Interface and along with the interface name hardware address also be added from version 5.4 onward.
In non VDOM mode.
# get hardware nic | grep Hwaddr
In VDOM mode.
# conf global
get hardware nic | grep Hwaddr
Example.
To see the firewall port2 MAC address:
# get hardware nic port2
Name: port2
Version: 1.1.29.0-k-NAPI
FW version: N/A
Bus: 0000:0b:00.0
Hwaddr: 00:75:72:61:5f:02
Permanent Hwaddr:00:75:72:61:5f:02
State: up
Link: up
Mtu: 1500
Related Articles
Technical Note: How to find the interface's mac address
Hi all,
Thanks for the commands, I can see 2 mac-addresses on port15 and port 16
fwb01 # get hardware nic port15 | grep -A 2 "Current" Current_HWaddr 08:5b:0e:5d:33:12 Permanent_HWaddr 08:5b:0e:5d:33:12
fwb01 # get hardware nic port16 | grep -A 2 "Current" Current_HWaddr 08:5b:0e:5d:33:13 Permanent_HWaddr 08:5b:0e:5d:33:13
Now, what I need to is to exactly trace what port port 15 and port 16 connects to the switch, in this case a cisco switch.
If I do a show mac address-table add on core-sw1, I can see that it's in g4/21.
COR-1# show mac address-table add 08:5b:0e:5d:33:12 Unicast Entries vlan mac address type protocols port -------+---------------+--------+---------------------+-------------------- 108 085b.0e5d.3312 dynamic ip GigabitEthernet4/21
BUT...if I trace the second mac-address it is not showing on both core switches...
COR-1# show mac address-table add 08:5b:0e:5d:33:13 No entries present.
COR-2# sh mac add add 08:5b:0e:5d:33:13 No entries present.
Now, port 15 and 16 are configured as bonded or only having one IP address.
How can I now see what port in core-sw1 or core-sw2 is connected to fortigate por16? Do I really need someone physically onsite to trace this??
Thanks,
Dave Hall wrote:bluephoenix71 wrote:Hi I get to see the ip address but it's mostly the VIP or HSRP ip of the core switch...
Hi Blue. I don't think you will find a complete single list/page showing the MAC Address of all the Interfaces. On the GUI you can find the MAC Address listed behind the Interface name [see pic].
[attachImg]//forum.fortinet.com/download.axd?file=0;120904&where=message&f=Interface Mac Address.jpg[/attachImg]
emnoc has already provided the CLI commands to get the mac address, which is diag hardware deviceinfo nic . Use ? in place of to get a list of interfaces.
If you just want the MAC-Address for an interface, use: diag hardware deviceinfo nic | grep HWaddr
I have a Fortinet FG-60E firewall running FortiOS v6.0.1. A wireless access point is connected to one of the ports [internal3]. There are currently no other clients connected to the wireless access point.
Is there a FortiOS command [or commands] that will tell the MAC address of the wireless access point?
update 1
get system arp
almost does what I want, except it doesn't specify the port number of the internal interface. You can see from this snippet of output:
FGT60E4Q16045123 # get system arp
Address Age[min] Hardware Addr Interface
10.0.1.87 0 00:0c:29:60:8c:f4 internal
10.0.1.20 125 5c:aa:fd:1b:b5:5a internal
10.0.1.73 0 00:0c:29:a4:29:9e internal
10.0.1.96 1 00:0c:29:76:7c:2b internal
10.0.1.13 0 5c:70:a3:7d:28:82 internal
10.0.1.6 0 00:11:32:0f:ab:f9 internal
10.0.1.89 0 00:0c:29:c8:98:c4 internal
10.0.1.22 104 b8:e9:37:5f:ac:2c internal
10.0.1.75 0 00:0c:29:05:ab:42 internal
10.0.1.98 0 00:0c:29:05:53:49 internal
The interface is listed as "internal" and not "internal1", "internal2", etc.. The "internal" interface has 7 ports:
update 2
The output from diag switch-controller dump mac-hosts-switch-port
does not include the port number. Here's an example:
vd root/0 f0:9f:c2:30:d5:76 gen 159 req TOUS/2e
created 69257s gen 20 seen 45873s internal gen 79
ip 192.168.1.1 src arp
host 'OpenWrt' src dhcp
vd root/0 00:0c:29:76:7c:2b gen 1853 req TOU/2c
created 2190525s gen 47 seen 318s internal gen 1447
ip 10.0.1.96 src arp
host 'cdh06' src dhcp
server http
The first entry is the device I'm trying to identify via Fortinet CLI. As far as I can tell, there's no way to associate the MAC with a particular port on the firewall.