Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

How To Determine What Port Of Hardware Switch A Computer Is Connected To

Running a FortiWiFi 60D with FortiOS 6.0.9 located at a remote data center. We have the firewall Hardware Switch with ports 1 through 7 as members. One dual NIC server plus 4 PC's are connected to the ports 1 through 6. One PC, PC-Red, needs to be put on its own subnet. To do this I assume that we need to take its Internal Port out of the Hardware Switch, and assign it's port to a subnet, different from the subnet used by the Hardware Switch. We know the IP address, MAC address, and hostname. Is there a way to determine which port PC-Red is connected to so that we only remove PC-Red and not the server or other PC's from the Hardware Switch?

1 Solution
Yurisk
Valued Contributor

@sw2090: This is for Fortiswitch only, not for Fortigate.

 

@SecurityPlus: Actually, I think you can trace it by:

[ol]
  • Run get hardware nic port1,port2,portN... on Fortigate to know MAC address of each physical Fortigate port, then
  • Look on CLI of your server (Red-PC) at the learned MAC table - ip neigh (Linux) / arp -a (Windows) and try to match with the Fortigate's one. I didn't verify though, so update us if does not help, for sure there are more ways to try to do it.[/ol] 
  • Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

    View solution in original post

    Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
    9 REPLIES 9
    flamengo
    New Contributor

    Maybe this command can help you.

     

    get sys arp

    SecurityPlus

    Thanks! I will give this a try.
    Yurisk
    Valued Contributor

    get sys arp will show Layer 3 interfaces and hosts mapping, so all the physical ports inside the same Fortigate switch group will show as "LAN" or whatever logical name you have given  to your networks, and it will NOT show individual ports mappings like MAC of PC-REd is on port3,4,5 etc

     

    Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
    Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
    SecurityPlus

    Thanks. Is there a way to see the Layer 2 interfaces and hosts mapping?
    Yurisk
    Valued Contributor

    Not that I know of, alas.

     

    Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
    Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
    sw2090
    Honored Contributor

    Did you already try this?:

     

    diag switch mac-address list
    diag switch mac-address list | grep -i mac

    -- 

    "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

    -- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
    Yurisk
    Valued Contributor

    @sw2090: This is for Fortiswitch only, not for Fortigate.

     

    @SecurityPlus: Actually, I think you can trace it by:

    [ol]
  • Run get hardware nic port1,port2,portN... on Fortigate to know MAC address of each physical Fortigate port, then
  • Look on CLI of your server (Red-PC) at the learned MAC table - ip neigh (Linux) / arp -a (Windows) and try to match with the Fortigate's one. I didn't verify though, so update us if does not help, for sure there are more ways to try to do it.[/ol] 
  • Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
    Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
    SecurityPlus

    sw2090: in this case there is no FortiSwitch involved. Good to know for future use though.

    Yurisk: will need to look into this a bit. Not enough time to do this now.. Thanks.
    emnoc
    Esteemed Contributor III

    To list layer2 details and if we are on a fsw

     

      diag debug port-mac list 

     

    Ken Felix

    PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    Labels
    Top Kudoed Authors