Tag Archives: fortigate How to check the bridging information in Transparent mode

How to check the bridging information in Transparent mode

How to check the bridging information in Transparent mode

When FortiOS is in Transparent mode, the unit acts like a bridge sending all incoming traffic out on the other interfaces. The bridge is between interfaces on the FortiGate unit.

Each bridge listed is a link between interfaces. Where traffic is flowing between interfaces, you expect to find bridges listed. If you are having connectivity issues, and there are no bridges listed, that is a likely cause. Check for the MAC address of the interface or device in question.

 

How to check the bridging information

To list the existing bridge instances on the FortiGate unit, use the following command:

diagnose netlink brctl list

 

Sample output:

#diagnose netlink brctl list list bridge information

1. b fdb: size=256 used=6 num=7 depth=2 simple=no

Total 1 bridges

 

How to display forwarding domain information

Forwarding domains, or collision domains, are used in routing to limit where packets are forwarded on the network. Layer-2 broadcasts are limited to the same group. By default, all interfaces are in group 0. For example, if the FortiGate unit has 12 interfaces, only two may be in the same forwarding domain, which will limit packets that are broadcast to only those two interfaces. This reduces traffic on the rest of the network.

Collision domains prevent the forwarding of ARP packets to all VLANs on an interface. Without collision domains, duplicate MAC addresses on VLANs may cause ARP packets to be duplicated. Duplicate ARP packets can cause some switches to reset. It is important to know what interfaces are part of which forwarding domains as this determines which interfaces can communicate with each other.

To manually configure forwarding domains in Transparent mode, use the following FortiOS CLI command:

config system interface edit <interface_name>

set forward-domain <integer>

end

 

To display the information for forward domains

Use the following command:

diagnose netlink brctl domain <name> <id>

where <name> is the name of the forwarding domain to display and <id> is the domain id.

 

Sample output

diagnose netlink brctl domain ione 101 show bridge root.b ione forward domain. id=101 dev=trunk_1 6

 

To list the existing bridge MAC table, use the following command:

diagnose netlink brctl name host <name>

 

Sample output

show bridge control interface root.b host.

fdb: size=256, used=6, num=7, depth=2, simple=no

Bridge root.b host table

 

port

 

2

no device

 

7

devname

 

wan2

mac addr

 

02:09:0f:78:69:00

ttl

 

0

attributes

 

Local

Static

 

5

   

6

 

vlan_1

 

02:09:0f:78:69:01

 

0

Local

Static

 

3

   

8

 

dmz

 

02:09:0f:78:69:01

 

0

Local

Static

4

 

3

  9

 

8

internal

 

dmz

02:09:0f:78:69:02

 

00:80:c8:39:87:5a

0

 

194

Local

Static

 

4

   

9

 

internal

 

02:09:0f:78:67:68

 

8

 
 

1

   

3

 

wan1

 

00:09:0f:78:69:fe

 

0

Local

Static

 

 

To list the existing bridge port list, use this command:

diagnose netlink brctl name port <name>

 

Sample Output:

show bridge root.b data port. trunk_1 peer_dev=0

internal peer_dev=0 dmz peer_dev=0

wan2 peer_dev=0 wan1 peer_dev=0