How to check the bridging information in Transparent mode
When FortiOS is in Transparent mode, the unit acts like a bridge sending all incoming traffic out on the other interfaces. The bridge is between interfaces on the FortiGate unit.
Each bridge listed is a link between interfaces. Where traffic is flowing between interfaces, you expect to find bridges listed. If you are having connectivity issues, and there are no bridges listed, that is a likely cause. Check for the MAC address of the interface or device in question.
How to check the bridging information
To list the existing bridge instances on the FortiGate unit, use the following command:
diagnose netlink brctl list
Sample output:
#diagnose netlink brctl list list bridge information
1. b fdb: size=256 used=6 num=7 depth=2 simple=no
Total 1 bridges
How to display forwarding domain information
Forwarding domains, or collision domains, are used in routing to limit where packets are forwarded on the network. Layer-2 broadcasts are limited to the same group. By default, all interfaces are in group 0. For example, if the FortiGate unit has 12 interfaces, only two may be in the same forwarding domain, which will limit packets that are broadcast to only those two interfaces. This reduces traffic on the rest of the network.
Collision domains prevent the forwarding of ARP packets to all VLANs on an interface. Without collision domains, duplicate MAC addresses on VLANs may cause ARP packets to be duplicated. Duplicate ARP packets can cause some switches to reset. It is important to know what interfaces are part of which forwarding domains as this determines which interfaces can communicate with each other.
To manually configure forwarding domains in Transparent mode, use the following FortiOS CLI command:
config system interface edit <interface_name>
set forward-domain <integer>
end
To display the information for forward domains
Use the following command:
diagnose netlink brctl domain <name> <id>
where <name> is the name of the forwarding domain to display and <id> is the domain id.
Sample output
diagnose netlink brctl domain ione 101 show bridge root.b ione forward domain. id=101 dev=trunk_1 6
To list the existing bridge MAC table, use the following command:
diagnose netlink brctl name host <name>
Sample output
show bridge control interface root.b host.
fdb: size=256, used=6, num=7, depth=2, simple=no
Bridge root.b host table
| port
2 |
no | device
7 |
devname
wan2 |
mac addr
02:09:0f:78:69:00 |
ttl
0 |
attributes
Local Static |
|
5 |
6 |
vlan_1 |
02:09:0f:78:69:01 |
0 |
Local
Static |
|
|
3 |
8 |
dmz |
02:09:0f:78:69:01 |
0 |
Local
Static |
|
| 4
3 |
9
8 |
internal
dmz |
02:09:0f:78:69:02
00:80:c8:39:87:5a |
0
194 |
Local
Static |
|
|
4 |
9 |
internal |
02:09:0f:78:67:68 |
8 |
||
|
1 |
3 |
wan1 |
00:09:0f:78:69:fe |
0 |
Local
Static |
To list the existing bridge port list, use this command:
diagnose netlink brctl name port <name>
Sample Output:
show bridge root.b data port. trunk_1 peer_dev=0
internal peer_dev=0 dmz peer_dev=0
wan2 peer_dev=0 wan1 peer_dev=0