Fortinet black logo

FortiSwitchOS Administration Guide

Home FortiSwitch 7.4.2 FortiSwitchOS Administration Guide
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0

Static MAC addresses

Static MAC addresses

You can configure one or more static MAC addresses on an interface.

Starting in FortiSwitchOS 7.2.0, you can configure in the CLI whether packets with specific source static MAC address are allowed or dropped. By default, they are allowed.

tooltip icon You can use static/sticky MAC addresses or 802.1X authentication but not both on the same port at the same time. If you do need to use both, you must ensure that the MAC addresses/devices authorized by 802.1X authentication are not included in the static-mac table.
Using the GUI:
  1. Go to Switch > MAC Entries.
  2. Select Add MAC Entry to create a new item.
  3. Select an interface and enter a value for MAC Address and VLAN.
  4. Select the Sticky checkbox if you want the MAC address to be persistent, even when the status of a FortiSwitch port changes (goes down or up).
  5. Select Add to create the MAC entry.
Using the CLI:

config switch static-mac

edit <sequence_number>

set action {allow | drop}

set description <optional_string>

set interface <interface_name>

set mac <static_MAC_address>

set type {sticky | static}

set vlan-id <VLAN_ID>

end

For example:

config switch static-mac

edit 1

set action drop

set description "first static MAC address"

set interface port10

set mac d6:dd:25:be:2c:43

set type static

set vlan-id 10

end

Previous
Next

Static MAC addresses

You can configure one or more static MAC addresses on an interface.

Starting in FortiSwitchOS 7.2.0, you can configure in the CLI whether packets with specific source static MAC address are allowed or dropped. By default, they are allowed.

tooltip icon You can use static/sticky MAC addresses or 802.1X authentication but not both on the same port at the same time. If you do need to use both, you must ensure that the MAC addresses/devices authorized by 802.1X authentication are not included in the static-mac table.
Using the GUI:
  1. Go to Switch > MAC Entries.
  2. Select Add MAC Entry to create a new item.
  3. Select an interface and enter a value for MAC Address and VLAN.
  4. Select the Sticky checkbox if you want the MAC address to be persistent, even when the status of a FortiSwitch port changes (goes down or up).
  5. Select Add to create the MAC entry.
Using the CLI:

config switch static-mac

edit <sequence_number>

set action {allow | drop}

set description <optional_string>

set interface <interface_name>

set mac <static_MAC_address>

set type {sticky | static}

set vlan-id <VLAN_ID>

end

For example:

config switch static-mac

edit 1

set action drop

set description "first static MAC address"

set interface port10

set mac d6:dd:25:be:2c:43

set type static

set vlan-id 10

end

Previous
Next