Method used to view the MAC address of a device on USG firewalls

57

The method used to view the MAC address of a device on the USG2000, USG5000, and USG6000 is as follows:
You cannot view the MAC address of a device on the web UI on USG firewalls.
You can run the display arp command in the command line to view the local MAC address and peer MAC address.
[USG]display arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPNINSTANCE
VLAN/PVC

1.1.2.2 3400-a3d8-f023 I Vlanif300
100.1.1.1 3400-a3d8-f023 I Vlanif200
6.6.6.6 3400-a3d8-f023 I Vlanif2
192.168.108.111 3400-a3d8-f01f I GE0/0/0
192.168.108.222 3400-a3d8-f01f I GE0/0/0
192.168.108.100 d46a-b330-c311 6 D GE0/0/0
192.168.108.113 3400-a3da-e1b0 12 D GE0/0/0
192.168.108.115 200b-c73b-6300 16 D GE0/0/0
192.168.108.114 200b-c73b-5b00 16 D GE0/0/0
I indicates the MAC address of the interface, and D indicates a dynamic entry obtained using the ARP packet.
You can learn the local interface address in I, including the VLANIF interface and L3 interface (WAN interface).

Other related questions:
Method used to view the sequence number on USG firewalls
The sequence numbers of the USG2000, USG5000, and USG6000 are classified into the following types: -Equipment sequence number (ESN) -Component sequence number, indicating the sequence number of each component, including the board sequence number, interface subboard sequence number, optical module sequence number, and power module sequence number For the USG2000 and USG5000, check the sequence number as follows: 1. Check the ESN of the device. display firewall esn Device ESN is: 2102359833Z0C80000xx Alternatively, run the following command: display license Device ESN is: 210235XXXXXXXXXXX //Check the ESN. The file activated is : hda1:/license.dat The time when activated is : 2010/08/31 11:23:45 2. Check the ESN of each slot. display elabel [Board Properties] BoardType=SU2Z23UHT BarCode=210235G425Z0A80000xx //Device ESN Item=0235G425 Description=Secospace USG5100,SU2Z23UHT,USG5150BSR Host,with HS General Security Platform Software Manufactured=2010-08-21 VendorName=HuaweiSymantec [Slot_1] /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=SU11FSHLB BarCode=02G194D0A40000xx //ESN of the board in slot 1 Item=0302G194 Description=SRG20,SU11FSHLB,2 Channel G.shdsl Interface Board,3*1 For the USG6000, check the sequence number as follows: 1. Check the ESN of the device. display firewall esn Device ESN is: 2102359833Z0C80000xx 2. Check the ESN of all slots of the NGFW. display esn License ESN: 2102359833Z0C80000xx Slot # Type S/N P/N - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 SUAZ83UAH 210235G7G70123401230 0235G7G7 2 SUE3E8GF 02G3AC10D5000007 0302G3AC 4 SUE3E4BY 02G3A710D6000007 0302G3A7 8 SUA2E2XSF 02G3C710D6000028 0302G3C7 9 PWR 2102310GQVP0D3000081 02310GQV 10 PWR 2102310GQVP0D3000085 02310GQV 11 RPU 2102359833Z0C800000A 02359833 13 FAN 210212090410D6000034 02120904

Method used to view the mapping between the IP address and the MAC address on USG firewalls
Method used to view the mapping between the IP address and the MAC address on the USG2000, USG5000, and USG6000: You can run the display arp command to view the mapping between the IP address and the MAC address. [USG]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/PVC --------------------------------------------------------------------------- 1.1.2.2 3400-a3d8-f023 I Vlanif300 100.1.1.1 3400-a3d8-f023 I Vlanif200 6.6.6.6 3400-a3d8-f023 I Vlanif2 192.168.108.111 3400-a3d8-f01f I GE0/0/0 192.168.108.222 3400-a3d8-f01f I GE0/0/0 192.168.108.100 d46a-b330-c311 6 D GE0/0/0 192.168.108.113 3400-a3da-e1b0 12 D GE0/0/0 192.168.108.115 200b-c73b-6300 16 D GE0/0/0 192.168.108.114 200b-c73b-5b00 16 D GE0/0/0 I indicates the MAC address of the interface. You can learn the local interface address in I, including the VLANIF interface and L3 interface. D indicates a dynamic entry obtained using the ARP packet. Based on the IP address and MAC address learned by the corresponding interface, you can identify the interface that interworks with a lower-layer device, and determine the MAC address of the device using the IP address. For example, if the IP address of a computer is available, you can determine the MAC address based on the corresponding MAC option. Note: You can view only ARP entries learned by a local device. If devices are far apart from each other, the local device does not need to learn the ARP of the device on the lowest level. In such a case, you cannot view the IP address and MAC address on the local device.

Method used to modify the MAC address on USG firewalls
Method used to modify the MAC address on the USG2000, USG5000, and USG6000: USG firewalls do not support modification of the MAC address.

Method used to view the IP address and MAC address obtained by a DHCP user on USG firewalls
On the USG2000, USG5000, and USG6000, you can view the IP address and MAC address obtained by a DHCP user as follows: Checking on the web UI: Choose Network > DHCP Server > Monitoring. In Address Leases, view the IP address and MAC address allocated by the DHCP server to the DHCP client. As shown in the figure, the IP address allocated by the DHCP server to the DHCP client is 192.168.0.2. Checking on the CLI: On the PC, run the cmd command to enter the DOS environment. Run the ipconfig command to view the IP address of the PC. As shown in the figure, the IP address of the PC is 192.168.0.2. C:\Documents and Settings\Administrator> ipconfig /all Physical Address. . . . . . . . . : 00-21-97-c7-4a-18 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.253 Primary WINS Server . . . . . . . : 192.168.0.254 On the device, run the display arp command to view the MAC address corresponding to the IP address. [USG]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -------------------------------------------------------------------------- 192.168.0.1 00e0-fceb-0377 I - GE0/0/0 192.168.0.2 5489-9870-670d 20 D-0 GE0/0/0 ------------------------------------------------------------------------------ Total:2 Dynamic:1 Static:0 Interface:1

Method used to configure dynamic MAC address entries on USG firewalls
Dynamic MAC address entries are manually configured or learned by a device. They can be aged based on the configuration. To configure a dynamic MAC address entry, in the system or interface view, run the mac-address dynamic mac-address interface-type interface-number vlan vlan-id command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top