Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Display Interface MAC Addresses - Knowledge Base - Palo Alto Networks

How to Display Interface MAC Addresses

262794
Created On 09/26/18 13:51 PM - Last Modified 05/31/23 20:57 PM


Resolution


Overview

This document describes how to display interface MAC addresses.

 

Details

The various CLI commands provided below, will display the MAC addresses of the Palo Alto Network interfaces including an HA cluster.

For example to display the MACs for all interfaces on the Palo Alto Networks:

> show interface all


total configured hardware interfaces: 15
name                    id    speed/duplex/state        mac address
-------------------------------------------------------------------------------
ethernet1/1             16    1000/full/up              00:1b:17:05:2c:10
ethernet1/2             17    1000/full/up              00:1b:17:05:2c:11
ethernet1/3             18    unknown/unknown/down      00:1b:17:00:0b:12
ethernet1/4             19    unknown/unknown/down      00:1b:17:00:0b:13
ethernet1/5             20    1000/full/up              00:1b:17:00:0b:14
ethernet1/6             21    1000/full/up              00:1b:17:00:0b:15
ethernet1/7             22    unknown/unknown/down      00:1b:17:00:0b:16
ethernet1/8             23    100/full/up               00:1b:17:00:0b:17
ethernet1/9             24    100/full/up               00:1b:17:00:0b:18
ethernet1/10            25    100/full/up               00:1b:17:00:0b:19
ethernet1/11            26    unknown/unknown/down      00:1b:17:00:0b:1a
ethernet1/12            27    unknown/unknown/down      00:1b:17:00:0b:1b
vlan                    1     [n/a]/[n/a]/up            00:1b:17:00:0b:01
loopback                3     [n/a]/[n/a]/up            00:1b:17:00:0b:03
tunnel                  4     [n/a]/[n/a]/up            00:1b:17:00:0b:04

 

total configured logical interfaces: 21

 

To display an individual interface indicate the specific interface in the following command:

> show interface ethernet1/1

 

For example:

> show interface ethernet1/1

-------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Link status:
  Runtime link speed/duplex/state: 1000/full/up
  Configured link speed/duplex/state: auto/auto/up
MAC address:
  Port MAC address 00:1b:17:05:2c:10
Operation mode: ha
-------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Operation mode: ha
Interface IP address: 2.2.2.2/24
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: N/A

-------------------------------------------------------------------------------
Physical port counters read from MAC:
-------------------------------------------------------------------------------
rx-broadcast                  0

 

The following command displays the MAC addresses of an HA cluster:

> show high-availability state

 

For example:

> show high-availability state

Group 1:

  Local Information:

    Version: 1

    State: active

    Priority: 200

    Preemptive: False

    Platform Model: PA-4050

    Version information:

      Build Release: 3.0.5

      URL Database: 3233

      Application Content: 160-463

      Threat Content: 160-463

      VPN Client Software: 1.0.2

    Passive Hold Interval: 10 ms

    Passive Link State: auto

    Hello Message Interval: 1000 ms

    Management IP Address: 10.30.14.7; netmask: 255.255.255.0

    HA1 IP Address: 1.1.1.2; netmask: 255.255.255.0

    HA1 MAC Address: 00:30:48:5d:45:f7

    HA1 encryption enabled: False

    HA2 MAC Address: 00:1b:17:01:18:06

    Running Configuration: synchronized

    State Synchronization: synchronized

    Application Content Compatibility: Match

    Threat Content Compatibility: Match

    VPN Client Software Compatibility: Match

  Peer Information:

    Connection status: up

    Version: 1

    State: passive

    Priority: 1

    Preemptive: False

    Platform Model: PA-4050

    Version information:

      Build Release: 3.0.5

      URL Database: 3233

      Application Content: 160-463

      Threat Content: 160-463

      VPN Client Software: 1.0.2

    Management IP Address: 10.30.14.6

    HA1 IP Address: 1.1.1.1

    HA1 MAC Address: 00:30:48:5d:0c:c1

    HA2 MAC Address: 00:1b:17:01:14:06

 

On the L3 interfaces, the MAC address listed for an interface using the command show interface all for an HA cluster are the VMAC.

The format of the virtual MAC is 00-1B-17:00: xx: yy where

  • 00-1B-17: vendor ID
  • 00: fixed
  • xx: HA group ID
  • yy: interface ID

 

The following CLI command displays VMAC and VIP for Active-Active HA cluster:

> show high-availability virtual-address

 

For example:

> show high-availability virtual-address

Total interfaces with virtual address configured:   2
Total virtual addresses configured:                 2
--------------------------------------------------------------------------------
Interface: ethernet1/1
  Virtual MAC:               00:1b:17:00:05:10
  Virtual MAC from the peer: 00:1b:17:00:85:10
  107.204.232.53                          Active:yes    Type:floating
--------------------------------------------------------------------------------
Interface: ethernet1/6
  Virtual MAC:               00:1b:17:00:05:15
  Virtual MAC from the peer: 00:1b:17:00:85:15
  192.168.90.1                            Active:yes    Type:floating
--------------------------------------------------------------------------------

 

The following CLI command displays VMAC for Active-Passive HA cluster:

> show interface all

ethernet1/5             20    1000/full/up              00:1b:17:00:0b:14

 

In the above output example, HA Group ID = 0b Hex (11 Decimal) and Interface ID = 14 Hex (20 Decimal).

 

Note: The MAC addresses of the HA1 interfaces, which are on the control plane and synchronize the configuration of the devices are unique. The MAC addresses of the HA2 interfaces, which are on the data plane and synchronize the active sessions mirror each other.

 

owner: gcapuno



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CluMCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language