Fortinet black logo

Devices Managed by FortiOS

Special notices

Copy Link
Copy Doc ID b66bd869-148d-11eb-96b9-00505692583a:801205
Download PDF

There is an additional command available only on the FG-92D model:

config system global

set hw-switch-ether-filter {enable | disable}

end

By default, the hw-switch-ether-filter command is enabled. When the command is enabled:

  • ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed.
  • BPDUs are dropped, and no STP loop results.
  • PPPoE packets are dropped.
  • IPv6 packets are dropped.
  • FortiSwitch devices are not discovered.
  • HA might fail to form depending on the network topology.

When the hw-switch-ether-filter command is disabled, all packet types are allowed, but, depending on the network topology, an STP loop might result.

To work around this issue:
  1. Use either WAN1 or WAN2 as the HA heartbeat device.
  2. Disable the hw-switch-ether-filter option.

There is an additional command available only on the FG-92D model:

config system global

set hw-switch-ether-filter {enable | disable}

end

By default, the hw-switch-ether-filter command is enabled. When the command is enabled:

  • ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed.
  • BPDUs are dropped, and no STP loop results.
  • PPPoE packets are dropped.
  • IPv6 packets are dropped.
  • FortiSwitch devices are not discovered.
  • HA might fail to form depending on the network topology.

When the hw-switch-ether-filter command is disabled, all packet types are allowed, but, depending on the network topology, an STP loop might result.

To work around this issue:
  1. Use either WAN1 or WAN2 as the HA heartbeat device.
  2. Disable the hw-switch-ether-filter option.