FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sometimes it is required to modify the MAC address of an interface. However, not all the MAC addresses are valid since there are specific rules specified by the IEEE.
On occasions, the error message 'mac address should not be multicast' may be seen.
For example: When modifying the MAC address of an interface, the FortiGate CLI shows the following:
FGT90D (interface) # edit wan1 FGT90D (wan1) # set macaddr 07:5b:0e:XX:XX:XX mac address should not be multicast node_check_object fail! for macaddr 07:5b:XX:XX:XX value parse error before '07:5b:XX:XX:XX' Command fail. Return code -33
Solution
There is a reason for this error:
By definition, Ethernet frames with a value of 1 in the least-significant bit of the first octet of the destination address are treated as multicast frames and are flooded to all points on the network.
With Ethernet, it is the least-significant bit of an octet that is the first to be transmitted. A multicast is indicated by the first transmitted bit of the destination address being 1.
As an illustration, a MAC address with odd values (1,3,5,7...) have ON the least significant bit for the first octet (in red):
