Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Configuring an RSPAN mirror

NOTE: RSPAN traffic crossing a switch on a VLAN configured with “RSPAN-VLAN” enabled will appear as unknown unicast, multicast, or broadcast traffic. This traffic is not exempt from storm control and might be rate limited as a result. To avoid this issue, you can dedicate a port or ports to RSPAN and then disable storm control on those ports. Non-RSPAN VLANs can be used on those ports as well, but they will not be protected by storm control.

Using the GUI:
  1. Go to Switch > Mirror.
  2. Select Add Port Mirror.
  3. Enter a name for the mirror.
  4. Select Enabled to make the mirror active.
  5. Select a destination interface.
    NOTE: The destination interface cannot be part of a trunk.
  6. Select from the excluded ports which ports to include for ingress mirroring and egress mirroring.
    NOTE: Only one active egress mirror session is allowed.
  7. Select Packet Switching When Mirroring if the destination port is not a dedicated port. For example, enable this option if you connect a laptop to the switch and you are running a packet sniffer along with the management GUI on the laptop.
  8. Select RSPAN for the mode.
  9. In the VLAN ID field, enter the VLAN identifier for the RSPAN VLAN header.
  10. In the TPID field, enter the tag protocol identifier (TPID) for the encapsulating VLAN header.
    The default value, 0x8100, is for an IEEE 802.1Q-tagged frame.
  11. In the Priority field, enter the class of service (CoS) bits in the RSPAN VLAN header.
    NOTE: This option is not available on the 248D, 248D-POE, 248D-FPOE, 248E, 248E-POE, 248E-FPOE, 448D, 448D-POE, and 448D-FPOE models.
  12. In the CFI/DEI field, enter the canonical format identifier (CFI) or drop eligible indicator (DEI) bit in the RSPAN VLAN header.
    NOTE: This option is not available on the 248D, 248D-POE, 248D-FPOE, 248E, 248E-POE, 248E-FPOE, 448D, 448D-POE, and 448D-FPOE models.
  13. Select Create to create the mirror.
Using the CLI:

config switch mirror

edit <mirror session name>

set mode RSPAN

set dst <interface>

set switching-packet {enable | disable}

set src-ingress <interface_name>

set src-egress <interface_name>

set encap-vlan-tpid <0x0001-0xfffe>

set encap-vlan-priority <0-7>

set encap-vlan-cfi <0-1>

set encap-vlan-id <1-4094>

set status active

end

Configuring an RSPAN mirror

NOTE: RSPAN traffic crossing a switch on a VLAN configured with “RSPAN-VLAN” enabled will appear as unknown unicast, multicast, or broadcast traffic. This traffic is not exempt from storm control and might be rate limited as a result. To avoid this issue, you can dedicate a port or ports to RSPAN and then disable storm control on those ports. Non-RSPAN VLANs can be used on those ports as well, but they will not be protected by storm control.

Using the GUI:
  1. Go to Switch > Mirror.
  2. Select Add Port Mirror.
  3. Enter a name for the mirror.
  4. Select Enabled to make the mirror active.
  5. Select a destination interface.
    NOTE: The destination interface cannot be part of a trunk.
  6. Select from the excluded ports which ports to include for ingress mirroring and egress mirroring.
    NOTE: Only one active egress mirror session is allowed.
  7. Select Packet Switching When Mirroring if the destination port is not a dedicated port. For example, enable this option if you connect a laptop to the switch and you are running a packet sniffer along with the management GUI on the laptop.
  8. Select RSPAN for the mode.
  9. In the VLAN ID field, enter the VLAN identifier for the RSPAN VLAN header.
  10. In the TPID field, enter the tag protocol identifier (TPID) for the encapsulating VLAN header.
    The default value, 0x8100, is for an IEEE 802.1Q-tagged frame.
  11. In the Priority field, enter the class of service (CoS) bits in the RSPAN VLAN header.
    NOTE: This option is not available on the 248D, 248D-POE, 248D-FPOE, 248E, 248E-POE, 248E-FPOE, 448D, 448D-POE, and 448D-FPOE models.
  12. In the CFI/DEI field, enter the canonical format identifier (CFI) or drop eligible indicator (DEI) bit in the RSPAN VLAN header.
    NOTE: This option is not available on the 248D, 248D-POE, 248D-FPOE, 248E, 248E-POE, 248E-FPOE, 448D, 448D-POE, and 448D-FPOE models.
  13. Select Create to create the mirror.
Using the CLI:

config switch mirror

edit <mirror session name>

set mode RSPAN

set dst <interface>

set switching-packet {enable | disable}

set src-ingress <interface_name>

set src-egress <interface_name>

set encap-vlan-tpid <0x0001-0xfffe>

set encap-vlan-priority <0-7>

set encap-vlan-cfi <0-1>

set encap-vlan-id <1-4094>

set status active

end