Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring an ERSPAN auto mirror

For an ERSPAN auto mirror, traffic on specified ports is mirrored to the specified destination interface using ERSPAN encapsulation. The header contents are automatically configured; you only need to specify the ERSPAN collector address.

Using the GUI:
  1. Go to Switch > Mirror.
  2. Select Add Port Mirror.
  3. Enter a name for the mirror.
  4. Select Enabled to make the mirror active.
  5. Select from the excluded ports which ports to include for ingress mirroring and egress mirroring.
    NOTE: Only one active egress mirror session is allowed.
  6. Select ERSPAN Auto for the mode.
  7. Enable Strip VLAN Tags from Mirrored Traffic if you want to remove VLAN tags from mirrored traffic.
  8. In the Collector IP field, enter the IP address for the ERSPAN collector.
  9. In the IPv4 TTL field, enter the IPv4 time-to-live (TTL) value in the ERSPAN IP header.
  10. In the IPv4 TOS field, enter the type of service (ToS) value or enter the DSCP and ECN values in the ERSPAN IP header.
  11. In the GRE Protocol field, enter the protocol value in the ERSPAN GRE header.
  12. In the TPID field, enter the TPID for the encapsulating VLAN header.
    The default value, 0x8100, is for an IEEE 802.1Q-tagged frame.
  13. In the Priority field, enter the CoS bits in the ERSPAN VLAN header.
  14. In the CFI/DEI field, enter the CFI or DEI bit in the ERSPAN VLAN header.
  15. Select Create to create the mirror.
Using the CLI:

config switch mirror

edit <mirror session name>

set mode ERSPAN-auto

set encap-gre-protocol <hexadecimal_integer>

set encap-ipv4-tos <hexadecimal_integer>

set encap-ipv4-ttl <0-255>

set encap-vlan-cfi <0-1>

set encap-vlan-priority <0-7>

set encap-vlan-tpid <0x0001-0xfffe>

set erspan-collector-ip <0.0.0.1-255.255.255.255>

set src-egress <interface_name>

set src-ingress <interface_name>

set strip-mirrored-traffic-tags {disable | enable}

set status active

end

Configuring an ERSPAN auto mirror

For an ERSPAN auto mirror, traffic on specified ports is mirrored to the specified destination interface using ERSPAN encapsulation. The header contents are automatically configured; you only need to specify the ERSPAN collector address.

Using the GUI:
  1. Go to Switch > Mirror.
  2. Select Add Port Mirror.
  3. Enter a name for the mirror.
  4. Select Enabled to make the mirror active.
  5. Select from the excluded ports which ports to include for ingress mirroring and egress mirroring.
    NOTE: Only one active egress mirror session is allowed.
  6. Select ERSPAN Auto for the mode.
  7. Enable Strip VLAN Tags from Mirrored Traffic if you want to remove VLAN tags from mirrored traffic.
  8. In the Collector IP field, enter the IP address for the ERSPAN collector.
  9. In the IPv4 TTL field, enter the IPv4 time-to-live (TTL) value in the ERSPAN IP header.
  10. In the IPv4 TOS field, enter the type of service (ToS) value or enter the DSCP and ECN values in the ERSPAN IP header.
  11. In the GRE Protocol field, enter the protocol value in the ERSPAN GRE header.
  12. In the TPID field, enter the TPID for the encapsulating VLAN header.
    The default value, 0x8100, is for an IEEE 802.1Q-tagged frame.
  13. In the Priority field, enter the CoS bits in the ERSPAN VLAN header.
  14. In the CFI/DEI field, enter the CFI or DEI bit in the ERSPAN VLAN header.
  15. Select Create to create the mirror.
Using the CLI:

config switch mirror

edit <mirror session name>

set mode ERSPAN-auto

set encap-gre-protocol <hexadecimal_integer>

set encap-ipv4-tos <hexadecimal_integer>

set encap-ipv4-ttl <0-255>

set encap-vlan-cfi <0-1>

set encap-vlan-priority <0-7>

set encap-vlan-tpid <0x0001-0xfffe>

set erspan-collector-ip <0.0.0.1-255.255.255.255>

set src-egress <interface_name>

set src-ingress <interface_name>

set strip-mirrored-traffic-tags {disable | enable}

set status active

end