New Member

Question

SPAN (Port Mirror)

Forum|Forum|1 year ago
February 5, 2025
11 replies
2730 views

Unable to create a span session under a vlan switch in fortios 7.2.8

FortiGate

Toshi_Esumi

SuperUser

Please share us your config under "config system virtual-switch"(hard-switch) or "config system switch-interface"(soft-switch), whichever you configured.

Toshi

ITGEMINIAuthor

New Member

config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "port1"
next
edit "port8"
next
end
next
end

Toshi_Esumi

SuperUser

You need to enable SPAN on the virtual-switch.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-SPAN-Port-Mirroring-using-ports-associated-to/ta-p/191137

Toshi

ITGEMINIAuthor

New Member

it tried here is the command and response

min-201G (virtual-switch) # edit "lan"

Admin-201G (lan) # set span enable

command parse error before 'span'
Command fail. Return code -61

Admin-201G (lan) #

Toshi_Esumi

SuperUser

Maybe G series has different command or not supported yet? Does anyone else know?

Toshi

ITGEMINIAuthor

New Member

it appears that through the gui it will not allow span on vlan switches only.

Toshi_Esumi

SuperUser

The 7.2.10 CLI referece says "* This parameter may not exist in some models."

https://docs.fortinet.com/document/fortigate/7.2.10/cli-reference/101854390/config-system-virtual-switch

Toshi

ITGEMINIAuthor

New Member

it works under a virtual switch but not under the vlan switch.

Toshi_Esumi

SuperUser

You're talking about GUI, right? Can you check the CLI under config sys virtual-switch when you configured it in GUI under VLAN switch?
The CLI part should be the same between VLAN switch and hard-switch (virtual-switch).

Toshi

ITGEMINIAuthor

New Member

what i sent early was the cli for the virtual switch that the vlan switch is set up under.

Toshi_Esumi

SuperUser

Ok, then it must be configured at a different place. Can you get in CLI at the top hierarchy, then run "show | grep -f span"?
That would show you the config block that has "span" configured.

Toshi

ITGEMINIAuthor

New Member

Admin-201G # show | grep -f span
config switch-controller initial-config template
edit "rspan" <---
set vlanid 4092
set dhcp-server enable
next
end

Toshi_Esumi

SuperUser

That's just a FortiSwitch config template. So it's not configured anywhere even you can configure it in GUI.

Toshi

Toshi_Esumi

SuperUser

You might need to open a ticket at TAC to get any definitive answer.

Toshi

Show more replies

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded