| Description | This article describes how to capture VLAN (Virtual Local Area Networking) tagging (802.1q) packets to investigate the issue further in FortiGate or related situations. |
| Scope |
FortiGate. |
| Solution |
If there is a VLAN tagging (802.1q) issue at FortiGate where FortiGate may connect to a third-party device, and there are some VLAN issues with third-party devices, it is necessary to filter to investigate the issue further only with specific VLAN tagging (802.1q) packets.
Consider using the following CLI commands to capture VLAN tagging (802.1q) packets. It is possible to do it with CLI commands of the FortiGate via Telnet, SSH, or CLI Console on the GUI of FortiGate.
FGT # diagnose sniffer packet any "ether proto 0x8100" 6 0 l
or
FGT # diagnose sniffer packet <interface name> "ether proto 0x8100" 6 0 l
Example:
FGT # diagnose sniffer packet any "ether proto 0x8100" 6 0 l
interfaces=[any] 2022-09-15 15:45:50.985765 VlanTst10 -- 802.1Q vlan#10 P0
2022-09-15 15:45:50.987306 VlanTst10 -- 802.1Q vlan#10 P0
2022-09-15 15:45:51.058182 VlanTst10 -- 802.1Q vlan#10 P0
From the GUI: The VLAN tag (802.1q) can also be seen in packet capture from the GUI. Go to Network-->Diagnostics --> Packet Capture. Select the appropriate interface and use the advanced filter 'ether proto 0x8100'.
The VLAN ID can be seen when selecting one of the captured packets:
Related articles: Technical Tip: Understanding DHCP Server and DHCP Relay functionality on FortiGate Troubleshooting Tip: Client receives the wrong DHCP scope Troubleshooting Tip: Check DHCP Messages with VLAN Tag using Wireshark Packet Capture |
