Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎11-21-2022 10:03 PM Edited on ‎11-21-2022 10:03 PM By Community Manager

Article Id 230480

Technical Tip: How to capture VLAN (Virtual Local Area Networking) tagging (802.1q) packet in FortiGate

Description This article describes how to capture VLAN (Virtual Local Area Networking) tagging (802.1q) packets to investigate the issue further in FortiGate or related situations.
Scope

FortiGate.
Solution

- If there is a VLAN tagging (802.1q) issue at FortiGate where FortiGate may connect to a third-party device, and there are some VLAN issues with third-party devices, it is necessary to filter to investigate the issue further only with specific VLAN tagging (802.1q) packets.

 

- Consider using the following CLI commands to capture VLAN tagging (802.1q)  packets.

It is possible to do it with CLI commands of the FortiGate via Telnet,SSH, or CLI Console on the GUI of FortiGate:.

At CLI command of FortiGate:

 

FGT # diagnose sniffer packet any "ether proto 0x8100" 6 0 l

 

or

 

FGT # diagnose sniffer packet <interface name> "ether proto 0x8100" 6 0 l

 

 

Example:

 

FGT # diagnose sniffer packet any "ether proto 0x8100" 6 0 l

 

interfaces=[any]
filters=[ether proto 0x8100]

2022-09-15 15:45:50.985765 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 B456 3659 1415 C645 1956 6465 8100 000a .jd.i..q..L.....
0x0010 0800 4500 0034 0000 4000 d406 c6e4 1515 ..E..4..@.....#R
0x0020 4545 9595 9595 01bb eb81 4baa a216 df05 .*...X....K.....
0x0030 b289 8012 6903 b990 0000 0204 05b4 0101 ....i...........
0x0040 0402 0103 0308 ......

 

2022-09-15 15:45:50.987306 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 C645 1956 6465 B456 3659 1415 8100 000a .q..L..jd.i.....
0x0010 0800 4500 0028 983f 4000 8006 82b1 9595 ..E..(.?@.......
0x0020 9595 1515 4545 eb81 01bb df05 b289 4baa .X#R.*........K.
0x0030 a217 5010 0402 5f65 0000 ..P..._e..

 

2022-09-15 15:45:51.058182 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 ffff ffff ffff 3956 2424 B654 8100 000a ......0.#R.C....
0x0010 0800 4500 0024 50e9 0000 8011 c775 9595 ..E..$P......u..
0x0020 9565 ffff ffff 1388 0f74 0010 7853 4211 .`.......t..xSB.
0x0030 0002 0000 0001 ......

 

2022-09-15 15:45:51.067819 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 B456 3659 1415 C645 1956 6465 8100 000a .jd.i..q..L.....
0x0010 0800 4500 0028 d16e 4000 d406 f581 1515 ..E..(.n@.....#R
0x0020 4545 9595 9595 01bb eb81 4baa a217 df05 .*...X....K.....
0x0030 b346 5010 006e 623c 0000 .FP..nb<..

 

2022-09-15 15:45:51.068104 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 B456 3659 1415 C645 1956 6465 8100 000a .jd.i..q..L.....
0x0010 0800 4500 0028 d16f 4000 d406 f580 1515 ..E..(.o@.....#R
0x0020 4545 9595 9595 01bb eb81 4baa a217 df05 .*...X....K.....
0x0030 b346 5010 006e 623c 0000 .FP..nb<..

 

2022-09-15 15:45:51.068959 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 B456 3659 1415 C645 1956 6465 8100 000a .jd.i..q..L.....
0x0010 0800 4500 0245 d172 4000 d406 f360 1515 ..E..E.r@....`#R
0x0020 4545 9595 9595 01bb eb81 4baa ad7f df05 .*...X....K.....
0x0030 b346 5018 006e dd0a 0000 0493 e893 50c3 .FP..n........P.
0x0040 d9b1 e2e1 68b7 3a09 74f1 3458 0a3f 7798 ....h.:.t.4X.?w.
0x0050 40b8 e668 ff5d e4c8 46c5 ec81 d7c9 8218 @..h.]..F.......
0x0060 5c83 ce71 d8bc bfac 9902 93db 9498 84d2 \..q............
0x0070 9ca6 b5fe 5cbb f04a af21 acc2 3f49 2467 ....\..J.!..?I$g
0x0080 d62e 8ecf accc 6415 1872 e56c 77d3 52a8 ......d..r.lw.R.
0x0090 b9dd 8dac 004a 3519 d46f 73a3 75ef 6b64 .....J5..os.u.kd
0x00a0 c3e0 8d83 12a1 8ae7 0e86 4dd8 b420 1bbe ..........M.....
0x00b0 6aa5 8c4b 6866 e32b c758 0bfb 5610 d491 j..Khf.+.X..V...
0x00c0 fb1d d331 5810 8c44 e375 7b10 9db5 38b1 ...1X..D.u{...8.
0x00d0 f6aa ca81 646c e8f2 e281 5597 517f e1c2 ....dl....U.Q...
0x00e0 2750 a2c9 3c5b 0043 f65b b9d5 a5fc ff07 'P..<[.C.[......
0x00f0 5040 6707 b055 f0b7 7e6e 2dcc 1603 0301 P@g..U..~n-.....
0x0100 4d0c 0001 4903 0017 4104 0261 315d a779 M...I...A..a1].y
0x0110 7224 cbd7 6f11 5872 7681 0981 a0c3 5b56 r$..o.Xrv.....[V
0x0120 b85c 7f60 60e3 35cf 23b3 2a94 7f73 ba89 .\.``.5.#.*..s..
0x0130 f5dd 8f14 0e56 7d3f 61c6 2c3a 5f8a 2745 .....V}?a.,:_.'E
0x0140 0694 2396 33b9 58ca 30af 0601 0100 2f76 ..#.3.X.0...../v
0x0150 6cac 29d5 a225 f0de 2bf8 ffea fb36 597c l.)..%..+....6Y|
0x0160 f557 fc0b 8ff3 7715 f0ee b991 cd4c 3757 .W....w......L7W
0x0170 29c8 e154 73ce a799 1cfe 85c0 0503 e8ef )..Ts...........
0x0180 4e1a 6ba6 aa71 94df 9300 cefe 1da7 7916 N.k..q........y.
0x0190 2b75 4a93 a952 fcc0 7d14 dbe1 a1a8 fc4a +uJ..R..}......J
0x01a0 3db2 bedc f240 d270 8d53 582c 81e0 3d0a =....@.p.SX,..=.
0x01b0 c9b3 92a3 a2e6 aedc e993 ed77 6b17 ed19 ...........wk...
0x01c0 0250 b621 da65 e6ce 88d1 b435 f6de 23f0 .P.!.e.....5..#.
0x01d0 17ba e892 f9ec 1dd7 44a9 947d 204a c5b4 ........D..}.J..
0x01e0 cfed fa96 a393 570c 42f8 c4bc 564c 9f7b ......W.B...VL.{
0x01f0 5d19 ef6b 18dd dae3 604a 7894 acad b788 ]..k....`Jx.....
0x0200 6d4c dcf0 f86a cf44 653e 1088 36e3 1b32 mL...j.De>..6..2
0x0210 1db1 c8e7 d77c 29f9 5fe5 b89f 02cc 80d3 .....|)._.......
0x0220 9a4b b299 656e b9ec 21aa c27d c67a 9dad .K..en..!..}.z..
0x0230 8e75 4581 ae4b d779 5397 5131 c512 7e22 .uE..K.yS.Q1..~"
0x0240 bf75 3c4c 4d0a 83a3 5f63 bb16 332a 1603 .u<LM..._c..3*..
0x0250 0300 040e 0000 00 .......

 

2022-09-15 15:45:51.069554 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 C645 1956 6465 B456 3659 1415 8100 000a .q..L..jd.i.....
0x0010 0800 4500 0028 9841 4000 8006 82af 9595 ..E..(.A@.......
0x0020 9595 1515 4545 eb81 01bb df05 b346 4baa .X#R.*.......FK.
0x0030 af9c 5010 0402 5123 0000 ..P...Q#.. 1.

 

2022-09-15 15:45:51.070978 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 C645 1956 6465 B456 3659 1415 8100 000a .q..L..jd.i.....
0x0010 0800 4500 00a6 9842 4000 8006 8230 9595 ..E....B@....0..
0x0020 9595 1515 4545 eb81 01bb df05 b346 4baa .X#R.*.......FK.
0x0030 af9c 5018 0402 e743 0000 1603 0300 4610 ..P....C......F.
0x0040 0000 4241 04ef 686e 276f 4771 582b 5f91 ..BA..hn'oGqX+_.
0x0050 8407 d0e2 65af 09b5 dcf3 8bea 9900 cfd6 ....e...........
0x0060 f442 e9a1 4ad6 bb20 5386 ef22 9639 8c38 .B..J...S..".9.8
0x0070 889a a953 8802 b67d a0e3 8030 5e59 90cf ...S...}...0^Y..
0x0080 4afa 7e30 3514 0303 0001 0116 0303 0028 J.~05..........(
0x0090 0000 0000 0000 0000 69df 5bef dab0 db01 ........i.[.....
0x00a0 fae6 565b f1e7 7792 142c cab5 3c8f a3f7 ..V[..w..,..<...
0x00b0 41c9 2e29 8e1c db28 A..)...(

 

2022-09-15 15:45:51.123785 VlanTst10 -- 802.1Q vlan#10 P0
0x0000 C645 1956 6465 59af 3695 9595 8100 000a .q..L..jd.......
0x0010 0800 4500 0034 e1d4 4000 8006 633e 9595 ..E..4..@...c>..
0x0020 183d c0a8 d2c0 eeb6 238c 5a6f cc36 0000 .=......#.Zo.6..
0x0030 0000 8002 faf0 8585 0000 0204 05b4 0103 ................
0x0040 0308 0101 0402 ......

 

1393
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.