Description | This article discusses about Port Mirroring/Spanning with FortiSwitches managed by FortiGate to call recording server. |
Scope | Multiple FortiSwitches managed by FortiGate, Call recording. |
Solution |
Port Mirroring/Spanning on FortiSwitches managed by FortiGate using ERSPAN.
Use Cases: - User wants to span voice traffic to a call-recording server. - Mirroring/Spanning ports on multiple FortiSwitches to a port sniffing traffic (using Wireshark).
Assumptions for this example: - The user has multiple FortiSwitches. - Phones are plugged into the Ports on the FortiSwitches. - FortiSwitchesare Managed by the FortiGate. - The sniffer ethernet port on the call recording server uses the same IP range as the phones and on the same VLAN as the phones.
Example: - Call recording server-192.168.1.2/24. - the Port is on the 'VOICE' VLAN. - Phones – 192.168.1.x/24. - There is a VOICE, DATA, rspan.fortilink (by default created). VLAN is already created.
Configuration on the FortiGate:
# config switch-controller traffic-sniffer set erspan-ip 192.168.1.2 <----- IP address of the recording call server port sniffing traffic. config target-port edit "S224FORTISWITCH" set in-ports "port6" set out-ports "port6" next edit "S448OTHERFORTISWITCH" set in-ports "port14" "port15" "port16" set out-ports "port14" "port15" "port16" next end end
Configuration on FortiSwitch Port: Native VLAN – 'DATA'. Allowed Vlans – 'VOICE and rspan.fortilink'.
Create a Firewall policy in the CLI to allow traffic from the FortiLink interface to the voice interface.
# config firewall policy
- Make a phone call. - Use the commands below:
# show switch-controller traffic-sniffer # diagnose switch-controller switch-info mirror status
- Open Wireshark and verify (erspan) traffic is reaching the server. Verify the VoIP call - in Wireshark, navigate to telephony -> VoIP call. - After traffic is visible on Wireshark from the phones, test the call recording application. |