Description
This article describes how to configure RSPAN on Standalone FortiSwitch to capture packets specific to Ports.
Solution
In this example,
- Devices are connected to FortiSwitch-1 and the capture collector is connected to FortiSwitch-2.
- FortiSwitch models used in this example are FS-224E on V7.2.4.
- Trunk is created between both FortiSwitches.
- Vlan-Id 10 is used as RSPAN VLAN.
On Fortiswitch-1 CLI:
Configure RSPAN mirror:
config switch mirror
set status active
set mode RSPAN-manual
set dst "Trunk" ---> Trunk port between the switches.
set switching-packet enable
set src-ingress "port5" "port6" ---> Ports that need traffic to be captured.
set src-egress "port5" "port6"
set encap-vlan-id 10 ---> RSPAN VLAN id.
end
On Fortiswitch-2 CLI:
Here Port3 is connected to capture-collector. Create VLAN and enable RSPAN.
config switch vlan
edit 10
set rspan-vlan enable
end
config switch interface
edit port3
set native-vlan 10
end
To check if this is working:
- Run the below command, to check the linerate on Port3. An increase in Rx, Tx on port 3 will indicate that Traffic is being spanned.
diagnose switch physical-port linerate port3
-
Also, it is possible to connect a laptop on Port3 and through wireshark on the laptop, capture traffic on the nic card of the laptop. Here it should be possible to see the traffic from devices connected on Port5,6.
