Fortinet black logo

FortiSwitch (FortiLink) Cookbook

Home FortiSwitch 6.4.6 FortiSwitch (FortiLink) Cookbook

Remote sampling of a MAC address

6.4.6
6.4.6
6.4.2
6.0.1
Copy Link
Copy Doc ID 6ef27415-7086-11eb-9995-00505692583a:96442
Download PDF

Remote sampling of a MAC address

The following is a basic FortiOS configuration for remote sampling:

config switch-controller traffic-sniffer

set erspan-ip 192.168.41.100 // the target IP address for the traffic, which is routed through the FortiGate unit

config target-mac

edit 28:d2:44:ea:e7:8e // a specific MAC address you want to examine

next

end

end

In this example, the IP address is a remote end station (such as a desktop PC connected to a network, which is accessed through the FortiGate unit). The traffic is delivered to the FortiGate unit and then routed to the PC where you can use a packet analyzer to examine it. Specific targeted MAC addresses or IP addresses are only sampled when the traffic enters the FortiSwitch fabric (the network perimeter), so you only see one copy of the frame in the sampling.

Remote sampling of a FortiSwitch port

One common use case is to enable sniffing on a FortiSwitch port for quick debugging.

FortiGate-100E # config switch-controller traffic-sniffer

set erspan-ip 10.254.253.254 // the traffic is sent only to the FortiGate unit

config target-port

edit "S424DP3X17000354"

set in-ports "port1" // mirror all traffic to/from the switch port to FortiGate

set out-ports "port1"

next

end

end

Previous
Next

Remote sampling of a MAC address

The following is a basic FortiOS configuration for remote sampling:

config switch-controller traffic-sniffer

set erspan-ip 192.168.41.100 // the target IP address for the traffic, which is routed through the FortiGate unit

config target-mac

edit 28:d2:44:ea:e7:8e // a specific MAC address you want to examine

next

end

end

In this example, the IP address is a remote end station (such as a desktop PC connected to a network, which is accessed through the FortiGate unit). The traffic is delivered to the FortiGate unit and then routed to the PC where you can use a packet analyzer to examine it. Specific targeted MAC addresses or IP addresses are only sampled when the traffic enters the FortiSwitch fabric (the network perimeter), so you only see one copy of the frame in the sampling.

Remote sampling of a FortiSwitch port

One common use case is to enable sniffing on a FortiSwitch port for quick debugging.

FortiGate-100E # config switch-controller traffic-sniffer

set erspan-ip 10.254.253.254 // the traffic is sent only to the FortiGate unit

config target-port

edit "S424DP3X17000354"

set in-ports "port1" // mirror all traffic to/from the switch port to FortiGate

set out-ports "port1"

next

end

end

Previous
Next