You need to mirror traffic from a source port on Switch A to a monitoring device on Switch C. For that purpose, you're configuring Remote Switched Port Analyzer (RSPAN).1Due to the nature of RSPAN, what is the best practice when setting it up? (Choose one answer)
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, Remote Switched Port Analyzer (RSPAN) is a method used to monitor traffic across a network of switches by carrying mirrored traffic over a specific RSPAN VLAN. Because RSPAN floods mirrored traffic to all ports that are members of that specific VLAN across the intermediate switches (Switch B, etc.) until it reaches the destination port, it is critical to manage how that traffic is isolated.
The documentation explicitly states that the best practice is touse a dedicated VLAN assigned only to monitoring devices (Option B). When a VLAN is designated for RSPAN, the switch disables MAC address learning on that VLAN to ensure that the mirrored traffic---which contains the source and destination MAC addresses of the original conversation---does not interfere with the switch's normal MAC address table entries for those devices.2
Using a VLAN that already carries regular data traffic (Option A) would result in a massive amount of duplicate traffic being flooded to normal production hosts, leading to network congestion and potential security risks. Similarly, using a dynamic VLAN that includes all ports (Option C) would cause the mirrored traffic to be broadcast to every port in the switch fabric, significantly degrading performance. Finally, using the RSPAN VLAN as a native VLAN (Option D) is not recommended because native VLANs typically handle untagged traffic, whereas RSPAN requires consistent tagging to ensure the mirrored packets stay within the isolated monitoring domain across trunk links. Therefore, creating a unique, dedicated VLAN that is used exclusively for the transport of mirrored traffic is the architectural standard for FortiSwitch RSPAN deployments.
Currently there are no comments in this discussion, be the first to comment!