U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet NSE5_FSW_AD-7.6 Exam - Topic 3 Question 13 Discussion

You need to mirror traffic from a source port on Switch A to a monitoring device on Switch C. For that purpose, you're configuring Remote Switched Port Analyzer (RSPAN).1Due to the nature of RSPAN, what is the best practice when setting it up? (Choose one answer)
B) Use a dedicated VLAN assigned only to monitoring devices.
A) Use the same VLAN already configured for regular data traffic.
C) Use a dynamic VLAN that includes all switch ports.
D) Use the RSPAN VLAN as a native VLAN on all trunk ports.

Fortinet NSE5_FSW_AD-7.6 Exam - Topic 3 Question 13 Discussion

Actual exam question for Fortinet's NSE5_FSW_AD-7.6 exam
Question #: 13
Topic #: 3
[All NSE5_FSW_AD-7.6 Questions]

You need to mirror traffic from a source port on Switch A to a monitoring device on Switch C. For that purpose, you're configuring Remote Switched Port Analyzer (RSPAN).1Due to the nature of RSPAN, what is the best practice when setting it up? (Choose one answer)

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, Remote Switched Port Analyzer (RSPAN) is a method used to monitor traffic across a network of switches by carrying mirrored traffic over a specific RSPAN VLAN. Because RSPAN floods mirrored traffic to all ports that are members of that specific VLAN across the intermediate switches (Switch B, etc.) until it reaches the destination port, it is critical to manage how that traffic is isolated.

The documentation explicitly states that the best practice is touse a dedicated VLAN assigned only to monitoring devices (Option B). When a VLAN is designated for RSPAN, the switch disables MAC address learning on that VLAN to ensure that the mirrored traffic---which contains the source and destination MAC addresses of the original conversation---does not interfere with the switch's normal MAC address table entries for those devices.2

Using a VLAN that already carries regular data traffic (Option A) would result in a massive amount of duplicate traffic being flooded to normal production hosts, leading to network congestion and potential security risks. Similarly, using a dynamic VLAN that includes all ports (Option C) would cause the mirrored traffic to be broadcast to every port in the switch fabric, significantly degrading performance. Finally, using the RSPAN VLAN as a native VLAN (Option D) is not recommended because native VLANs typically handle untagged traffic, whereas RSPAN requires consistent tagging to ensure the mirrored packets stay within the isolated monitoring domain across trunk links. Therefore, creating a unique, dedicated VLAN that is used exclusively for the transport of mirrored traffic is the architectural standard for FortiSwitch RSPAN deployments.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel