Technical Tip: Configure port mirror (SPAN) on SSID

1. Configure SSID:

config wireless-controller vap

    edit example_wlan

        set ssid “fortinet”

        set local-bridging enable

        set schedule always

        set vdom root

    end

config system interface

    edit “Test”

        set vdom “root”

        set type vap-switch

        set role lan

        set snmp-index 17

    next

2. Create switch-interface:

config system switch-interface

    edit "SW1"

        set vdom "root"

        set member "Test" "internal1"

        set span enable

        set span-dest-port "internal1"

        set span-source-port "Test"

        set span-direction both

    next

end

3. Add source, destination ports, and direction.

config system switch-interface

    edit "SW1"

        set vdom "root"

        set member "Test" "internal1"

        set span enable

        set span-dest-port "internal1"

        set span-source-port "Test"

        set span-direction both

    next

end

Source Port: SSID interface.

Destination port: Packets are forwarded to this port.

Traffic out: Only transmitted packets are copied from the source to the destination SPAN port.

Traffic In: Only received packets are copied from the source to the destination SPAN port.

Both: Both transmitted and received packets are copied from the source to the destination SPAN port.