Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiBranchSASE 8.0.0 CLI Reference
    8.0.0
    8.0.0
    7.6.5
    7.6.4
    7.6.2
    7.6.0

    config system switch-interface

    config system switch-interface

    Description: View LAN extension settings synced from the FortiGate. You cannot configure these settings directly on the FortiBranchSASE; you must make them through the FortiGate LAN extension profile first.

    config system switch-interface
  edit <name>
    set vlan-support [enable | disable]
    config member 
      edit <name1> 
        set type [ aggregate | physical | vap]
        set port
        set vids {1-4089}
        set pvid {1-4089} 
        set security-8021x-member-mode [enable | disable]
        set security-mac-member-mode [enable | disable]
      next
    end
    set stp [enable | disable]
    set ts-mode [disable | include]
    config traffic-split
    set wired-security-mode [802.1X | mac-filter-allowlist | mac-filter-blocklist | none]
    config mac-filter-list
      edit <name>
        set mac-addr <mac address>
        set mask <mac address>
      next
    end
    set wired-security-group <security group ID>
  next
end

    Sample syntax:

    config system switch-interface
  edit lan
    set vlan-support disable
    config member
      edit port4
        set type physical
        set port port4
        set vids
        set pvid 1
        set security-8021x-member-mode enable
      next
    end
    set stp disable
    set ts-mode disable
    set wired-security-mode 802.1X
    set wired-security-group test
  next
end
    Parametrer Description Type Size Default

    vlan-support

    Enable/disable VLAN support.

    option

    -

    stp Spanning Tree Protocol. option - disable
    Option Description
    enable Enable Spanning Tree Protocol.
    disable Disable Spanning Tree Protocol.

    ts-mode

    Read-only: Split tunnel mode.

    option

    -

    disable

    Option Description
    include Enable Split tunnel mode
    disable Disable Split tunnel mode.

    wired-security-mode

    Turn on 802.1x authentication for this interface.

    option

    -

    wired-security-group

    Names of user groups that can authenticate with the 802.1X.

    option

    -

    dst-mac

    Read-only: MAC address of the remote gateway pushed from FortiOS.

    string

    		 - none

    dst-addr

    Read-only: Destination IP addresses

    string

    		 - none

    services

    Read-only: Internet services.

    options

    		 - none
    config members
    Parameter Description

    Type

    Size

    Default

    config member

    		 Interfaces within the virtual switch.

    option

    -

    none

    name

    		 The LAN port ID.

    string

    -

    none

    type

    Interface type.

    option

    -

    port

    Interface within the virtual switch.

    option

    -

    vap

    Virtual Access Point, which must NOT be configured as a WLAN bridge, will be added as a member of the switch-interface.

    option

    -

    vids

    VLAN ID list.

    integer

    1 to 4089

    pvid

    Port VLAN ID.

    integer

    1 to 4089

    security-8021x-member-mode

    Enable/disable 802.1x authentication on a port.

    Only available on FortiExtender Branch platforms.

    option

    -

    Option Description
    enable Enable 802.1x authentication on the port.
    disable Disable 802.1x authentication on the port.

    security-mac-member-mode

    Enable/disable MAC-addressed based filtering on a port.

    Only available on FortiExtender Branch platforms for G-series models.

    option

    -

    Option Description
    enable Enable MAC-addressed based filtering on the port.
    disable Disable MAC-addressed based filtering on the port.
    Previous
    Next

    config system switch-interface

    config system switch-interface

    Description: View LAN extension settings synced from the FortiGate. You cannot configure these settings directly on the FortiBranchSASE; you must make them through the FortiGate LAN extension profile first.

    config system switch-interface
  edit <name>
    set vlan-support [enable | disable]
    config member 
      edit <name1> 
        set type [ aggregate | physical | vap]
        set port
        set vids {1-4089}
        set pvid {1-4089} 
        set security-8021x-member-mode [enable | disable]
        set security-mac-member-mode [enable | disable]
      next
    end
    set stp [enable | disable]
    set ts-mode [disable | include]
    config traffic-split
    set wired-security-mode [802.1X | mac-filter-allowlist | mac-filter-blocklist | none]
    config mac-filter-list
      edit <name>
        set mac-addr <mac address>
        set mask <mac address>
      next
    end
    set wired-security-group <security group ID>
  next
end

    Sample syntax:

    config system switch-interface
  edit lan
    set vlan-support disable
    config member
      edit port4
        set type physical
        set port port4
        set vids
        set pvid 1
        set security-8021x-member-mode enable
      next
    end
    set stp disable
    set ts-mode disable
    set wired-security-mode 802.1X
    set wired-security-group test
  next
end
    Parametrer Description Type Size Default

    vlan-support

    Enable/disable VLAN support.

    option

    -

    stp Spanning Tree Protocol. option - disable
    Option Description
    enable Enable Spanning Tree Protocol.
    disable Disable Spanning Tree Protocol.

    ts-mode

    Read-only: Split tunnel mode.

    option

    -

    disable

    Option Description
    include Enable Split tunnel mode
    disable Disable Split tunnel mode.

    wired-security-mode

    Turn on 802.1x authentication for this interface.

    option

    -

    wired-security-group

    Names of user groups that can authenticate with the 802.1X.

    option

    -

    dst-mac

    Read-only: MAC address of the remote gateway pushed from FortiOS.

    string

    		 - none

    dst-addr

    Read-only: Destination IP addresses

    string

    		 - none

    services

    Read-only: Internet services.

    options

    		 - none
    config members
    Parameter Description

    Type

    Size

    Default

    config member

    		 Interfaces within the virtual switch.

    option

    -

    none

    name

    		 The LAN port ID.

    string

    -

    none

    type

    Interface type.

    option

    -

    port

    Interface within the virtual switch.

    option

    -

    vap

    Virtual Access Point, which must NOT be configured as a WLAN bridge, will be added as a member of the switch-interface.

    option

    -

    vids

    VLAN ID list.

    integer

    1 to 4089

    pvid

    Port VLAN ID.

    integer

    1 to 4089

    security-8021x-member-mode

    Enable/disable 802.1x authentication on a port.

    Only available on FortiExtender Branch platforms.

    option

    -

    Option Description
    enable Enable 802.1x authentication on the port.
    disable Disable 802.1x authentication on the port.

    security-mac-member-mode

    Enable/disable MAC-addressed based filtering on a port.

    Only available on FortiExtender Branch platforms for G-series models.

    option

    -

    Option Description
    enable Enable MAC-addressed based filtering on the port.
    disable Disable MAC-addressed based filtering on the port.
    Previous
    Next