Optional setup tasks
This section describes the following tasks:
- Configuring the FortiSwitch management port
- Converting to FortiSwitch standalone mode
- Changing the admin password on the FortiGate for all managed FortiSwitch units
- Enabling network-assisted device detection
- Limiting the number of parallel process for FortiSwitch configuration
Configuring the FortiSwitch management port
If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.
Using the Web administration GUI
- Go to Network > Static Routes > Create New > Route.
- Set Destination to Subnet and enter a subnetwork and mask.
- Set Device to the management interface.
- Add a Gateway IP address.
Using the FortiSwitch CLI
Enter the following commands:
config router static
edit 1
set device mgmt
set gateway <router IP address>
set dst <router subnet> <subnet mask>
end
end
In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:
config router static
edit 1
set device mgmt
set gateway 192.168.0.10
set dst 192.168.0.0 255.255.0.0
end
end
Converting to FortiSwitch standalone mode
Use one of the following commands to convert a FortiSwitch from FortiLink mode to standalone mode so that it will no longer be managed by a FortiGate:
execute switch-controller factory-reset <switch-id>
This command returns the FortiSwitch to the factory defaults and then reboots the FortiSwitch. If the FortiSwitch is configured for FortiLink auto-discovery, FortiGate can detect and automatically authorize the FortiSwitch. For example:execute switch-controller factory-reset S1234567890
execute switch-controller set-standalone <switch-id>
This command returns the FortiSwitch to the factory defaults, reboots the FortiSwitch, and prevents the FortiGate from automatically detecting and authorizing the FortiSwitch. For example:execute switch-controller set-standalone S1234567890
You can disable FortiLink auto-discovery on multiple FortiSwitch units using the following commands:
config switch-controller global
set disable-discovery <switch-id>
end
For example:
config switch-controller global
set disable-discovery S1234567890
end
You can also add or remove entries from the list of FortiSwitch units that have FortiLink auto-discovery disabled using the following commands:
config switch-controller global
append disable-discovery <switch-id>
unselect disable-discovery <switch-id>
end
For example:
config switch-controller global
append disable-discovery S012345678
unselect disable-discovery S1234567890
end
Changing the admin password on the FortiGate for all managed FortiSwitch units
By default, each FortiSwitch has an admin account without a password. To replace the admin passwords for all FortiSwitch units managed by a FortiGate, use the following commands from the FortiGate CLI:
config switch-controller switch-profile
edit default
set login-passwd-override {enable | disable}
set login-passwd <password>
next
end
If you had already applied a profile with the override enabled and the password set and then decide to remove the admin password, you need to apply a profile with the override enabled and no password set; otherwise, your previously set password will remain in the FortiSwitch. For example:
config switch-controller switch-profile
edit default
set login-passwd-override enable
unset login-passwd
next
end
Enabling network-assisted device detection
Network-assisted device detection allows the FortiGate unit to use the information about connected devices detected by the managed FortiSwitch unit.
To enable network-assisted device detection on a VDOM:
config switch-controller network-monitor-settings
set network-monitoring enable
end
You can display a list of detected devices from the Device Inventory menu in the GUI. To list the detected devices in the CLI, enter the following command:
diagnose user device list
Limiting the number of parallel process for FortiSwitch configuration
Use the following CLI commands to reduce the number of parallel process that the switch controller uses for configuring FortiSwitch units:
config global
config switch-controller system
set parallel-process-override enable
set parallel-process <1-300>
end
end