Fortinet Document Library

Version:


Table of Contents

Cookbook

6.2.0
Download PDF
Copy Link

Virtual switch

A virtual switch provides a container for physical ports to be loaned to other VDOMs, allowing local management of the resource.

The following example shows how to export managed FortiSwitch ports to multi-tenant VDOMs. In this example, the owner VDOM is root, and the tenant VDOM is vdom2.

To export managed FortiSwitch ports to multi-tenant VDOMs:
  1. Configure switch VLAN interfaces, and assign them to the tenant VDOM:
    (root) # config system interface
        edit "tenant-vlan1"
            set vdom "vdom2"
            set device-identification enable
            set fortiheartbeat enable
            set role lan
            set snmp-index 34
            set interface "aggr1"
            set vlanid 101
        next
    end
  2. In the tenant VDOM, designate the default-virtual-switch-vlan, which is used to set the native VLAN of ports leased from the owner VDOM:
    (vdom2) # config switch-controller global
        set default-virtual-switch-vlan "tenant-vlan1"
    end
  3. On root, export the managed switch ports to the vdom2:
    (root) # config switch-controller managed-switch
        edit S248EPTF1800XXXX 
            config ports 
                edit port1
                    set export-to vdom2
                next
            end
        next
    end

    Alternatively, export managed FortiSwitch ports to shared virtual-switch pools for the tenant VDOM to choose from, for example:

    (root) # config switch-controller virtual-port-pool
        edit "pool1"
        next
    end
    (root) # config switch-controller  managed-switch 
        edit S248EPTF18001384 
            config ports
                edit port8
                    set export-to-pool pool1 
                next
                edit port9
                    set export-to-pool pool1 
                next
            end
        next
    end
  4. In vdom2, configure the ports of the leased managed FortiSwitch, or lease or release ports from the virtual switch pool. Then, in each tenant VDOM, the administrator can configure and leverage the FortiSwitch ports locally, with a limited range of operations based on the available CLI commands:
    login: vdom2
    Password: *****
    Welcome !
    $ show switch-controller  managed-switch 
        config switch-controller managed-switch
            edit "S248EPTF1800XXXX"
                set type virtual
                set owner-vdom "root"
                config ports
                    edit "port1"
                        set poe-capable 1
                        set vlan "tenant-vlan1"
                    next
                    edit "port6"
                        set poe-capable 1
                        set vlan "tenant-vlan1"
                    next
                end
            next
        end
    config switch-controller managed-switch 
        edit S248EPTF1800XXXX
            config ports
                edit port1
                    set ?
                        port-ownerSwitch    port name.
                        speed    Switch port speed; default and available settings depend on hardware.
                        status    Switch port admin status: up or down.
                        poe-status    Enable/disable PoE status.
                        poe-pre-standard-detection    Enable/disable PoE pre-standard detection.
                        poe-capable    PoE capable.
                        vlan    Assign switch ports to a VLAN.
                        allowed-vlans    Configure switch port tagged vlans
                        untagged-vlans    Configure switch port untagged vlans
                        type    Interface type: physical or trunk port.
                        qos-policySwitch controller    QoS policy from available options.
                        storm-control-policy    Switch controller storm control policy from available options.    
                        port-security-policy    Switch controller authentication policy to apply to this managed switch from available options.
                        learning-limit    Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).
                next
                edit trunk1
                    set type trunk
                next
            end
        next    
    end
    execute switch-controller virtual-port-pool request S248EPTF1800XXXX port8
    execute switch-controller virtual-port-pool show 
        Switch            Port       Properties   Tags
        ----------------------------------------------------------------
        pool1(vdom.root) 
        S248EPTF1800XXXX  port8      (vdom2)      POE,10M/100M/1G/   
        S248EPTF1800XXXX  port9                   POE,10M/100M/1G/   

Virtual switch

A virtual switch provides a container for physical ports to be loaned to other VDOMs, allowing local management of the resource.

The following example shows how to export managed FortiSwitch ports to multi-tenant VDOMs. In this example, the owner VDOM is root, and the tenant VDOM is vdom2.

To export managed FortiSwitch ports to multi-tenant VDOMs:
  1. Configure switch VLAN interfaces, and assign them to the tenant VDOM:
    (root) # config system interface
        edit "tenant-vlan1"
            set vdom "vdom2"
            set device-identification enable
            set fortiheartbeat enable
            set role lan
            set snmp-index 34
            set interface "aggr1"
            set vlanid 101
        next
    end
  2. In the tenant VDOM, designate the default-virtual-switch-vlan, which is used to set the native VLAN of ports leased from the owner VDOM:
    (vdom2) # config switch-controller global
        set default-virtual-switch-vlan "tenant-vlan1"
    end
  3. On root, export the managed switch ports to the vdom2:
    (root) # config switch-controller managed-switch
        edit S248EPTF1800XXXX 
            config ports 
                edit port1
                    set export-to vdom2
                next
            end
        next
    end

    Alternatively, export managed FortiSwitch ports to shared virtual-switch pools for the tenant VDOM to choose from, for example:

    (root) # config switch-controller virtual-port-pool
        edit "pool1"
        next
    end
    (root) # config switch-controller  managed-switch 
        edit S248EPTF18001384 
            config ports
                edit port8
                    set export-to-pool pool1 
                next
                edit port9
                    set export-to-pool pool1 
                next
            end
        next
    end
  4. In vdom2, configure the ports of the leased managed FortiSwitch, or lease or release ports from the virtual switch pool. Then, in each tenant VDOM, the administrator can configure and leverage the FortiSwitch ports locally, with a limited range of operations based on the available CLI commands:
    login: vdom2
    Password: *****
    Welcome !
    $ show switch-controller  managed-switch 
        config switch-controller managed-switch
            edit "S248EPTF1800XXXX"
                set type virtual
                set owner-vdom "root"
                config ports
                    edit "port1"
                        set poe-capable 1
                        set vlan "tenant-vlan1"
                    next
                    edit "port6"
                        set poe-capable 1
                        set vlan "tenant-vlan1"
                    next
                end
            next
        end
    config switch-controller managed-switch 
        edit S248EPTF1800XXXX
            config ports
                edit port1
                    set ?
                        port-ownerSwitch    port name.
                        speed    Switch port speed; default and available settings depend on hardware.
                        status    Switch port admin status: up or down.
                        poe-status    Enable/disable PoE status.
                        poe-pre-standard-detection    Enable/disable PoE pre-standard detection.
                        poe-capable    PoE capable.
                        vlan    Assign switch ports to a VLAN.
                        allowed-vlans    Configure switch port tagged vlans
                        untagged-vlans    Configure switch port untagged vlans
                        type    Interface type: physical or trunk port.
                        qos-policySwitch controller    QoS policy from available options.
                        storm-control-policy    Switch controller storm control policy from available options.    
                        port-security-policy    Switch controller authentication policy to apply to this managed switch from available options.
                        learning-limit    Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).
                next
                edit trunk1
                    set type trunk
                next
            end
        next    
    end
    execute switch-controller virtual-port-pool request S248EPTF1800XXXX port8
    execute switch-controller virtual-port-pool show 
        Switch            Port       Properties   Tags
        ----------------------------------------------------------------
        pool1(vdom.root) 
        S248EPTF1800XXXX  port8      (vdom2)      POE,10M/100M/1G/   
        S248EPTF1800XXXX  port9                   POE,10M/100M/1G/