Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.2
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    switch-controller global

    Configure FortiSwitch global settings.

      config switch-controller global
      Description: Configure FortiSwitch global settings.
      set mac-aging-interval {integer}
      set https-image-push [enable|disable]
      set vlan-all-mode [all|defined]
      set vlan-optimization [enable|disable]
      set disable-discovery <name1>, <name2>, ...
      set mac-retention-period {integer}
      set default-virtual-switch-vlan {string}
      set log-mac-limit-violations [enable|disable]
      set mac-violation-timer {integer}
      set sn-dns-resolution [enable|disable]
      set mac-event-logging [enable|disable]
      set bounce-quarantined-link [disable|enable]
      set quarantine-mode [by-vlan|by-redirect]
      set update-user-device {option1}, {option2}, ...
      config custom-command
          Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
          edit <command-entry>
              set command-name {string}
          next
      end
  end

    config switch-controller global

    Parameter Name Description Type Size
    mac-aging-interval Time after which an inactive MAC is aged out (10 - 1000000 sec, default = 300, 0 = disable). integer Minimum value: 10 Maximum value: 1000000
    https-image-push Enable/disable image push to FortiSwitch using HTTPS.
    enable: Enable image push to FortiSwitch using HTTPS.
    disable: Disable image push to FortiSwitch using HTTPS.
    		 option -
    vlan-all-mode VLAN configuration mode, user-defined-vlans or all-possible-vlans.
    all: Include all possible VLANs (1-4093).
    defined: Include user defined VLANs.
    		 option -
    vlan-optimization FortiLink VLAN optimization.
    enable: Enable VLAN optimization on FortiSwitch units for auto-generated trunks.
    disable: Disable VLAN optimization on FortiSwitch units for auto-generated trunks.
    		 option -
    disable-discovery <name> Prevent this FortiSwitch from discovering.
    Managed device ID.    		 string Maximum length: 79
    mac-retention-period Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval). integer Minimum value: 0 Maximum value: 168
    default-virtual-switch-vlan Default VLAN for ports when added to the virtual-switch. string Maximum length: 15
    log-mac-limit-violations Enable/disable logs for Learning Limit Violations.
    enable: Enable Learn Limit Violation.
    disable: Disable Learn Limit Violation.
    		 option -
    mac-violation-timer Set timeout for Learning Limit Violations (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
    sn-dns-resolution Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
    enable: Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
    disable: Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
    		 option -
    mac-event-logging Enable/disable MAC address event logging.
    enable: Enable MAC address event logging.
    disable: Disable MAC address event logging.
    		 option -
    bounce-quarantined-link Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.
    disable: Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
    enable: Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
    		 option -
    quarantine-mode Quarantine mode.
    by-vlan: Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.
    by-redirect: Quarantined device traffic is redirected only to the FortiGate on the received VLAN.
    		 option -
    update-user-device Control which sources update the device user list.
    mac-cache: Update MAC address from switch-controller mac-cache.
    lldp: Update from FortiSwitch LLDP neighbor database.
    dhcp-snooping: Update from FortiSwitch DHCP snooping client and server databases.
    l2-db: Update from FortiSwitch Network-monitor Layer 2 tracking database.
    l3-db: Update from FortiSwitch Network-monitor Layer 3 tracking database.
    		 option -

    config custom-command

    Parameter Name Description Type Size
    command-name Name of custom command to push to all FortiSwitches in VDOM. string Maximum length: 35
    Previous
    Next

    switch-controller global

    Configure FortiSwitch global settings.

      config switch-controller global
      Description: Configure FortiSwitch global settings.
      set mac-aging-interval {integer}
      set https-image-push [enable|disable]
      set vlan-all-mode [all|defined]
      set vlan-optimization [enable|disable]
      set disable-discovery <name1>, <name2>, ...
      set mac-retention-period {integer}
      set default-virtual-switch-vlan {string}
      set log-mac-limit-violations [enable|disable]
      set mac-violation-timer {integer}
      set sn-dns-resolution [enable|disable]
      set mac-event-logging [enable|disable]
      set bounce-quarantined-link [disable|enable]
      set quarantine-mode [by-vlan|by-redirect]
      set update-user-device {option1}, {option2}, ...
      config custom-command
          Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
          edit <command-entry>
              set command-name {string}
          next
      end
  end

    config switch-controller global

    Parameter Name Description Type Size
    mac-aging-interval Time after which an inactive MAC is aged out (10 - 1000000 sec, default = 300, 0 = disable). integer Minimum value: 10 Maximum value: 1000000
    https-image-push Enable/disable image push to FortiSwitch using HTTPS.
    enable: Enable image push to FortiSwitch using HTTPS.
    disable: Disable image push to FortiSwitch using HTTPS.
    		 option -
    vlan-all-mode VLAN configuration mode, user-defined-vlans or all-possible-vlans.
    all: Include all possible VLANs (1-4093).
    defined: Include user defined VLANs.
    		 option -
    vlan-optimization FortiLink VLAN optimization.
    enable: Enable VLAN optimization on FortiSwitch units for auto-generated trunks.
    disable: Disable VLAN optimization on FortiSwitch units for auto-generated trunks.
    		 option -
    disable-discovery <name> Prevent this FortiSwitch from discovering.
    Managed device ID.    		 string Maximum length: 79
    mac-retention-period Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval). integer Minimum value: 0 Maximum value: 168
    default-virtual-switch-vlan Default VLAN for ports when added to the virtual-switch. string Maximum length: 15
    log-mac-limit-violations Enable/disable logs for Learning Limit Violations.
    enable: Enable Learn Limit Violation.
    disable: Disable Learn Limit Violation.
    		 option -
    mac-violation-timer Set timeout for Learning Limit Violations (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
    sn-dns-resolution Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
    enable: Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
    disable: Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
    		 option -
    mac-event-logging Enable/disable MAC address event logging.
    enable: Enable MAC address event logging.
    disable: Disable MAC address event logging.
    		 option -
    bounce-quarantined-link Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.
    disable: Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
    enable: Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
    		 option -
    quarantine-mode Quarantine mode.
    by-vlan: Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.
    by-redirect: Quarantined device traffic is redirected only to the FortiGate on the received VLAN.
    		 option -
    update-user-device Control which sources update the device user list.
    mac-cache: Update MAC address from switch-controller mac-cache.
    lldp: Update from FortiSwitch LLDP neighbor database.
    dhcp-snooping: Update from FortiSwitch DHCP snooping client and server databases.
    l2-db: Update from FortiSwitch Network-monitor Layer 2 tracking database.
    l3-db: Update from FortiSwitch Network-monitor Layer 3 tracking database.
    		 option -

    config custom-command

    Parameter Name Description Type Size
    command-name Name of custom command to push to all FortiSwitches in VDOM. string Maximum length: 35
    Previous
    Next