Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

Configure FortiSwitch global settings.

  config switch-controller global
      Description: Configure FortiSwitch global settings.
      set mac-aging-interval {integer}
      set https-image-push [enable|disable]
      set vlan-all-mode [all|defined]
      set vlan-optimization [enable|disable]
      set disable-discovery <name1>, <name2>, ...
      set mac-retention-period {integer}
      set default-virtual-switch-vlan {string}
      set log-mac-limit-violations [enable|disable]
      set mac-violation-timer {integer}
      set sn-dns-resolution [enable|disable]
      set mac-event-logging [enable|disable]
      set bounce-quarantined-link [disable|enable]
      set quarantine-mode [by-vlan|by-redirect]
      set update-user-device {option1}, {option2}, ...
      config custom-command
          Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
          edit <command-entry>
              set command-name {string}
          next
      end
  end

config switch-controller global

Parameter Name Description Type Size
mac-aging-interval Time after which an inactive MAC is aged out (10 - 1000000 sec, default = 300, 0 = disable). integer Minimum value: 10 Maximum value: 1000000
https-image-push Enable/disable image push to FortiSwitch using HTTPS.
enable: Enable image push to FortiSwitch using HTTPS.
disable: Disable image push to FortiSwitch using HTTPS.
option -
vlan-all-mode VLAN configuration mode, user-defined-vlans or all-possible-vlans.
all: Include all possible VLANs (1-4093).
defined: Include user defined VLANs.
option -
vlan-optimization FortiLink VLAN optimization.
enable: Enable VLAN optimization on FortiSwitch units for auto-generated trunks.
disable: Disable VLAN optimization on FortiSwitch units for auto-generated trunks.
option -
disable-discovery <name> Prevent this FortiSwitch from discovering.
Managed device ID.
string Maximum length: 79
mac-retention-period Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval). integer Minimum value: 0 Maximum value: 168
default-virtual-switch-vlan Default VLAN for ports when added to the virtual-switch. string Maximum length: 15
log-mac-limit-violations Enable/disable logs for Learning Limit Violations.
enable: Enable Learn Limit Violation.
disable: Disable Learn Limit Violation.
option -
mac-violation-timer Set timeout for Learning Limit Violations (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
sn-dns-resolution Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
enable: Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
disable: Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
option -
mac-event-logging Enable/disable MAC address event logging.
enable: Enable MAC address event logging.
disable: Disable MAC address event logging.
option -
bounce-quarantined-link Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.
disable: Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
enable: Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
option -
quarantine-mode Quarantine mode.
by-vlan: Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.
by-redirect: Quarantined device traffic is redirected only to the FortiGate on the received VLAN.
option -
update-user-device Control which sources update the device user list.
mac-cache: Update MAC address from switch-controller mac-cache.
lldp: Update from FortiSwitch LLDP neighbor database.
dhcp-snooping: Update from FortiSwitch DHCP snooping client and server databases.
l2-db: Update from FortiSwitch Network-monitor Layer 2 tracking database.
l3-db: Update from FortiSwitch Network-monitor Layer 3 tracking database.
option -

config custom-command

Parameter Name Description Type Size
command-name Name of custom command to push to all FortiSwitches in VDOM. string Maximum length: 35

Configure FortiSwitch global settings.

  config switch-controller global
      Description: Configure FortiSwitch global settings.
      set mac-aging-interval {integer}
      set https-image-push [enable|disable]
      set vlan-all-mode [all|defined]
      set vlan-optimization [enable|disable]
      set disable-discovery <name1>, <name2>, ...
      set mac-retention-period {integer}
      set default-virtual-switch-vlan {string}
      set log-mac-limit-violations [enable|disable]
      set mac-violation-timer {integer}
      set sn-dns-resolution [enable|disable]
      set mac-event-logging [enable|disable]
      set bounce-quarantined-link [disable|enable]
      set quarantine-mode [by-vlan|by-redirect]
      set update-user-device {option1}, {option2}, ...
      config custom-command
          Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
          edit <command-entry>
              set command-name {string}
          next
      end
  end

config switch-controller global

Parameter Name Description Type Size
mac-aging-interval Time after which an inactive MAC is aged out (10 - 1000000 sec, default = 300, 0 = disable). integer Minimum value: 10 Maximum value: 1000000
https-image-push Enable/disable image push to FortiSwitch using HTTPS.
enable: Enable image push to FortiSwitch using HTTPS.
disable: Disable image push to FortiSwitch using HTTPS.
option -
vlan-all-mode VLAN configuration mode, user-defined-vlans or all-possible-vlans.
all: Include all possible VLANs (1-4093).
defined: Include user defined VLANs.
option -
vlan-optimization FortiLink VLAN optimization.
enable: Enable VLAN optimization on FortiSwitch units for auto-generated trunks.
disable: Disable VLAN optimization on FortiSwitch units for auto-generated trunks.
option -
disable-discovery <name> Prevent this FortiSwitch from discovering.
Managed device ID.
string Maximum length: 79
mac-retention-period Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval). integer Minimum value: 0 Maximum value: 168
default-virtual-switch-vlan Default VLAN for ports when added to the virtual-switch. string Maximum length: 15
log-mac-limit-violations Enable/disable logs for Learning Limit Violations.
enable: Enable Learn Limit Violation.
disable: Disable Learn Limit Violation.
option -
mac-violation-timer Set timeout for Learning Limit Violations (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
sn-dns-resolution Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
enable: Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
disable: Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.
option -
mac-event-logging Enable/disable MAC address event logging.
enable: Enable MAC address event logging.
disable: Disable MAC address event logging.
option -
bounce-quarantined-link Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.
disable: Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
enable: Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.
option -
quarantine-mode Quarantine mode.
by-vlan: Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.
by-redirect: Quarantined device traffic is redirected only to the FortiGate on the received VLAN.
option -
update-user-device Control which sources update the device user list.
mac-cache: Update MAC address from switch-controller mac-cache.
lldp: Update from FortiSwitch LLDP neighbor database.
dhcp-snooping: Update from FortiSwitch DHCP snooping client and server databases.
l2-db: Update from FortiSwitch Network-monitor Layer 2 tracking database.
l3-db: Update from FortiSwitch Network-monitor Layer 3 tracking database.
option -

config custom-command

Parameter Name Description Type Size
command-name Name of custom command to push to all FortiSwitches in VDOM. string Maximum length: 35