config switch-controller managed-switch

Configure FortiSwitch devices that are managed by this FortiGate.

config switch-controller managed-switch

Description: Configure FortiSwitch devices that are managed by this FortiGate.

edit <switch-id>

set name {string}

set description {string}

set switch-profile {string}

set access-profile {string}

set fsw-wan1-peer {string}

set fsw-wan1-admin [discovered|disable|...]

set poe-pre-standard-detection [enable|disable]

set dhcp-server-access-list [global|enable|...]

set poe-detection-type {integer}

set directly-connected {integer}

set version {integer}

set max-allowed-trunk-members {integer}

set pre-provisioned {integer}

set l3-discovered {integer}

set tdr-supported {string}

set dynamic-capability {user}

set switch-device-tag {string}

set switch-dhcp_opt43_key {string}

set mclag-igmp-snooping-aware [enable|disable]

set dynamically-discovered {integer}

set type [virtual|physical]

set owner-vdom {string}

set flow-identity {user}

set staged-image-version {string}

set delayed-restart-trigger {integer}

set firmware-provision [enable|disable]

set firmware-provision-version {string}

config ports

Description: Managed-switch port list.

edit <port-name>

set port-owner {string}

set switch-id {string}

set speed [10half|10full|...]

set status [up|down]

set poe-status [enable|disable]

set ip-source-guard [disable|enable]

set ptp-policy {string}

set aggregator-mode [bandwidth|count]

set rpvst-port [disabled|enabled]

set poe-pre-standard-detection [enable|disable]

set port-number {integer}

set port-prefix-type {integer}

set fortilink-port {integer}

set poe-capable {integer}

set stacking-port {integer}

set p2p-port {integer}

set mclag-icl-port {integer}

set fiber-port {integer}

set media-type {string}

set poe-standard {string}

set poe-max-power {string}

set flags {integer}

set isl-local-trunk-name {string}

set isl-peer-port-name {string}

set isl-peer-device-name {string}

set fgt-peer-port-name {string}

set fgt-peer-device-name {string}

set vlan {string}

set allowed-vlans-all [enable|disable]

set allowed-vlans <vlan-name1>, <vlan-name2>, ...

set untagged-vlans <vlan-name1>, <vlan-name2>, ...

set type [physical|trunk]

set access-mode [dynamic|nac|...]

set matched-dpp-policy {string}

set matched-dpp-intf-tags {string}

set dhcp-snooping [untrusted|trusted]

set dhcp-snoop-option82-trust [enable|disable]

set arp-inspection-trust [untrusted|trusted]

set igmps-flood-reports [enable|disable]

set igmps-flood-traffic [enable|disable]

set stp-state [enabled|disabled]

set stp-root-guard [enabled|disabled]

set stp-bpdu-guard [enabled|disabled]

set stp-bpdu-guard-timeout {integer}

set edge-port [enable|disable]

set discard-mode [none|all-untagged|...]

set packet-sampler [enabled|disabled]

set packet-sample-rate {integer}

set sflow-counter-interval {integer}

set sample-direction [tx|rx|...]

set fec-capable {integer}

set fec-state [disabled|cl74|...]

set flow-control [disable|tx|...]

set pause-meter {integer}

set pause-meter-resume [75%|50%|...]

set loop-guard [enabled|disabled]

set loop-guard-timeout {integer}

set port-policy {string}

set qos-policy {string}

set storm-control-policy {string}

set port-security-policy {string}

set export-to-pool {string}

set interface-tags <tag-name1>, <tag-name2>, ...

set learning-limit {integer}

set sticky-mac [enable|disable]

set lldp-status [disable|rx-only|...]

set lldp-profile {string}

set export-to {string}

set mac-addr {mac-address}

set port-selection-criteria [src-mac|dst-mac|...]

set description {string}

set lacp-speed [slow|fast]

set mode [static|lacp-passive|...]

set bundle [enable|disable]

set member-withdrawal-behavior [forward|block]

set mclag [enable|disable]

set min-bundle {integer}

set max-bundle {integer}

set members <member-name1>, <member-name2>, ...

next

end

config ip-source-guard

Description: IP source guard.

edit <port>

set description {string}

config binding-entry

Description: IP and MAC address configuration.

edit <entry-name>

set ip {ipv4-address-any}

set mac {mac-address}

next

end

next

end

config stp-settings

Description: Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.

set local-override [enable|disable]

set name {string}

set revision {integer}

set hello-time {integer}

set forward-time {integer}

set max-age {integer}

set max-hops {integer}

set pending-timer {integer}

end

config stp-instance

Description: Configuration method to edit Spanning Tree Protocol (STP) instances.

edit <id>

set priority [0|4096|...]

next

end

set override-snmp-sysinfo [disable|enable]

config snmp-sysinfo

Description: Configuration method to edit Simple Network Management Protocol (SNMP) system info.

set status [disable|enable]

set engine-id {string}

set description {string}

set contact-info {string}

set location {string}

end

set override-snmp-trap-threshold [enable|disable]

config snmp-trap-threshold

Description: Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.

set trap-high-cpu-threshold {integer}

set trap-low-memory-threshold {integer}

set trap-log-full-threshold {integer}

end

set override-snmp-community [enable|disable]

config snmp-community

Description: Configuration method to edit Simple Network Management Protocol (SNMP) communities.

edit <id>

set name {string}

set status [disable|enable]

config hosts

Description: Configure IPv4 SNMP managers (hosts).

edit <id>

set ip {user}

next

end

set query-v1-status [disable|enable]

set query-v1-port {integer}

set query-v2c-status [disable|enable]

set query-v2c-port {integer}

set trap-v1-status [disable|enable]

set trap-v1-lport {integer}

set trap-v1-rport {integer}

set trap-v2c-status [disable|enable]

set trap-v2c-lport {integer}

set trap-v2c-rport {integer}

set events {option1}, {option2}, ...

next

end

set override-snmp-user [enable|disable]

config snmp-user

Description: Configuration method to edit Simple Network Management Protocol (SNMP) users.

edit <name>

set queries [disable|enable]

set query-port {integer}

set security-level [no-auth-no-priv|auth-no-priv|...]

set auth-proto [md5|sha1|...]

set auth-pwd {password}

set priv-proto [aes128|aes192|...]

set priv-pwd {password}

next

end

set qos-drop-policy [taildrop|random-early-detection]

set qos-red-probability {integer}

config switch-log

Description: Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).

set local-override [enable|disable]

set status [enable|disable]

set severity [emergency|alert|...]

end

config remote-log

Description: Configure logging by FortiSwitch device to a remote syslog server.

edit <name>

set status [enable|disable]

set server {string}

set port {integer}

set severity [emergency|alert|...]

set csv [enable|disable]

set facility [kernel|user|...]

next

end

config storm-control

Description: Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.

set local-override [enable|disable]

set rate {integer}

set unknown-unicast [enable|disable]

set unknown-multicast [enable|disable]

set broadcast [enable|disable]

end

config mirror

Description: Configuration method to edit FortiSwitch packet mirror.

edit <name>

set status [active|inactive]

set switching-packet [enable|disable]

set dst {string}

set src-ingress <name1>, <name2>, ...

set src-egress <name1>, <name2>, ...

next

end

config static-mac

Description: Configuration method to edit FortiSwitch Static and Sticky MAC.

edit <id>

set type [static|sticky]

set vlan {string}

set mac {mac-address}

set interface {string}

set description {string}

next

end

config custom-command

Description: Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.

edit <command-entry>

set command-name {string}

next

end

config igmp-snooping

Description: Configure FortiSwitch IGMP snooping global settings.

set local-override [enable|disable]

set aging-time {integer}

set flood-unknown-multicast [enable|disable]

config vlans

Description: Configure IGMP snooping VLAN.

edit <vlan-name>

set proxy [disable|enable|...]

set querier [disable|enable]

set querier-addr {ipv4-address}

set version {integer}

next

end

end

config 802-1X-settings

Description: Configuration method to edit FortiSwitch 802.1X global settings.

set local-override [enable|disable]

set link-down-auth [set-unauth|no-action]

set reauth-period {integer}

set max-reauth-attempt {integer}

set tx-period {integer}

end

next

end

config switch-controller managed-switch

Parameter	Description	Type	Size	Default
name	Managed-switch name.	string	Maximum length: 35