Fortinet black logo

CLI Reference

config switch-controller global

config switch-controller global

Configure FortiSwitch global settings.

config switch-controller global

Description: Configure FortiSwitch global settings.

set mac-aging-interval {integer}

set https-image-push [enable|disable]

set vlan-all-mode [all|defined]

set vlan-optimization [enable|disable]

set disable-discovery <name1>, <name2>, ...

set mac-retention-period {integer}

set default-virtual-switch-vlan {string}

set dhcp-server-access-list [enable|disable]

set log-mac-limit-violations [enable|disable]

set mac-violation-timer {integer}

set sn-dns-resolution [enable|disable]

set mac-event-logging [enable|disable]

set bounce-quarantined-link [disable|enable]

set quarantine-mode [by-vlan|by-redirect]

set update-user-device {option1}, {option2}, ...

config custom-command

Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.

edit <command-entry>

set command-name {string}

next

end

set fips-enforce [disable|enable]

set firmware-provision-on-authorization [enable|disable]

end

config switch-controller global

Parameter

Description

Type

Size

Default

mac-aging-interval

Time after which an inactive MAC is aged out .

integer

Minimum value: 10 Maximum value: 1000000

300

https-image-push

Enable/disable image push to FortiSwitch using HTTPS.

option

-

enable

Option

Description

enable

Enable image push to FortiSwitch using HTTPS.

disable

Disable image push to FortiSwitch using HTTPS.

vlan-all-mode

VLAN configuration mode, user-defined-vlans or all-possible-vlans.

option

-

defined

Option

Description

all

Include all possible VLANs (1-4093).

defined

Include user defined VLANs.

vlan-optimization

FortiLink VLAN optimization.

option

-

enable

Option

Description

enable

Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable

Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable-discovery <name>

Prevent this FortiSwitch from discovering.

Managed device ID.

string

Maximum length: 79

mac-retention-period

Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

integer

Minimum value: 0 Maximum value: 168

24

default-virtual-switch-vlan

Default VLAN for ports when added to the virtual-switch.

string

Maximum length: 15

dhcp-server-access-list

Enable/disable DHCP snooping server access list.

option

-

disable

Option

Description

enable

Enable DHCP server access list.

disable

Disable DHCP server access list.

log-mac-limit-violations

Enable/disable logs for Learning Limit Violations.

option

-

disable

Option

Description

enable

Enable Learn Limit Violation.

disable

Disable Learn Limit Violation.

mac-violation-timer

Set timeout for Learning Limit Violations (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

sn-dns-resolution

Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

option

-

enable

Option

Description

enable

Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

disable

Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

mac-event-logging

Enable/disable MAC address event logging.

option

-

disable

Option

Description

enable

Enable MAC address event logging.

disable

Disable MAC address event logging.

bounce-quarantined-link

Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

option

-

disable

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

enable

Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

quarantine-mode

Quarantine mode.

option

-

by-vlan

Option

Description

by-vlan

Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

by-redirect

Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

update-user-device

Control which sources update the device user list.

option

-

mac-cache lldp dhcp-snooping l2-db l3-db

Option

Description

mac-cache

Update MAC address from switch-controller mac-cache.

lldp

Update from FortiSwitch LLDP neighbor database.

dhcp-snooping

Update from FortiSwitch DHCP snooping client and server databases.

l2-db

Update from FortiSwitch Network-monitor Layer 2 tracking database.

l3-db

Update from FortiSwitch Network-monitor Layer 3 tracking database.

fips-enforce

Enable/disable enforcement of FIPS on managed FortiSwitch devices.

option

-

enable

Option

Description

disable

Disable enforcement of FIPS on managed FortiSwitch devices.

enable

Enable enforcement of FIPS on managed FortiSwitch devices.

firmware-provision-on-authorization

Enable/disable automatic provisioning of latest firmware on authorization.

option

-

disable

Option

Description

enable

Enable firmware provision on authorization.

disable

Disable firmware provision on authorization.

config custom-command

Parameter

Description

Type

Size

Default

command-name

Name of custom command to push to all FortiSwitches in VDOM.

string

Maximum length: 35

config switch-controller global

Configure FortiSwitch global settings.

config switch-controller global

Description: Configure FortiSwitch global settings.

set mac-aging-interval {integer}

set https-image-push [enable|disable]

set vlan-all-mode [all|defined]

set vlan-optimization [enable|disable]

set disable-discovery <name1>, <name2>, ...

set mac-retention-period {integer}

set default-virtual-switch-vlan {string}

set dhcp-server-access-list [enable|disable]

set log-mac-limit-violations [enable|disable]

set mac-violation-timer {integer}

set sn-dns-resolution [enable|disable]

set mac-event-logging [enable|disable]

set bounce-quarantined-link [disable|enable]

set quarantine-mode [by-vlan|by-redirect]

set update-user-device {option1}, {option2}, ...

config custom-command

Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.

edit <command-entry>

set command-name {string}

next

end

set fips-enforce [disable|enable]

set firmware-provision-on-authorization [enable|disable]

end

config switch-controller global

Parameter

Description

Type

Size

Default

mac-aging-interval

Time after which an inactive MAC is aged out .

integer

Minimum value: 10 Maximum value: 1000000

300

https-image-push

Enable/disable image push to FortiSwitch using HTTPS.

option

-

enable

Option

Description

enable

Enable image push to FortiSwitch using HTTPS.

disable

Disable image push to FortiSwitch using HTTPS.

vlan-all-mode

VLAN configuration mode, user-defined-vlans or all-possible-vlans.

option

-

defined

Option

Description

all

Include all possible VLANs (1-4093).

defined

Include user defined VLANs.

vlan-optimization

FortiLink VLAN optimization.

option

-

enable

Option

Description

enable

Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable

Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable-discovery <name>

Prevent this FortiSwitch from discovering.

Managed device ID.

string

Maximum length: 79

mac-retention-period

Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

integer

Minimum value: 0 Maximum value: 168

24

default-virtual-switch-vlan

Default VLAN for ports when added to the virtual-switch.

string

Maximum length: 15

dhcp-server-access-list

Enable/disable DHCP snooping server access list.

option

-

disable

Option

Description

enable

Enable DHCP server access list.

disable

Disable DHCP server access list.

log-mac-limit-violations

Enable/disable logs for Learning Limit Violations.

option

-

disable

Option

Description

enable

Enable Learn Limit Violation.

disable

Disable Learn Limit Violation.

mac-violation-timer

Set timeout for Learning Limit Violations (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

sn-dns-resolution

Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

option

-

enable

Option

Description

enable

Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

disable

Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

mac-event-logging

Enable/disable MAC address event logging.

option

-

disable

Option

Description

enable

Enable MAC address event logging.

disable

Disable MAC address event logging.

bounce-quarantined-link

Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

option

-

disable

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

enable

Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

quarantine-mode

Quarantine mode.

option

-

by-vlan

Option

Description

by-vlan

Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

by-redirect

Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

update-user-device

Control which sources update the device user list.

option

-

mac-cache lldp dhcp-snooping l2-db l3-db

Option

Description

mac-cache

Update MAC address from switch-controller mac-cache.

lldp

Update from FortiSwitch LLDP neighbor database.

dhcp-snooping

Update from FortiSwitch DHCP snooping client and server databases.

l2-db

Update from FortiSwitch Network-monitor Layer 2 tracking database.

l3-db

Update from FortiSwitch Network-monitor Layer 3 tracking database.

fips-enforce

Enable/disable enforcement of FIPS on managed FortiSwitch devices.

option

-

enable

Option

Description

disable

Disable enforcement of FIPS on managed FortiSwitch devices.

enable

Enable enforcement of FIPS on managed FortiSwitch devices.

firmware-provision-on-authorization

Enable/disable automatic provisioning of latest firmware on authorization.

option

-

disable

Option

Description

enable

Enable firmware provision on authorization.

disable

Disable firmware provision on authorization.

config custom-command

Parameter

Description

Type

Size

Default

command-name

Name of custom command to push to all FortiSwitches in VDOM.

string

Maximum length: 35