Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.0.7
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config switch-controller global

    config switch-controller global

    Configure FortiSwitch global settings.

    config switch-controller global

    Description: Configure FortiSwitch global settings.

    set mac-aging-interval {integer}

    set https-image-push [enable|disable]

    set vlan-all-mode [all|defined]

    set vlan-optimization [enable|disable]

    set disable-discovery <name1>, <name2>, ...

    set mac-retention-period {integer}

    set default-virtual-switch-vlan {string}

    set dhcp-server-access-list [enable|disable]

    set log-mac-limit-violations [enable|disable]

    set mac-violation-timer {integer}

    set sn-dns-resolution [enable|disable]

    set mac-event-logging [enable|disable]

    set bounce-quarantined-link [disable|enable]

    set quarantine-mode [by-vlan|by-redirect]

    set update-user-device {option1}, {option2}, ...

    config custom-command

    Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.

    edit <command-entry>

    set command-name {string}

    next

    end

    set fips-enforce [disable|enable]

    set firmware-provision-on-authorization [enable|disable]

    end

    config switch-controller global

    Parameter

    Description

    Type

    Size

    Default

    mac-aging-interval

    Time after which an inactive MAC is aged out .

    integer

    Minimum value: 10 Maximum value: 1000000

    300

    https-image-push

    Enable/disable image push to FortiSwitch using HTTPS.

    option

    -

    enable

    Option

    Description

    enable

    Enable image push to FortiSwitch using HTTPS.

    disable

    Disable image push to FortiSwitch using HTTPS.

    vlan-all-mode

    VLAN configuration mode, user-defined-vlans or all-possible-vlans.

    option

    -

    defined

    Option

    Description

    all

    Include all possible VLANs (1-4093).

    defined

    Include user defined VLANs.

    vlan-optimization

    FortiLink VLAN optimization.

    option

    -

    enable

    Option

    Description

    enable

    Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

    disable

    Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

    disable-discovery <name>

    Prevent this FortiSwitch from discovering.

    Managed device ID.

    string

    Maximum length: 79

    mac-retention-period

    Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

    integer

    Minimum value: 0 Maximum value: 168

    24

    default-virtual-switch-vlan

    Default VLAN for ports when added to the virtual-switch.

    string

    Maximum length: 15

    dhcp-server-access-list

    Enable/disable DHCP snooping server access list.

    option

    -

    disable

    Option

    Description

    enable

    Enable DHCP server access list.

    disable

    Disable DHCP server access list.

    log-mac-limit-violations

    Enable/disable logs for Learning Limit Violations.

    option

    -

    disable

    Option

    Description

    enable

    Enable Learn Limit Violation.

    disable

    Disable Learn Limit Violation.

    mac-violation-timer

    Set timeout for Learning Limit Violations (0 = disabled).

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    sn-dns-resolution

    Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

    option

    -

    enable

    Option

    Description

    enable

    Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

    disable

    Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

    mac-event-logging

    Enable/disable MAC address event logging.

    option

    -

    disable

    Option

    Description

    enable

    Enable MAC address event logging.

    disable

    Disable MAC address event logging.

    bounce-quarantined-link

    Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

    option

    -

    disable

    Option

    Description

    disable

    Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

    enable

    Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

    quarantine-mode

    Quarantine mode.

    option

    -

    by-vlan

    Option

    Description

    by-vlan

    Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

    by-redirect

    Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

    update-user-device

    Control which sources update the device user list.

    option

    -

    mac-cache lldp dhcp-snooping l2-db l3-db

    Option

    Description

    mac-cache

    Update MAC address from switch-controller mac-cache.

    lldp

    Update from FortiSwitch LLDP neighbor database.

    dhcp-snooping

    Update from FortiSwitch DHCP snooping client and server databases.

    l2-db

    Update from FortiSwitch Network-monitor Layer 2 tracking database.

    l3-db

    Update from FortiSwitch Network-monitor Layer 3 tracking database.

    fips-enforce

    Enable/disable enforcement of FIPS on managed FortiSwitch devices.

    option

    -

    enable

    Option

    Description

    disable

    Disable enforcement of FIPS on managed FortiSwitch devices.

    enable

    Enable enforcement of FIPS on managed FortiSwitch devices.

    firmware-provision-on-authorization

    Enable/disable automatic provisioning of latest firmware on authorization.

    option

    -

    disable

    Option

    Description

    enable

    Enable firmware provision on authorization.

    disable

    Disable firmware provision on authorization.

    config custom-command

    Parameter

    Description

    Type

    Size

    Default

    command-name

    Name of custom command to push to all FortiSwitches in VDOM.

    string

    Maximum length: 35

    Previous
    Next

    config switch-controller global

    config switch-controller global

    Configure FortiSwitch global settings.

    config switch-controller global

    Description: Configure FortiSwitch global settings.

    set mac-aging-interval {integer}

    set https-image-push [enable|disable]

    set vlan-all-mode [all|defined]

    set vlan-optimization [enable|disable]

    set disable-discovery <name1>, <name2>, ...

    set mac-retention-period {integer}

    set default-virtual-switch-vlan {string}

    set dhcp-server-access-list [enable|disable]

    set log-mac-limit-violations [enable|disable]

    set mac-violation-timer {integer}

    set sn-dns-resolution [enable|disable]

    set mac-event-logging [enable|disable]

    set bounce-quarantined-link [disable|enable]

    set quarantine-mode [by-vlan|by-redirect]

    set update-user-device {option1}, {option2}, ...

    config custom-command

    Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.

    edit <command-entry>

    set command-name {string}

    next

    end

    set fips-enforce [disable|enable]

    set firmware-provision-on-authorization [enable|disable]

    end

    config switch-controller global

    Parameter

    Description

    Type

    Size

    Default

    mac-aging-interval

    Time after which an inactive MAC is aged out .

    integer

    Minimum value: 10 Maximum value: 1000000

    300

    https-image-push

    Enable/disable image push to FortiSwitch using HTTPS.

    option

    -

    enable

    Option

    Description

    enable

    Enable image push to FortiSwitch using HTTPS.

    disable

    Disable image push to FortiSwitch using HTTPS.

    vlan-all-mode

    VLAN configuration mode, user-defined-vlans or all-possible-vlans.

    option

    -

    defined

    Option

    Description

    all

    Include all possible VLANs (1-4093).

    defined

    Include user defined VLANs.

    vlan-optimization

    FortiLink VLAN optimization.

    option

    -

    enable

    Option

    Description

    enable

    Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

    disable

    Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

    disable-discovery <name>

    Prevent this FortiSwitch from discovering.

    Managed device ID.

    string

    Maximum length: 79

    mac-retention-period

    Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

    integer

    Minimum value: 0 Maximum value: 168

    24

    default-virtual-switch-vlan

    Default VLAN for ports when added to the virtual-switch.

    string

    Maximum length: 15

    dhcp-server-access-list

    Enable/disable DHCP snooping server access list.

    option

    -

    disable

    Option

    Description

    enable

    Enable DHCP server access list.

    disable

    Disable DHCP server access list.

    log-mac-limit-violations

    Enable/disable logs for Learning Limit Violations.

    option

    -

    disable

    Option

    Description

    enable

    Enable Learn Limit Violation.

    disable

    Disable Learn Limit Violation.

    mac-violation-timer

    Set timeout for Learning Limit Violations (0 = disabled).

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    sn-dns-resolution

    Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

    option

    -

    enable

    Option

    Description

    enable

    Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

    disable

    Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

    mac-event-logging

    Enable/disable MAC address event logging.

    option

    -

    disable

    Option

    Description

    enable

    Enable MAC address event logging.

    disable

    Disable MAC address event logging.

    bounce-quarantined-link

    Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

    option

    -

    disable

    Option

    Description

    disable

    Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

    enable

    Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

    quarantine-mode

    Quarantine mode.

    option

    -

    by-vlan

    Option

    Description

    by-vlan

    Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

    by-redirect

    Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

    update-user-device

    Control which sources update the device user list.

    option

    -

    mac-cache lldp dhcp-snooping l2-db l3-db

    Option

    Description

    mac-cache

    Update MAC address from switch-controller mac-cache.

    lldp

    Update from FortiSwitch LLDP neighbor database.

    dhcp-snooping

    Update from FortiSwitch DHCP snooping client and server databases.

    l2-db

    Update from FortiSwitch Network-monitor Layer 2 tracking database.

    l3-db

    Update from FortiSwitch Network-monitor Layer 3 tracking database.

    fips-enforce

    Enable/disable enforcement of FIPS on managed FortiSwitch devices.

    option

    -

    enable

    Option

    Description

    disable

    Disable enforcement of FIPS on managed FortiSwitch devices.

    enable

    Enable enforcement of FIPS on managed FortiSwitch devices.

    firmware-provision-on-authorization

    Enable/disable automatic provisioning of latest firmware on authorization.

    option

    -

    disable

    Option

    Description

    enable

    Enable firmware provision on authorization.

    disable

    Disable firmware provision on authorization.

    config custom-command

    Parameter

    Description

    Type

    Size

    Default

    command-name

    Name of custom command to push to all FortiSwitches in VDOM.

    string

    Maximum length: 35

    Previous
    Next