Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 7.4.0 CLI Reference

config switch-controller global

7.4.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID 9193cdf6-ef51-11ed-8e6d-fa163e15d75b:210620
Download PDF

config switch-controller global

Note

This command is available for model(s): FortiGate 1000D, FortiGate 100F, FortiGate 1100E, FortiGate 1101E, FortiGate 140E-POE, FortiGate 140E, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 90E, FortiGate 91E, FortiGate VM64, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 5001E1, FortiGate 5001E.

Configure FortiSwitch global settings.

config switch-controller global
    Description: Configure FortiSwitch global settings.
    set bounce-quarantined-link [disable|enable]
    config custom-command
        Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
        edit <command-entry>
            set command-name {string}
        next
    end
    set default-virtual-switch-vlan {string}
    set dhcp-option82-circuit-id {option1}, {option2}, ...
    set dhcp-option82-format [ascii|legacy]
    set dhcp-option82-remote-id {option1}, {option2}, ...
    set dhcp-server-access-list [enable|disable]
    set dhcp-snoop-client-db-exp {integer}
    set dhcp-snoop-client-req [drop-untrusted|forward-untrusted]
    set dhcp-snoop-db-per-port-learn-limit {integer}
    set disable-discovery <name1>, <name2>, ...
    set fips-enforce [disable|enable]
    set firmware-provision-on-authorization [enable|disable]
    set https-image-push [enable|disable]
    set log-mac-limit-violations [enable|disable]
    set mac-aging-interval {integer}
    set mac-event-logging [enable|disable]
    set mac-retention-period {integer}
    set mac-violation-timer {integer}
    set quarantine-mode [by-vlan|by-redirect]
    set sn-dns-resolution [enable|disable]
    set update-user-device {option1}, {option2}, ...
    set vlan-all-mode [all|defined]
    set vlan-optimization [enable|disable]
end

config switch-controller global

Parameter

Description

Type

Size

Default

bounce-quarantined-link

Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

option

-

disable

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

enable

Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

default-virtual-switch-vlan

Default VLAN for ports when added to the virtual-switch.

string

Maximum length: 15

dhcp-option82-circuit-id

List the parameters to be included to inform about client identification.

option

-

intfname vlan mode

Option

Description

intfname

Interface name.

vlan

VLAN name.

hostname

Hostname.

mode

Mode.

description

Description.

dhcp-option82-format

DHCP option-82 format string.

option

-

ascii

Option

Description

ascii

Allow user to choose values for circuit-id and remote-id. Format: cid= [hostname,interface,mode,vlan,description] rid=[hostname,xx:xx:xx:xx:xx:xx,ip]

legacy

Generate predefine fixed format for circuit-id and remote. Format: cid=hostname-[<vlan:16><mod:8><port:8>].32bit, rid= [mac(0..6)].48bit

dhcp-option82-remote-id

List the parameters to be included to inform about client identification.

option

-

mac

Option

Description

mac

MAC address.

hostname

Hostname.

ip

IP address.

dhcp-server-access-list

Enable/disable DHCP snooping server access list.

option

-

disable

Option

Description

enable

Enable DHCP server access list.

disable

Disable DHCP server access list.

dhcp-snoop-client-db-exp

Expiry time for DHCP snooping server database entries.

integer

Minimum value: 300 Maximum value: 259200

86400

dhcp-snoop-client-req

Client DHCP packet broadcast mode.

option

-

drop-untrusted

Option

Description

drop-untrusted

Broadcast packets on trusted ports in the VLAN.

forward-untrusted

Broadcast packets on all ports in the VLAN.

dhcp-snoop-db-per-port-learn-limit

Per Interface dhcp-server entries learn limit.

integer

Minimum value: 0 Maximum value: 2048

64

disable-discovery <name>

Prevent this FortiSwitch from discovering.

Managed device ID.

string

Maximum length: 79

fips-enforce

Enable/disable enforcement of FIPS on managed FortiSwitch devices.

option

-

enable

Option

Description

disable

Disable enforcement of FIPS on managed FortiSwitch devices.

enable

Enable enforcement of FIPS on managed FortiSwitch devices.

firmware-provision-on-authorization

Enable/disable automatic provisioning of latest firmware on authorization.

option

-

disable

Option

Description

enable

Enable firmware provision on authorization.

disable

Disable firmware provision on authorization.

https-image-push

Enable/disable image push to FortiSwitch using HTTPS.

option

-

enable

Option

Description

enable

Enable image push to FortiSwitch using HTTPS.

disable

Disable image push to FortiSwitch using HTTPS.

log-mac-limit-violations

Enable/disable logs for Learning Limit Violations.

option

-

disable

Option

Description

enable

Enable Learn Limit Violation.

disable

Disable Learn Limit Violation.

mac-aging-interval

Time after which an inactive MAC is aged out.

integer

Minimum value: 10 Maximum value: 1000000

300

mac-event-logging

Enable/disable MAC address event logging.

option

-

disable

Option

Description

enable

Enable MAC address event logging.

disable

Disable MAC address event logging.

mac-retention-period

Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

integer

Minimum value: 0 Maximum value: 168

24

mac-violation-timer

Set timeout for Learning Limit Violations (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

quarantine-mode

Quarantine mode.

option

-

by-vlan

Option

Description

by-vlan

Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

by-redirect

Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

sn-dns-resolution

Enable/disable DNS resolution of the FortiSwitch unit's IP address with switch name.

option

-

enable

Option

Description

enable

Enable DNS resolution of the FortiSwitch unit's IP address with switch name.

disable

Disable DNS resolution of the FortiSwitch unit's IP address with switch name.

update-user-device

Control which sources update the device user list.

option

-

mac-cache lldp dhcp-snooping l2-db l3-db

Option

Description

mac-cache

Update MAC address from switch-controller mac-cache.

lldp

Update from FortiSwitch LLDP neighbor database.

dhcp-snooping

Update from FortiSwitch DHCP snooping client and server databases.

l2-db

Update from FortiSwitch Network-monitor Layer 2 tracking database.

l3-db

Update from FortiSwitch Network-monitor Layer 3 tracking database.

vlan-all-mode

VLAN configuration mode, user-defined-vlans or all-possible-vlans.

option

-

defined

Option

Description

all

Include all possible VLANs (1-4093).

defined

Include user defined VLANs.

vlan-optimization

FortiLink VLAN optimization.

option

-

enable

Option

Description

enable

Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable

Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

config custom-command

Parameter

Description

Type

Size

Default

command-entry

List of FortiSwitch commands.

string

Maximum length: 35

command-name

Name of custom command to push to all FortiSwitches in VDOM.

string

Maximum length: 35

Previous
Next

config switch-controller global

Note

This command is available for model(s): FortiGate 1000D, FortiGate 100F, FortiGate 1100E, FortiGate 1101E, FortiGate 140E-POE, FortiGate 140E, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 90E, FortiGate 91E, FortiGate VM64, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 5001E1, FortiGate 5001E.

Configure FortiSwitch global settings.

config switch-controller global
    Description: Configure FortiSwitch global settings.
    set bounce-quarantined-link [disable|enable]
    config custom-command
        Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
        edit <command-entry>
            set command-name {string}
        next
    end
    set default-virtual-switch-vlan {string}
    set dhcp-option82-circuit-id {option1}, {option2}, ...
    set dhcp-option82-format [ascii|legacy]
    set dhcp-option82-remote-id {option1}, {option2}, ...
    set dhcp-server-access-list [enable|disable]
    set dhcp-snoop-client-db-exp {integer}
    set dhcp-snoop-client-req [drop-untrusted|forward-untrusted]
    set dhcp-snoop-db-per-port-learn-limit {integer}
    set disable-discovery <name1>, <name2>, ...
    set fips-enforce [disable|enable]
    set firmware-provision-on-authorization [enable|disable]
    set https-image-push [enable|disable]
    set log-mac-limit-violations [enable|disable]
    set mac-aging-interval {integer}
    set mac-event-logging [enable|disable]
    set mac-retention-period {integer}
    set mac-violation-timer {integer}
    set quarantine-mode [by-vlan|by-redirect]
    set sn-dns-resolution [enable|disable]
    set update-user-device {option1}, {option2}, ...
    set vlan-all-mode [all|defined]
    set vlan-optimization [enable|disable]
end

config switch-controller global

Parameter

Description

Type

Size

Default

bounce-quarantined-link

Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

option

-

disable

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

enable

Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

default-virtual-switch-vlan

Default VLAN for ports when added to the virtual-switch.

string

Maximum length: 15

dhcp-option82-circuit-id

List the parameters to be included to inform about client identification.

option

-

intfname vlan mode

Option

Description

intfname

Interface name.

vlan

VLAN name.

hostname

Hostname.

mode

Mode.

description

Description.

dhcp-option82-format

DHCP option-82 format string.

option

-

ascii

Option

Description

ascii

Allow user to choose values for circuit-id and remote-id. Format: cid= [hostname,interface,mode,vlan,description] rid=[hostname,xx:xx:xx:xx:xx:xx,ip]

legacy

Generate predefine fixed format for circuit-id and remote. Format: cid=hostname-[<vlan:16><mod:8><port:8>].32bit, rid= [mac(0..6)].48bit

dhcp-option82-remote-id

List the parameters to be included to inform about client identification.

option

-

mac

Option

Description

mac

MAC address.

hostname

Hostname.

ip

IP address.

dhcp-server-access-list

Enable/disable DHCP snooping server access list.

option

-

disable

Option

Description

enable

Enable DHCP server access list.

disable

Disable DHCP server access list.

dhcp-snoop-client-db-exp

Expiry time for DHCP snooping server database entries.

integer

Minimum value: 300 Maximum value: 259200

86400

dhcp-snoop-client-req

Client DHCP packet broadcast mode.

option

-

drop-untrusted

Option

Description

drop-untrusted

Broadcast packets on trusted ports in the VLAN.

forward-untrusted

Broadcast packets on all ports in the VLAN.

dhcp-snoop-db-per-port-learn-limit

Per Interface dhcp-server entries learn limit.

integer

Minimum value: 0 Maximum value: 2048

64

disable-discovery <name>

Prevent this FortiSwitch from discovering.

Managed device ID.

string

Maximum length: 79

fips-enforce

Enable/disable enforcement of FIPS on managed FortiSwitch devices.

option

-

enable

Option

Description

disable

Disable enforcement of FIPS on managed FortiSwitch devices.

enable

Enable enforcement of FIPS on managed FortiSwitch devices.

firmware-provision-on-authorization

Enable/disable automatic provisioning of latest firmware on authorization.

option

-

disable

Option

Description

enable

Enable firmware provision on authorization.

disable

Disable firmware provision on authorization.

https-image-push

Enable/disable image push to FortiSwitch using HTTPS.

option

-

enable

Option

Description

enable

Enable image push to FortiSwitch using HTTPS.

disable

Disable image push to FortiSwitch using HTTPS.

log-mac-limit-violations

Enable/disable logs for Learning Limit Violations.

option

-

disable

Option

Description

enable

Enable Learn Limit Violation.

disable

Disable Learn Limit Violation.

mac-aging-interval

Time after which an inactive MAC is aged out.

integer

Minimum value: 10 Maximum value: 1000000

300

mac-event-logging

Enable/disable MAC address event logging.

option

-

disable

Option

Description

enable

Enable MAC address event logging.

disable

Disable MAC address event logging.

mac-retention-period

Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

integer

Minimum value: 0 Maximum value: 168

24

mac-violation-timer

Set timeout for Learning Limit Violations (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

quarantine-mode

Quarantine mode.

option

-

by-vlan

Option

Description

by-vlan

Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

by-redirect

Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

sn-dns-resolution

Enable/disable DNS resolution of the FortiSwitch unit's IP address with switch name.

option

-

enable

Option

Description

enable

Enable DNS resolution of the FortiSwitch unit's IP address with switch name.

disable

Disable DNS resolution of the FortiSwitch unit's IP address with switch name.

update-user-device

Control which sources update the device user list.

option

-

mac-cache lldp dhcp-snooping l2-db l3-db

Option

Description

mac-cache

Update MAC address from switch-controller mac-cache.

lldp

Update from FortiSwitch LLDP neighbor database.

dhcp-snooping

Update from FortiSwitch DHCP snooping client and server databases.

l2-db

Update from FortiSwitch Network-monitor Layer 2 tracking database.

l3-db

Update from FortiSwitch Network-monitor Layer 3 tracking database.

vlan-all-mode

VLAN configuration mode, user-defined-vlans or all-possible-vlans.

option

-

defined

Option

Description

all

Include all possible VLANs (1-4093).

defined

Include user defined VLANs.

vlan-optimization

FortiLink VLAN optimization.

option

-

enable

Option

Description

enable

Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable

Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

config custom-command

Parameter

Description

Type

Size

Default

command-entry

List of FortiSwitch commands.

string

Maximum length: 35

command-name

Name of custom command to push to all FortiSwitches in VDOM.

string

Maximum length: 35

Previous
Next