Fortinet white logo
Fortinet white logo

Administration Guide

Creating FortiSwitch templates

Creating FortiSwitch templates

When creating a new FortiSwitch template, the platform must be selected before configuring VLAN assignments.

To create a FortiSwitch template:
  1. Go to FortiSwitch Manager > FortiSwitch Templates, and select FortiSwitch Templates in the tree menu.
  2. In the content pane, click Create New in the toolbar. The Create New FortiSwitch Template window opens.

  3. Enter the following information, then click OK to create the new template.

    Template Name

    Type a name for the template.

    Description

    Optionally, enter a description.

    Platforms

    Select the platform that the template will apply to from the dropdown list.

    Switch VLAN Assignments

    Configure VLAN assignments. A platform must be selected before VLAN assignments can be configured.

    Right-clicking on a physical port or trunk group displays a context menu with options to edit, delete, and modify the selection(s). Using the context menu, you can also configure Native VLAN, Allowed VLAN, Security Policy, QoS Policy, and LLDP profiles while multiple ports are selected.

    Create

    Create a physical port or trunk group. See Creating ports and trunk groups.

    Edit

    Edit the selected port or trunk.

    Delete

    Delete the selected ports or trunks.

    Column Settings

    Select which columns are visible or hidden in the Switch VLAN Assignments table.

    Custom Command Entry

    Create a new custom command entry.

    Enter a name, and select a previously configured custom command. See Creating custom commands.

    If a custom command has not yet been created, click the add icon in the Custom Command selection box to create one.

Creating ports and trunk groups
To create a physical port:
  1. On the Create New FortiSwitch Template pane, click Create in the Switch VLAN Assignments toolbar. The Add VLAN Assignment dialog box opens.
  2. Select physical as the type.
  3. Configure the following settings:
  4. Port Name

    Enter the name of the port.

    Description

    Optionally, enter a description.

    Access Mode

    Select the access mode from dynamic, nac, or normal.

    Port Policy

    Select the dynamic port policy from the available port policy objects. See Creating FortiSwitch dynamic port policies.

    This setting is only available when the access mode is dynamic.

    Native VLAN

    Select the native VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    This setting is only available when the access mode is normal.

    Allowed VLAN

    Select the allowed VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    Security Policy

    Select the security policies from the available switch controller security policies. See FortiSwitch security policies.

    LLDP Profile

    Select an LLDP profile.

    QoS Policy

    Select a QoS policy.

    DHCP Blocking

    Enable or disable DHCP blocking for the port or trunk.

    If the port is in a trunk, then DHCP blocking can only be enabled for the trunk, and not the individual ports.

    Loop Guard

    Enable or disable Loop Guard for the port.

    Loop Guard cannot be applied to trunks, or ports that are in trunks.

    STP

    Enable or disable STP for the port or trunk.

    If the port is in a trunk, then STP can only be enabled for the trunk, and not the individual ports.

    Edge Port

    Enable or disable Edge Port for the port or trunk.

    If the port is in a trunk, then STP can only be enabled for the trunk, and not the individual ports.

    STP BPDU Guard

    Enable or disable STP BPDU Guard for the port or trunk.

    If the port is in a trunk, then STP BPDU Guard can only be enabled for the trunk, and not the individual ports.

    STP Root Guard

    Enable or disable STP Root Guard for the port or trunk.

    If the port is in a trunk, then STP Root Guard can only be enabled for the trunk, and not the individual ports.

  5. Click OK to create the port.
    Additional settings are available through the right-click context menu in the Switch VLAN Assignments table once the port has been created.

    POE

    Right-click to enable or disable PoE for the port where applicable.

    IGMP Snooping

    Right-click to enable or disable IGMP snooping.

    If the port is in a trunk, then IGMP snooping can only be enabled for the trunk, and not the individual ports.

To create a trunk group:
  1. On the Create New FortiSwitch Template pane, click Create in the Switch VLAN Assignments toolbar. The Add VLAN Assignment dialog box opens.
  2. Select trunk as the type.
  3. Enter a name for the trunk group in the Trunk Name field.
  4. In the Members field, select all the ports that will be in the group from the dropdown list.
  5. Select the mode: lacp-active (active link aggregation), lacp-passive (passive link aggregation), or static.
  6. Click OK to create the trunk group.

Creating FortiSwitch templates

Creating FortiSwitch templates

When creating a new FortiSwitch template, the platform must be selected before configuring VLAN assignments.

To create a FortiSwitch template:
  1. Go to FortiSwitch Manager > FortiSwitch Templates, and select FortiSwitch Templates in the tree menu.
  2. In the content pane, click Create New in the toolbar. The Create New FortiSwitch Template window opens.

  3. Enter the following information, then click OK to create the new template.

    Template Name

    Type a name for the template.

    Description

    Optionally, enter a description.

    Platforms

    Select the platform that the template will apply to from the dropdown list.

    Switch VLAN Assignments

    Configure VLAN assignments. A platform must be selected before VLAN assignments can be configured.

    Right-clicking on a physical port or trunk group displays a context menu with options to edit, delete, and modify the selection(s). Using the context menu, you can also configure Native VLAN, Allowed VLAN, Security Policy, QoS Policy, and LLDP profiles while multiple ports are selected.

    Create

    Create a physical port or trunk group. See Creating ports and trunk groups.

    Edit

    Edit the selected port or trunk.

    Delete

    Delete the selected ports or trunks.

    Column Settings

    Select which columns are visible or hidden in the Switch VLAN Assignments table.

    Custom Command Entry

    Create a new custom command entry.

    Enter a name, and select a previously configured custom command. See Creating custom commands.

    If a custom command has not yet been created, click the add icon in the Custom Command selection box to create one.

Creating ports and trunk groups
To create a physical port:
  1. On the Create New FortiSwitch Template pane, click Create in the Switch VLAN Assignments toolbar. The Add VLAN Assignment dialog box opens.
  2. Select physical as the type.
  3. Configure the following settings:
  4. Port Name

    Enter the name of the port.

    Description

    Optionally, enter a description.

    Access Mode

    Select the access mode from dynamic, nac, or normal.

    Port Policy

    Select the dynamic port policy from the available port policy objects. See Creating FortiSwitch dynamic port policies.

    This setting is only available when the access mode is dynamic.

    Native VLAN

    Select the native VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    This setting is only available when the access mode is normal.

    Allowed VLAN

    Select the allowed VLAN from the available VLAN objects. See Creating FortiSwitch VLANs.

    Security Policy

    Select the security policies from the available switch controller security policies. See FortiSwitch security policies.

    LLDP Profile

    Select an LLDP profile.

    QoS Policy

    Select a QoS policy.

    DHCP Blocking

    Enable or disable DHCP blocking for the port or trunk.

    If the port is in a trunk, then DHCP blocking can only be enabled for the trunk, and not the individual ports.

    Loop Guard

    Enable or disable Loop Guard for the port.

    Loop Guard cannot be applied to trunks, or ports that are in trunks.

    STP

    Enable or disable STP for the port or trunk.

    If the port is in a trunk, then STP can only be enabled for the trunk, and not the individual ports.

    Edge Port

    Enable or disable Edge Port for the port or trunk.

    If the port is in a trunk, then STP can only be enabled for the trunk, and not the individual ports.

    STP BPDU Guard

    Enable or disable STP BPDU Guard for the port or trunk.

    If the port is in a trunk, then STP BPDU Guard can only be enabled for the trunk, and not the individual ports.

    STP Root Guard

    Enable or disable STP Root Guard for the port or trunk.

    If the port is in a trunk, then STP Root Guard can only be enabled for the trunk, and not the individual ports.

  5. Click OK to create the port.
    Additional settings are available through the right-click context menu in the Switch VLAN Assignments table once the port has been created.

    POE

    Right-click to enable or disable PoE for the port where applicable.

    IGMP Snooping

    Right-click to enable or disable IGMP snooping.

    If the port is in a trunk, then IGMP snooping can only be enabled for the trunk, and not the individual ports.

To create a trunk group:
  1. On the Create New FortiSwitch Template pane, click Create in the Switch VLAN Assignments toolbar. The Add VLAN Assignment dialog box opens.
  2. Select trunk as the type.
  3. Enter a name for the trunk group in the Trunk Name field.
  4. In the Members field, select all the ports that will be in the group from the dropdown list.
  5. Select the mode: lacp-active (active link aggregation), lacp-passive (passive link aggregation), or static.
  6. Click OK to create the trunk group.