get
The get
commands provide information about the operation of the FortiSwitch unit:
- get hardware cpu
- get hardware memory
- get hardware status
- get log custom-field
- get log eventfilter
- get log gui
- get log memory
- get log syslogd
- get log syslogd2
- get log syslogd3
- get router info bfd neighbor
- get router info bgp
- get router info gwdetect
- get router info isis
- get router info kernel
- get router info multicast
- get router info ospf
- get router info rip
- get router info routing-table
- get router info vrrp
- get router info6 bfd neighbor
- get router info6 bgp
- get router info6 isis
- get router info6 kernel
- get router info6 ospf
- get router info6 rip
- get router info6 routing-table
- get router info6 vrrp
- get switch acl
- get switch dhcp-snooping
- get switch flapguard settings
- get switch global
- get switch igmp-snooping
- get switch interface
- get switch ip-mac-binding
- get switch ip-source-guard
- get switch ip-source-guard-violations
- get switch lldp
- get switch mac-limit-violations
- get switch mirror status
- get switch mld-snooping
- get switch modules
- get switch network-monitor
- get switch phy-mode
- get switch physical-port
- get switch poe inline
- get switch qos
- get switch raguard-policy
- get switch security-feature
- get switch static-mac
- get switch storm-control
- get switch stp instance
- get switch stp settings
- get switch trunk
- get switch virtual-wire
- get switch vlan
- get system accprofile
- get system admin list
- get system admin status
- get system arp
- get system arp-table
- get system auto-update
- get system bug-report
- get system certificate
- get system cmdb status
- get system console
- get system dns
- get system flow-export
- get system flow-export-data
- get system fsw-cloud
- get system fsw-cloud-mgr connection-info
- get system global
- get system info admin ssh
- get system info admin status
- get system interface physical
- get system ipv6-neighbor-cache
- get system link-monitor
- get system location
- get system ntp
- get system password-policy
- get system performance firewall statistics
- get system performance status
- get system performance top
- get system schedule group
- get system schedule onetime
- get system schedule recurring
- get system settings
- get system sflow
- get system sniffer-profile capture
- get system sniffer-profile summary
- get system snmp sysinfo
- get system source-ip status
- get system startup-error-log
- get system status
- get test
- get user group
- get user ldap
- get user local
- get user radius
- get user setting
- get user tacacs+
get hardware cpu
Use this command to display detailed information about the CPUs installed in your FortiSwitch unit.
Syntax
get hardware cpu
Example output
S524DF4K15000024 # get hardware cpu
Processor : ARMv7 Processor rev 0 (v7l) processor : 0 BogoMIPS : 1993.93 processor : 1 BogoMIPS : 1993.93 Features : swp half thumb fastmult edsp tls CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x3 CPU part : 0xc09 CPU revision : 0 Hardware : Broadcom iProc Revision : 0000 Serial : 0000000000000000
get hardware memory
Use this command to display information about FortiSwitch memory use. Information includes the total memory, memory in use, and free memory.
Syntax
get hardware memory
Example output
S524DF4K15000024 # get hardware memory
MemTotal: 2026080 kB MemFree: 1725840 kB Buffers: 1336 kB Cached: 68548 kB SwapCached: 0 kB Active: 42724 kB Inactive: 59596 kB Active(anon): 32436 kB Inactive(anon): 0 kB Active(file): 10288 kB Inactive(file): 59596 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 221184 kB HighFree: 119468 kB LowTotal: 1804896 kB LowFree: 1606372 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 0 kB Writeback: 0 kB AnonPages: 32436 kB Mapped: 14680 kB Shmem: 0 kB Slab: 15348 kB SReclaimable: 3800 kB SUnreclaim: 11548 kB KernelStack: 776 kB PageTables: 3556 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 1013040 kB Committed_AS: 594696 kB VmallocTotal: 245760 kB VmallocUsed: 66276 kB VmallocChunk: 163772 kB
get hardware status
Report information about the FortiSwitch hardware including ASIC version, CPU type, amount of memory, flash drive size, hard disk size (if present), and USB flash size (if present). Use this information to troubleshoot, to provide to Fortinet Support, or to confirm the features that your FortiSwitch model supports.
Syntax
get hardware status
Example output
S524DF4K15000024 # get hardware status
Model name: FortiSwitch-524D-FPOE CPU: ARMv7 Processor rev 0 (v7l) RAM: 1978 MB MTD Flash: 52 MB /dev/mtd Hard disk: not available Switch CPLD Version: V0.4 Poe Firmware Version:2.6.3
get log custom-field
Use this command to get information about custom log fields that have been created. To create custom log fields, see config log custom-field.
Syntax
get log custom-field
Example output
S524DF4K15000024 # get log custom-field
== [ 1 ] id: 1 == [ 2 ] id: 2
This output shows that two custom fields have been created.
get log eventfilter
Use this command to find out which logs are enabled:
- Event logs show configuration changes and allow you to monitor the activities administrators perform.
- Router logs allow you to review all router activity. Router logs are available only on supported platforms if you have the advanced features license.
- System logs show system-level activity such as IP conflicts.
- User logs show user activity such as who is logged on and when.
To enable event logging, see config log eventfilter.
Syntax
get log eventfilter
Example output
S524DF4K15000024 # get log eventfilter event : enable router : enable system : enable user : enable
get log gui
Use this command to find out which device is being used to display logs in the Web-based manager.
Syntax
get log gui
Example output
S524DF4K15000024 # get log gui
log-device : memory
This output shows that logs are being displayed from memory.
get log memory
Use this command to find out the current settings for logging to system memory.
Syntax
get log memory filter
get log memory global-setting
get log memory setting
Variable |
Description |
filter |
Find out the severity level of log entries made in system memory. The system logs all messages at and above the selected severity level. For example, if the severity is error , the system logs error , critical , alert , and emergency level messages.
|
global-setting |
Find out the global settings for logging to system memory:
|
setting |
Find out the general settings for logging to system memory:
|
Example output
S524DF4K15000024 # get log memory filter severity : information S524DF4K15000024 # get log memory global-setting full-final-warning-threshold: 95 full-first-warning-threshold: 75 full-second-warning-threshold: 90 hourly-upload : disable max-size : 98304 S524DF4K15000024 # get log memory setting diskfull : overwrite status : enable
get log syslogd
Use this command to get information about your system log 1 settings.
Syntax
get log syslogd {filter | setting}
Variable |
Description |
filter |
Find out the severity level of system log 1 entries. The system logs all messages at and above the selected severity level. For example, if the severity is error , the system logs error , critical , alert , and emergency level messages.
|
setting |
Find out the general settings for the system log 1:
|
Example output
S524DF4K15000024 # get log syslogd filter severity : information S524DF4K15000024 # get log syslogd setting status : disable
get log syslogd2
Use this command to get information about your system log 2 settings.
Syntax
get log syslogd2 {filter | setting}
Variable |
Description |
filter |
Find out the severity level of system log 2 entries. The system logs all messages at and above the selected severity level. For example, if the severity is error , the system logs error , critical , alert , and emergency level messages.
|
setting |
Find out the general settings for the system log 2:
|
Example output
S524DF4K15000024 # get log syslogd2 filter severity : information S524DF4K15000024 # get log syslogd2 setting status : disable
get log syslogd3
Use this command to get information about your system log 3 settings.
Syntax
get log syslogd3 {filter | setting}
Variable |
Description |
filter |
Find out the severity level of system log 3 entries. The system logs all messages at and above the selected severity level. For example, if the severity is error , the system logs error , critical , alert , and emergency level messages.
|
setting |
Find out the general settings for the system log 3:
|
Example output
S524DF4K15000024 # get log syslogd3 filter severity : information S524DF4K15000024 # get log syslogd3 setting status : disable
get router info bfd neighbor
Use this command to find out where bidirectional forwarding detection (BFD) has been enabled. If you do not specify the BFD peer IPv4 address or interface, all BFD peers are returned.
Syntax
get router info bfd neighbor [<BFD_local_IPv4_address>] [<BFD_peer_interface>]
Example output
S524DF4K15000024 # get router info bfd neighbor
OurAddr NeighAddr LD/RD State Int 192.168.15.2 192.168.15.1 1/4 UP vlan2000 192.168.16.2 192.168.16.1 2/2 UP vlan2001
get router info bgp
Use this command to get information about the Border Gateway Protocol (BGP) routing configuration.
Syntax
get router info bgp {cidr-only | community | community-info | community-list | dampening | filter-list | inconsistent-as | neighbors | network | network-longer-prefixes | paths | prefix-list | regexp | quote-regexp | route-map | scan | summary | memory}
Variable |
Description |
cidr-only |
Display routes with nonnatural netmasks. |
community |
Display routes matching the communities. |
community-info |
List all BGP community information. |
community-list |
Display routes matching the community list. |
dampening |
Display router dampening infomation. |
filter-list |
Display routes conforming to the filter list. |
inconsistent-as |
Display routes with inconsistent AS paths. |
neighbors |
Show BGP neighbors for IPv4 and IPv6. |
network |
Show the BGP information for the network. |
network-longer-prefixes |
Show the BGP information for routes and more specific routes. |
paths |
Display the BGP path information for IPv4 and IPv6. |
prefix-list |
Display routes conforming to the prefix list. |
regexp |
Display routes matching the AS path with regular expressions. |
quote-regexp |
Display routes matching the AS path with regular expressions within quotation marks. |
route-map |
Display routes conforming to the route map. |
scan |
Display the BGP scan status. |
summary |
Display a summary of the BGP neighbor status for IPv4 and IPv6. |
memory |
Display the BGP memory table. |
get router info gwdetect
Use this command to get information about the gwdetect status.
Syntax
get router info gwdetect
get router info isis
Use this command to get information about the Intermediate System to Intermediate System Protocol (IS-IS) routing configuration for IPv4 traffic.
Syntax
get router info isis {interface | neighbor | database | route | summary | summary-table | topology}
Variable |
Description |
interface |
Show the IS-IS interfaces. |
neighbor |
Show the IS-IS neighbor adjacencies. |
database |
Show the IS-IS link state database. |
route |
Show the IS-IS IP routing table. |
summary |
Show the IS-IS summary. |
summary-table |
Show the IS-IS IPv4 summary table. |
topology |
Show the IS-IS paths. |
get router info kernel
Use this command to get information about the IPv4 kernel routing table. The IPv4 kernel routing table displays information about all of the routes in the kernel.
Syntax
get router info kernel <routing_type>
get router info multicast
Use this command to get information about the Protocol Independent Multicast (PIM) routing configuration.
Syntax
get router info multicast {config | igmp | pim | table | table-count}
Variable |
Description |
config |
Show the multicast routing configuration. |
igmp |
Show the multicast routing IGMP information. |
pim |
Show PIM information. |
table |
Show the multicast routing table. |
table-count |
Show the multicast route and packet count. |
get router info ospf
Use this command to get information about any IPv4 open shortest path first (OSPF) routing that has been configured. To set up IPv4 OSPF routing, see config router ospf.
Syntax
get router info ospf config
get router info ospf redist-route
get router info ospf summary
get router info ospf database {brief | self-originate | router | network | summary | asbr-summary| external | nssa-external | opaque-link | opaque-area | opaque-as | max-age}
get router info ospf interface [<interface_name>]
get router info ospf route
get router info ospf neighbor {<neighbor_ID> | all | detail | detail all | <interface_IP_address>}
get router info ospf border-routers
get router info ospf status
Variable |
Description |
config |
Display detailed information about the current OSPF configuration, including interfaces, areas, access lists, and IP addresses. |
redist-route |
Display information about the OSPF redistributed routes. |
summary |
Display summary table information. |
database {brief | self-originate | router | network | summary | asbr-summary| external | nssa-external | opaque-link | opaque-area | opaque-as | max-age} |
Display information about the OSPF database. |
interface [<interface_name>] |
Display information about the specified OSPF interface. If the interface is not specified, information about all OSPF interfaces is returned. |
route |
Display the OSPF routing table. |
neighbor {<neighbor_ID> | all | detail | detail all | <interface_IP_address>} |
Display information about OSPF neighbors. |
border-routers |
Display information about OSPF border routers. |
status |
Display the current status of the OSPF routing, including router identifier, flags, timers, and areas. |
Example output
S524DF4K15000024 # get router info ospf status OSPF Routing Process, OSPF Router ID: 1.1.1.2 Supports only single TOS (TOS0) routes This implementation conforms to RFC2328 RFC1583Compatibility flag is disabled OpaqueCapability flag is disabled Initial SPF scheduling delay 5000 millisec(s) Minimum hold time between consecutive SPFs 10000 millisec(s) Maximum hold time between consecutive SPFs 10000 millisec(s) Hold time multiplier is currently 1 SPF algorithm last executed 2d07h22m ago Last SPF duration 105 usecs SPF timer is inactive Refresh timer 10 secs PacketsSent: 0 PacketsRecv: 0 Number of external LSA 0. Checksum Sum 0x00000000 Number of opaque AS LSA 0. Checksum Sum 0x00000000 Number of areas attached to this router: 1 Adjacency changes are logged Area ID: 0.0.0.4 (NSSA) Shortcutting mode: Default, S-bit consensus: ok Number of interfaces in this area: Total: 0, Active: 0 It is an NSSA configuration. Elected NSSA/ABR performs type-7/type-5 LSA translation. It is not ABR, therefore not Translator. Number of fully adjacent neighbors in this area: 0 Area has message digest authentication Number of full virtual adjacencies going through this area: 0 SPF algorithm executed 1 times Default-Route Cost: 1 Number of LSA 1 Number of router LSA 1. Checksum Sum 0x0000ebf8 Number of network LSA 0. Checksum Sum 0x00000000 Number of summary LSA 0. Checksum Sum 0x00000000 Number of ASBR summary LSA 0. Checksum Sum 0x00000000 Number of NSSA LSA 0. Checksum Sum 0x00000000 Number of opaque link LSA 0. Checksum Sum 0x00000000 Number of opaque area LSA 0. Checksum Sum 0x00000000
get router info rip
Use this command to get information about any Routing Information Protocol (RIP) routing that has been configured. To set up RIP routing, see config router rip.
Syntax
get router info rip {config | database | status}
Variable |
Description |
config |
Display detailed information about the current RIP configuration, including keys in the keychain, interfaces, access lists, and IP addresses. |
database |
Display information about the RIP database. |
status |
Display the current status of the RIP routing, including filter lists, redistribution, RIP version, and interfaces. |
Example output
S524DF4K15000024 # get router info rip status Routing Protocol is "rip" Sending updates every 30 seconds with +/-50%, next due in 21 seconds Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redistributing: static Default version control: send version 2, receive version 2 Interface Send Recv UpdSend Key-chain vlan35 2 2 9 vlan85 2 2 8 Routing for Networks: 170.38.65.0/24 180.1.1.0/24 0.0.0.0 Distance: (default is 120)
get router info routing-table
Use these commands to get information about the IPv4 routing table.
Syntax
get router info routing-table summary
get router info routing-table details <A.B.C.D/M>
get router info routing-table all
get router info routing-table rip
get router info routing-table ospf
get router info routing-table bgp
get router info routing-table isis
get router info routing-table static
get router info routing-table connected
get router info routing-table dump <A.B.C.D>
Variable |
Description |
summary |
Display a summary of the existing routes. |
details <A.B.C.D/M> |
Display the routing table entries that include the specified IP address or route prefix. |
all |
Display all routing table entries. |
rip |
Display the RIP routes in the routing table. |
ospf |
Display the OSPF routes in the routing table. |
bgp |
Display the BGP routess in the routing table. |
isis |
Display the IS-IS routes in the routing table. |
static |
Display the static routes in the routing table. |
connected |
Display the connected routes in the routing table. |
dump <A.B.C.D> |
Display the details of routing table entries that include the specified IP address or route prefix. |
Example output
S524DF4K15000024 # get router info routing-table summary Route Source Routes FIB (vrf default) connected 3 3 static 1 1 ------ Totals 4 4 S524DF4K15000024 # get router info routing-table all Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route ^ - HW install failed S>* 0.0.0.0/0 [5/0] via 169.254.1.1, internal, 00:36:02 C>* 10.254.252.0/23 is directly connected, rspan, 00:34:37 C>* 169.254.1.0/24 is directly connected, internal, 1d00h57m C>* 192.168.2.0/24 is directly connected, mgmt, 01:51:05
get router info vrrp
Use this command to get information about Virtual Router Redundancy Protocol (VRRP) groups for IPv4.
Syntax
get router info vrrp
Example output
S524DF4K15000024 # get router info vrrp
Interface: vlan-8, primary IP address: 10.10.10.1 UseVMAC: 1 VRID: 5 vrip: 11.1.1.100, priority: 255, state: MASTER adv_interval: 1, preempt: 1, start_time: 3 vrmac: 00:00:5e:00:01:05 vrdst: vrgrp: 50
get router info6 bfd neighbor
Use this command to find out where bidirectional forwarding detection (BFD). If you do not specify the BFD peer IPv6 address, all BFD peers are returned.
Syntax
get router info6 bfd neighbor [<X:X::X:X>]
get router info6 bgp
Use this command to get information about the Border Gateway Protocol (BGP) routing configuration.
Syntax
get router info6 bgp {community | community-list | dampening | filter-list | neighbors | network | network-longer-prefixes | paths | prefix-list | regexp | route-map | summary}
Variable |
Description |
community |
Display routes matching the communities. |
community-list |
Display routes matching the community list. |
dampening |
Display router dampening infomation. |
filter-list |
Display routes conforming to the filter list. |
neighbors |
Show BGP neighbors. |
network |
Show the BGP information for the network. |
network-longer-prefixes |
Show the BGP information for routes and more specific routes. |
paths |
Display the BGP path information. |
prefix-list |
Display routes conforming to the prefix list. |
regexp |
Display routes matching the AS path with regular expressions. |
route-map |
Display routes conforming to the route map. |
summary |
Display a summary of the BGP neighbor status. |
get router info6 isis
Use this command to get information about the Intermediate System to Intermediate System Protocol (IS-IS) routing configuration for IPv6 traffic.
Syntax
get router info6 isis {interface | neighbor | database | route | summary | summary-table6 | topology}
Variable |
Description |
interface |
Show the IS-IS interfaces. |
neighbor |
Show the IS-IS neighbor adjacencies. |
database |
Show the IS-IS link state database. |
route |
Show the IS-IS IP routing table. |
summary |
Show the IS-IS summary. |
summary-table 6 |
Show the IS-IS IPv6 summary table. |
topology |
Show the IS-IS paths. |
get router info6 kernel
Use this command to get information about the IPv6 kernel routing table. The IPv6 kernel routing table displays information about all of the routes in the kernel.
Syntax
get router info6 kernel
Example output
S524DF4K15000024 # get router info6 kernel type=02 protocol=unspec flag=00000000 oif=1(lo) dst:::1/128 gwy::: prio=0 type=02 protocol=unspec flag=00000000 oif=1(lo) dst:fe80::/128 gwy::: prio=0 type=02 protocol=unspec flag=00000000 oif=1(lo) dst:fe80::/128 gwy::: prio=0 type=02 protocol=unspec flag=00000000 oif=1(lo) dst:fe80::/128 gwy::: prio=0 type=02 protocol=unspec flag=00000000 oif=1(lo) dst:fe80::a5b:eff:fef1:95e4/128 gwy::: prio=0 type=02 protocol=unspec flag=00000000 oif=1(lo) dst:fe80::a5b:eff:fef1:95e5/128 gwy::: prio=0 type=02 protocol=unspec flag=00000000 oif=1(lo) dst:fe80::a5b:eff:fef1:95e5/128 gwy::: prio=0 type=01 protocol=kernel flag=00000000 oif=42(internal) dst:fe80::/64 prio=100 type=01 protocol=kernel flag=00000000 oif=2(mgmt) dst:fe80::/64 prio=100 type=01 protocol=kernel flag=00000000 oif=49(rspan) dst:fe80::/64 prio=100 type=01 protocol=boot flag=00000000 oif=42(internal) dst:ff00::/8 prio=100 type=01 protocol=boot flag=00000000 oif=2(mgmt) dst:ff00::/8 prio=100 type=01 protocol=boot flag=00000000 oif=49(rspan) dst:ff00::/8 prio=100 type=07 protocol=kernel flag=00000000 oif=1(lo) prio=ffffffff
get router info6 ospf
Use this command to get information about any IPv6 open shortest path first (OSPF) routing that has been configured. To set up IPv6 OSPF routing, see config router ospf6.
Syntax
get router info6 ospf database [{router | network | inter-prefix | inter-router | external | link | intra-prefix}]
get router info6 ospf interface [<interface_name>]
get router info6 ospf route [<IPv6_address>]
get router info6 ospf redistribute
get router info6 ospf border-route [detail]
get router info6 ospf neighbor {<A.B.C.D> | detail}
get router info6 ospf status
Variable |
Description |
database [{router | network | inter-prefix | inter-router | external | link | intra-prefix}] |
Display information about the OSPF link state advertisement (LSA) database. Specify the router LSA, network LSA, inter-prefix LSA, inter-router LSA, external LSA, link LSA, or intra-prefix LSA database. If you do not specify which LSA database, information about all LSA databases is returned. |
interface [<interface_name>] |
Display information about the OSPF interface. If you do not specify the interface, information about all interfaces is returned. |
route [<IPv6_address>] |
Display the OSPF routing table. If you do not specify an IPv6 address, all IPv6 routes are returned. |
redistribute |
Display redistributing external information. |
border-route [detail] |
Display general or detailed information about OSPF border routers. |
neighbor {<A.B.C.D> | detail} |
Display information about OSPF neighbors in general or in detail or specify a neighbor ID. |
status |
Display the current status of the OSPF routing, including router identifier, flags, timers, and areas. |
get router info6 rip
Use this command to get information about any IPv6 Routing Information Protocol (RIP) routing that has been configured. To set up IPv6 RIP routing, see config router ripng.
Syntax
get router info6 rip config
get router info6 rip database
get router info6 rip status
Variable |
Description |
config |
Display information about the RIP confguration. |
database |
Display information about the RIP routes. |
status |
Display the current status of the RIP routing, including timers, filter lists, and neighbors. |
get router info6 routing-table
Use these commands to get information about the IPv6 routing table. If you do not specify which IPv6 routing table, information about all IPv6 routing tables is returned.
Syntax
get router info6 routing-table rip
get router info6 routing-table ospf
get router info6 routing-table bgp
get router info6 routing-table static
get router info6 routing-table connected
Variable |
Description |
rip |
Display the RIP routes in the routing table. |
ospf |
Display the OSPF routes in the routing table. |
bgp |
Display the BGP routes in the routing table. |
static |
Display the static routes in the routing table. |
connected |
Display the connected routes in the routing table. |
Example output
S524DF4K15000024 # get router info6 routing-table Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route ^ - HW install failed C * fe80::/64 is directly connected, rspan, 02:41:19 C * fe80::/64 is directly connected, mgmt, 03:56:28 C>* fe80::/64 is directly connected, internal, 1d03h03m K>* ff00::/8 [0/256] is directly connected, rspan, 02:41:20
get router info6 vrrp
Use this command to get information about Virtual Router Redundancy Protocol (VRRP) groups for IPv6.
Syntax
get router info6 vrrp
get switch acl
Use these commands to display the ACL settings.
Syntax
get switch acl counters {all | egress | ingress | prelookup}
get switch acl egress
get switch acl ingress
get switch acl policer
get switch acl prelookup
get switch acl service custom
get switch acl settings
get switch acl usage
Variable |
Description |
counters {all | egress | ingress | prelookup} |
Display information about all ACL policies, egress ACL policies, ingress ACL policies, or lookup ACL policies. |
egress |
Display information about the ACL policy for the egress stage. |
ingress |
Display information about the ACL policy for the ingress stage. |
policer |
List which ACL policers are available for different types of traffic. |
prelookup |
Display information about the ACL policy for the lookup stage. |
service custom |
Display a list of preconfigured service entries . |
settings |
Display the global ACL settings for the FortiSwitch unit. |
usage |
Display how much of available resources are used by ACL. |
Example output
S524DF4K15000024 # get switch acl policer == [ 1 ] id: 1 description: policer1 S524DF4K15000024 # get switch acl settings density-mode : disable trunk-load-balance : enable S524DF4K15000024 # get switch acl usage Device RULES COUNTERS POLICERS STAGE (total/free) (total/free) (total/free) ________________________________________________________________ 0 2048 /2023 4096 /4071 4096 /4096 ingress 0 512 /511 1024 /1024 768 /768 egress 0 768 /767 0 /0 0 /0 prelookup S524DF4K15000024 # get switch acl counters ingress ingress: ID Packets Bytes description ___________________________________________________________ 0001 0 0 cnt_n_mirror13 0002 0 0 cnt_n_mirror31 0003 0 0 cnt_n_mirror41
get switch dhcp-snooping
Use these commands to display more information about the IPv4 or IPv6 DHCP-snooping databases.
Syntax
get switch dhcp-snooping allowed-sever-list
get switch dhcp-snooping client-db-details
get switch dhcp-snooping client6-db-details
get switch dhcp-snooping database-summary
get limit-db-details
get switch dhcp-snooping server-db-details
get switch dhcp-snooping server6-db-details
get switch dhcp-snooping status
Variable |
Description |
allowed-sever-list |
Display the allowed DHCP server list. |
client-db-details |
Display details about the IPv4 DHCP-snooping client database. |
client6-db-details |
Display details about the IPv6 DHCP-snooping client database. |
database-summary |
List the number of VLANs with various features enabled, list trusted and untrusted ports, and report how much of the databases are used. |
limit-db-details |
Display details about the DHCP-snooping lease-count database. |
server-db-details |
Display details about the IPv4 DHCP-snooping server database.
If the dhcp-server-access-list is enabled globally and the server is configured for the dhcp-server-access-list, the svr-list column displays |
server6-db-details |
Display details about the IPv6 DHCP-snooping server database.
If the dhcp-server-access-list is enabled globally and the server is configured for the dhcp-server-access-list, the svr-list column displays |
status |
Display details about the DHCP-snooping client and server database. |
Example output
S548DF5018000776 # get switch dhcp-snooping allowed-server-list vlan ip 10 xxx.x.x.x
FS1D243Z14000027 # get switch dhcp-snooping client-db-details
mac vlan ip lease(sec) expiry(sec) interface hostname domainname vendor server-ip
00:01:00:00:00:01 100 xxx.x.x.xxx 86400 86398 port3
00:03:00:00:00:03 100 xxx.x.x.x 86400 86394 port5
00:03:00:00:00:04 100 xxx.x.x.x 86400 86394 port5
FS1D243Z14000027 # get switch dhcp-snooping server-db-details
mac vlan ip interface status svr-list last-seen-time expiry-time OFFER/ACK/NAK/OTHER
00:11:01:00:00:01 10 xxx.x.x.x port1 trusted allowed 2018-09-11 11:21:09 2018-09-12 11:21:09 7/5/0/0
get switch flapguard settings
Use this command to display the flap guard settings.
Syntax
get switch flapguard settings
Example output
S524DF4K15000024 # get switch flapguard settings flap-duration : 30 flap-rate : 5 status : disable
get switch global
Use this command to get information about the global settings of your FortiSwitch unit.
Syntax
get switch global
Example output
S524DF4K15000024 # get switch global
name : (null) mac-aging-interval : 150 poe-alarm-threshold : 40 poe-power-mode : first-come-first-served poe-guard-band : 10 ip-mac-binding : enable dmi-global-all : enable poe-pre-standard-detect: enable poe-power-budget : 200 trunk-hash-mode : enhanced trunk-hash-unkunicast-src-dst: enable auto-fortilink-discovery: enable auto-isl : enable mclag-peer-info-timeout: 300 auto-isl-port-group : 0 max-path-in-ecmp-group: 4 virtual-wire-tpid : 0xdee5 loop-guard-tx-interval: 15 dhcp-snooping-database-export: enable forti-trunk-dmac : 02:80:c2:00:00:02 port-security: link-down-auth : set-unauth reauth-period : 60 max-reauth-attempt : 2
get switch igmp-snooping
Use this command to get the IGMP-snooping settings of your FortiSwitch unit.
Syntax
get switch igmp-snooping {globals | group | static-group | status}
Variable |
Description |
globals |
Display the global IGMP-snooping configuration on the FortiSwitch unit. |
group |
Display a list of learned multicast groups. |
static-group |
Display the list of configured static groups. |
status |
Display the status of IGMP-snooping VLANs and group |
Example output
S524DF4K15000024 # get switch igmp-snooping globals
aging-time : 300
leave-response-timeout: 10
query-interval : 120
FS1D243Z13000023 # get switch igmp-snooping group
Number of Groups: 7
port of-port VLAN GROUP Age
(__port__9) 1 23 231.8.5.4 16
(__port__9) 1 23 231.8.5.5 16
(__port__9) 1 23 231.8.5.6 16
(__port__9) 1 23 231.8.5.7 16
(__port__9) 1 23 231.8.5.8 16
(__port__9) 1 23 231.8.5.9 16
(__port__9) 1 23 231.8.5.10 16
(__port__43) 3 23 querier 17
(__port__14) 8 --- flood-reports ---
(__port__10) 2 --- flood-traffic ---
FS1D243Z13000023 # get switch igmp-snooping static-group
VLAN ID Group-Name Multicast-addr Member-interface
_______ ______________ _______________ _________________________
11 g239-1 239:1:1:1 port6 trunk-2
11 g239-11 239:2:2:11 port26 port48 trunk-2
40 g239-1 239:1:1:1 port5 port25 trunk-2
40 g239-2 239:2:2:2 port25 port26
S524DF4K15000048 # get switch igmp-snooping status
IGMP-SNOOPING enabled vlans:
-------------------------------
100
IGMP-Proxy enabled vlans:
-------------------------------
Max multicast snooping groups 1022
Total IGMP groups 0 (Learned 0, Static 0)
Total MLD groups 0 (Learned 0, Static 0)
Remaining allowed mcast snooping groups: 1022
get switch interface
Use this command to get information about the interfaces, including the class of service (CoS) value, whether sFlow is enabled on the interface, and whether dynamically learned MAC addresses are persistent on the interface.
Syntax
get switch interface
Example output
S524DF4K15000024 # get switch interface == [ port1 ] name: port1 sflow-sampler: disabled port-security: default-cos: 0 sticky-mac: disable == [ port2 ] name: port2 sflow-sampler: disabled port-security: default-cos: 0 sticky-mac: disable == [ port3 ] name: port3 sflow-sampler: disabled port-security: default-cos: 0 sticky-mac: disable ...
get switch ip-mac-binding
Use this command to get information about IP MAC binding.
Syntax
get switch ip-mac-binding
Example output
get switch ip-mac-binding == [ 1 ] seq-num: 1
get switch ip-source-guard
Use this command to get information about the IP source-guard entries.
Syntax
get switch ip-source-guard
get switch ip-source-guard-violations
Use these commands to get source-guard violations.
Syntax
get switch ip-source-guard-violations all
get switch ip-source-guard-violations interface <interface_name>
Variable |
Description |
all |
Display all source-guard violations. |
interface <interface_name> |
Display source-guard violations for the specified interface. |
get switch lldp
Use this command to get information about LLDP.
Syntax
get switch lldp {auto-isl-status | neighbors-detail <physical port name>| neighbors-summary | profile | settings | stats}
Variable |
Description |
auto-isl-status |
Display statistics and staus for the automatic ISL configuration. |
neighbors-detail <physical port name> |
Display details about a specific LLDP port. |
neighbors-summary |
Display a summary of LLDP neighbors. |
profile |
Display the name of available LLDP profiles. |
settings |
Display whether LLDP is enabled globally, the number of tx-intervals before the local LLDP data expires, the frequency of LLDP PDU transmission, how often the FortiSwitch transmits the first four LLDP packets when a link comes up, and the primary management interface advertised in LLDP and CDP PDUs. |
stats |
Display the number of packets transmitted, received, and discarded; the number of neighbors added, deleted, and expired; and the number of unknown TLVs. |
Example output
S524DF4K15000024 # get switch lldp profile == [ default ] name: default 802.1-tlvs: 802.3-tlvs: med-tlvs: inventory-management network-policy == [ default-auto-isl ] name: default-auto-isl 802.1-tlvs: 802.3-tlvs: med-tlvs: == [ 1 ] name: 1 802.1-tlvs: 802.3-tlvs: med-tlvs: inventory-management network-policy == [ Forti670i ] name: Forti670i 802.1-tlvs: 802.3-tlvs: med-tlvs: inventory-management network-policy S524DF4K15000024 # get switch lldp settings status : enable tx-hold : 8 tx-interval : 2000 fast-start-interval : 3 management-interface: internal
get switch mac-limit-violations
Use this command to see the first MAC address that exceeded the learning limit for an interface or VLAN.
To enable the learning limit violation log for a FortiSwitch unit, see config switch global.
Syntax
get switch mac-limit-violations {all | interface <interface_name> | vlan <VLAN_ID>}
Variable |
Description |
all |
Display the first MAC address that exceeded the learning limit on any interface or VLAN. An asterisk by the interface name indicates that the interface-based learning limit was exceeded. An asterisk by the VLAN identifier indicates the VLAN-based learning limit was exceeded. |
interface <interface_name> |
Display the first MAC address that exceeded the learning limit on a specific interface |
vlan <VLAN_ID> |
Display the first MAC address that exceeded the learning limit on a specific VLAN. |
Example output
S524DF4K16000028 # get switch mac-limit-violations all Port VLAN ID MAC Address Timestamp ---------------------------------------------------------------------------------- port3* 5 00:00:01:00:00:01 2017-12-05 15:55:20 port15 9* 0a:c1:08:bf:cc:80 2017-12-05 15:55:44 S524DF4K16000028 # get switch mac-limit-violations interface port3 Port VLAN ID MAC Address Timestamp ---------------------------------------------------------------------------------- port3* 5 00:00:01:00:00:01 2017-12-05 15:55:20 S524DF4K16000028 # get switch mac-limit-violations vlan 9 Port VLAN ID MAC Address Timestamp ---------------------------------------------------------------------------------- port15 9* 0a:c1:08:bf:cc:80 2017-12-05 15:55:44
get switch mirror status
Use this command to get information about the ERSPAN-auto mirror sessions of your FortiSwitch unit. To configure a packet mirror, see config switch mirror.
Syntax
get switch mirror status <session>
Example output
# get switch mirror status flink.sniffer
flink.sniffer
Mode : ERSPAN-auto
Status : Inactive
Source-Ports:
Ingress: port2, port3
Egress : port8, port9
Used-by-ACLs : False
Auto-config-state : N/A
Last-update : never
Issues : None
Collector-IP : 0.0.0.0
Source-IP : N/A
Source-MAC : N/A
Next-Hop :
IP : N/A
MAC : N/A
Via-System-Interface : N/A
VLAN : N/A
Via-Switch-Interface : N/A
get switch mld-snooping
Use this command to get the MLD-snooping settings of your FortiSwitch unit.
Syntax
get switch mld-snooping {globals | group | static-group | status}
Variable |
Description |
globals |
Display the global MLD-snooping configuration on the FortiSwitch unit. |
group |
Display a list of learned multicast groups. |
static-group |
Display the list of configured static groups. |
status |
Display the status of MLD-snooping VLANs and group |
Example output
S548DF5018000776 # get switch mld-snooping globals
aging-time : 300
leave-response-timeout: 10
query-interval : 125
S548DF5018000776 # get switch mld-snooping group
MLD-SNOOPING mcast-groups:
Max Entries: 1022
port VLAN GROUP Age-timeout MLD-Version
Total Number of Learned MLD groups: 0
S548DF5018000776 # get switch mld-snooping static-group
VLAN ID Group-Name Multicast-addr Member-interface
_______ ______________ _______________ _________________________
S548DF5018000776 # get switch mld-snooping status
MLD-SNOOPING enabled vlans:
-------------------------------
40
MLD-Proxy enabled vlans:
-------------------------------
40
Max multicast snooping groups 1022
Total MLD groups 0 (Learned 0, Static 0)
Total IGMP groups 0 (Learned 0, Static 0)
Remaining allowed mcast snooping groups: 1022
get switch modules
Use this command to get information about the modules in your FortiSwitch unit.
Syntax
get switch modules {detail | limits | status | summary} [<port>]
Variable |
Description |
detail [<port>] |
Display module details for a specific port, split port, or all available ports. |
limits [<port>] |
Display module limits for a specific port, split port, or all available ports. |
status [<port>] |
Display module status for a specific port, split port, or all available ports. |
summary [<port>] |
Display summary information of all modules for a specific port or all available ports and split ports. |
Example output
FS108D3W14000720 # get switch modules detail port10
____________________________________________________________
Port(port10)
identifier SFP/SFP+
connector Unk (0x00)
transceiver 1000-Base-T
encoding 8B/10B
Length Decode Common
length_smf_1km N/A
length_cable 100 meter
SFP Specific
length_smf_100m N/A
length_50um_om2 N/A
length_62um_om1 N/A
length_50um_om3 N/A
vendor FINISAR CORP.
vendor_oid 0x009065
vendor_pn FCLF-8521-3
vendor_rev A
vendor_sn PBR1X35
manuf_date 06/20/2007
FS1E48T419000036 # get switch modules status port51.2
___________________________________________________________
Port(port51.2)
temperature 23.777344 C
voltage 3.303100 volts
alarm_flags 0x0000
warning_flags 0x0000
laser_bias 0.758000 mAmps
tx_power -2.379219 dBm
rx_power -2.201871 dBm
options 0x000F ( TX_DISABLE TX_FAULT RX_LOSS TX_POWER_LEVEL1 )
options_status 0x0008 ( TX_POWER_LEVEL1 )
get switch network-monitor
Use this command to get information about network monitoring on the FortiSwitch unit.
Syntax
get switch network-monitor {directed | settings}
Variable |
Description |
directed |
List the static entries for network monitoring on the switch. |
settings |
Display the global settings for network monitoring on the switch. |
Example output
S524DF4K15000024 # get switch network-monitor directed == [ 1 ] id: 1 S524DF4K15000024 # get switch network-monitor settings db-aging-interval : 3600 status : disable survey-mode : disable survey-mode-interval: 120
get switch phy-mode
Use this command to find out which split ports have been configured. to configure split ports, see config switch phy-mode.
Syntax
get switch phy-mode
Example output
S524DF4K15000024 # get switch phy-mode
port29-phy-mode : 1x40G port30-phy-mode : 1x40G
get switch physical-port
Use this command to get information about the physical ports of your FortiSwitch unit. To configure physical ports, see config switch physical-port.
Syntax
get switch physical-port
Example output
S524DF4K15000024 # get switch physical-port == [ port1 ] name: port1 egress-drop-mode: enabled link-status: down status: up == [ port2 ] name: port2 egress-drop-mode: enabled link-status: down status: up == [ port3 ] name: port3 egress-drop-mode: enabled link-status: down status: up ...
get switch poe inline
Use this command to get information about the system’s power over Ethernet (PoE) functions.
Syntax
get switch poe inline
Example output
S524DF4K15000024 # get switch poe inline Unit Power Budget: 10.00W Unit Guard Band: 10.00W Unit Power Consumption: 0.00W Unit Poe Power Mode : First come first served based. Interface Status State Max-Power(W) Power-consumption(W)Class Error ---------------------------------------------------------------------------------- port1 Enabled Searching 0.00 0.00 0 port2 Enabled Searching 0.00 0.00 0 port3 Enabled Searching 0.00 0.00 0 port4 Enabled Searching 0.00 0.00 0 port5 Enabled Searching 0.00 0.00 0 port6 Enabled Searching 0.00 0.00 0 port7 Enabled Searching 0.00 0.00 0 port8 Enabled Searching 0.00 0.00 0 port9 Enabled Searching 0.00 0.00 0 port10 Enabled Searching 0.00 0.00 0 port11 Enabled Searching 0.00 0.00 0 port12 Enabled Searching 0.00 0.00 0 port13 Enabled Searching 0.00 0.00 0 port14 Enabled Searching 0.00 0.00 0 port15 Enabled Searching 0.00 0.00 0 port16 Enabled Searching 0.00 0.00 0 port17 Enabled Searching 0.00 0.00 0 port18 Enabled Searching 0.00 0.00 0 port19 Enabled Searching 0.00 0.00 0 port20 Enabled Searching 0.00 0.00 0 port21 Enabled Searching 0.00 0.00 0 port22 Enabled Searching 0.00 0.00 0 port23 Enabled Searching 0.00 0.00 0 port24 Enabled Searching 0.00 0.00 0
get switch qos
Use this command to get information about the QoS configuration:
Syntax
get switch qos (dot1p-map | ip-dscp-map | qos-policy)
Variable |
Description |
dot1p-map |
List the available dot1p maps, as well as the CoS values. |
ip-dscp-map |
List the available DSCP maps. |
qos-policy |
List the available QoS policies. |
Example output
S524DF4K15000024 # get switch qos dot1p-map == [ test1 ] name: test1 priority-0: queue-2 priority-1: queue-0 priority-2: queue-1 priority-3: queue-3 priority-4: queue-4 priority-5: queue-5 priority-6: queue-6 priority-7: queue-7 S524DF4K15000024 # get switch qos ip-dscp-map == [ m1 ] name: m1 S524DF4K15000024 # get switch qos qos-policy == [ default ] name: default == [ policy1 ] name: policy1
get switch raguard-policy
Use the following command to list the available IPv6 RA-guard policies. To create an IPv6 RA-guard policy, see config switch raguard-policy.
Syntax
get switch raguard-policy
Example output
S524DF4K15000024 # get switch raguard-policy
== [ RApolicy1 ]
name: RApolicy1
get switch security-feature
Use this command to display the security-feature settings. To configure security checks for incoming TCP/UDP packets, see config switch security-feature.
Syntax
get switch security-feature
Example output
S524DF4K15000024 # get switch security-feature
sip-eq-dip : enable tcp-flag : enable tcp-port-eq : enable tcp-flag-FUP : enable tcp-flag-SF : enable v4-first-frag : enable udp-port-eq : enable tcp-hdr-partial : enable macsa-eq-macda : enable allow-mcast-sa : enable allow-sa-mac-all-zero: enable
get switch static-mac
Use this command to display the static MAC addresses.
Syntax
get switch static-mac
Example output
S524DF4K15000024 # get switch static-mac == [ 1 ] seq-num: 1 interface: port5 mac: 00:21:cc:d2:76:72 vlan-id: 35
get switch storm-control
Use this command to display storm control settings on your FortiSwitch unit. To configure storm control, see config switch storm-control.
Syntax
get switch storm-control
Example output
S524DF4K15000024 # get switch storm-control broadcast : enable rate : 1000 unknown-multicast : enable unknown-unicast : enable
get switch stp instance
Use this command to get information about STP instances on your FortiSwitch unit. To configure an STP instance, see config switch stp instance.
Syntax
get switch stp instance
Example output
# get switch stp instance
== [ 0 ]
id: 0
== [ 1 ]
id: 1
get switch stp settings
Use this command to get information about STP settings on your FortiSwitch unit. To configure STP settings, see config switch stp settings.
Syntax
get switch stp settings
Example output
S524DF4K15000024 # get switch stp settings forward-time : 15 hello-time : 5 max-age : 20 max-hops : 20 name : region1 revision : 1 status : enable
get switch trunk
Use this command to get information about which trunks on the FortiSwitch unit have been configured for link aggregation. To configure link aggregation, see config switch trunk.
Syntax
get switch trunk
Example output
# get switch trunk
== [ 1 ]
name: 1 members:
== [ port3 ]
member-name: port3
== [ port10 ]
member-name: port10
== [ port1 ]
member-name: port1
get switch virtual-wire
Virtual wire allows you to forward traffic between two ports with minimal filtering or packet modifications. To configure a virtual wire, see config switch virtual-wire.
Syntax
get switch virtual-wire
Example output
S524DF4K15000024 # get switch virtual-wire == [ 1 ] name: 1
get switch vlan
Use this command to get information about VLANs on the FortiSwitch unit. To configure a VLAN, see config switch vlan.
Syntax
get switch vlan
Example output
# get switch vlan
== [ 1 ]
id: 1 private-vlan-type: primary isolated-vlan: 2 community-vlans: 3
== [ 2 ]
id: 2 private-vlan-type: isolated sub-VLAN primary-vlan: 1
== [ 3 ]
id: 3 private-vlan-type: community sub-VLAN primary-vlan: 1
get system accprofile
Use this command to view a list of all the system administration access groups. To add an access profile group, see config system accprofile.
Syntax
get system admin accprofile
Example output
S524DF4K15000024 # get system accprofile == [ prof_admin ] name: prof_admin == [ profile1 ] name: profile1
get system admin list
Use this command to view a list of all the current administration sessions.
Syntax
get system admin list
Example output
# get system admin list
username local device remote started
admin sshv2 port1:172.20.120.148:22 172.20.120.16:4167 2006-08-09 12:24:20
admin https port1:172.20.120.148:443 172.20.120.161:56365 2006-08-09 12:24:20
admin https port1:172.20.120.148:443 172.20.120.16:4214 2006-08-09 12:25:29
Variable |
Description |
username |
Name of the admin account for this session |
local |
The protocol this session used to connect to the system. |
device |
The interface, IP address, and port used by this session to connect to the system. |
remote |
The IP address and port used by the originating computer to connect to the system. |
started |
The time the current session started. |
get system admin status
Use this command to view the status of the currently logged in admin and their session. To configure an administrator account, see config system admin.
Syntax
get system admin status
Example Output
# get system admin status
username: admin
login local: sshv2
login device: port1:172.20.120.148:22
login remote: 172.20.120.16:4167
login vdom: root
login started: 2006-08-09 12:24:20
current time: 2006-08-09 12:32:12
Variable |
Description |
username |
Name of the admin account currently logged in. |
login local |
The protocol used to start the current session. |
login device |
The login information from the FortiSwitch including interface, IP address, and port number. |
login remote |
The computer the user is logging in from including the IP address and port number. |
login vdom |
The virtual domain the admin is current logged into. |
login started |
The time the current session started. |
current time |
The current time of day on the system |
get system arp
Use this command to view the ARP table entries on the FortiSwitch unit. To manually add ARP table entries to the FortiSwitch unit, see config system arp-table.
Syntax
get system arp
Example output
S524DF4K15000024 # get system arp Address Age(min) Hardware Addr Interface 10.105.16.1 0 90:6c:ac:15:2f:94 mgmt 11.1.1.100 - 00:00:5e:00:01:05 vlan-8 (proxy)
get system arp-table
Use this command to view the ARP tables on the FortiSwitch unit.
Syntax
get system arp-table
Example output
# get system arp-table
== [ 1 ]
id: 1 interface: internal ip: 10.10.10.10 mac: 01:02:03:04:05:aa
get system auto-update
Use this command to get information about automatic updates.
Syntax
get system auto-update {status | versions}
Variable |
Description |
status |
Display the status of automatic updates. |
versions |
Display object versions. |
Example output
S524DF4K15000024 # get system auto-update status
FDN availability: unknown at Wed Dec 31 17:00:00 1969 Push update: disable Scheduled update: enable Update daily: 1:00 Server override: disable Push address override: disable Web proxy tunneling: disable
get system bug-report
Use this command to get information about configuration related to bug reporting. To configure a custom email relay for sending problem reports to Fortinet customer support, see config system bug-report.
Syntax
get system bug-report
Example output
S524DF4K15000024 # get system bug-report
auth : no mailto : fortiswitch@fortinet.com password : (null) server : fortinet.com username : bug_report username-smtp : bug_report
get system certificate
Use this command to display configuration related to central management service:
Syntax
get system certificate (ca | crl | local | oscp | remote)
Variable |
Description |
ca |
List available CA certificates. |
crl |
Display the certificate revocation lists available. |
local |
List available local keys and certificates. |
ocsp |
Display the OCSP (Online Certificate Status Protocol) server certificate, the action to take when the server is unavailable, and the URL to the OCSP server. |
remote |
List available remote certificates. |
Example output
S524DF4K15000024 # get system certificate ca == [ Fortinet_CA ] name: Fortinet_CA == [ Fortinet_CA2 ] name: Fortinet_CA2 == [ Entrust_802.1x_CA ] name: Entrust_802.1x_CA == [ Entrust_802.1x_L1K_CA ] name: Entrust_802.1x_L1K_CA == [ Entrust_802.1x_G2_CA ] name: Entrust_802.1x_G2_CA S524DF4K15000024 # get system certificate crl == [ 1 ] name: 1 S524DF4K15000024 # get system certificate local == [ Fortinet_Factory ] name: Fortinet_Factory == [ Fortinet_Firmware ] name: Fortinet_Firmware == [ Entrust_802.1x ] name: Entrust_802.1x S524DF4K15000024 # get system certificate ocsp cert : (null) unavail-action : revoke url : (null) S524DF4K15000024 # get system certificate remote == [ 1 ] name: 1
get system cmdb status
Use this command to view information about configuration management database (CMDB) on the FortiSwitch unit.
Syntax
get system cmdb status
Variable |
Description |
version |
Version of the CMDB software. |
owner id |
Process identifier of the CMDB server daemon. |
update index |
The updated index shows how many changes have been made in the CMDB. |
config checksum |
The configuration file version used by FortiManager. |
last request pid |
The last process to access the CMDB. |
last request type |
Type of the last attempted access of the CMDB. |
last request |
The number of the last attempted access of the CMDB. |
Example output
# get system cmdb status
version: 1
owner id: 18
update index: 6070
config checksum: 12879299049430971535
last request pid: 68
last request type: 29
last request: 78
get system console
Use this command to get information about the console connection. To configure the console, see config system console.
Syntax
get system console
Example output
S524DF4K15000024 # get system console
baudrate : 115200 mode : line output : more
get system dns
Use this command to get information about the DNS settings. To configure DNS, see config system dns.
Syntax
get system dns
Example output
S524DF4K15000024 # get system dns
primary : 208.91.112.53 secondary : 208.91.112.52 domain : (null) ip6-primary : :: ip6-secondary : :: dns-cache-limit : 5000 dns-cache-ttl : 1800 cache-notfound-responses: disable source-ip : 0.0.0.0
get system flow-export
Use this command to display the flow-export configuration. To configure flow export, see config system flow-export.
Syntax
get system flow-export
Example output
S524DF4K15000024 # get system flow-export aggregates: collector-ip : 0.0.0.0 collector-port : 0 format : ipfix identity : 0x00000000 level : ip max-export-pkt-size : 512 timeout-general : 3600 timeout-icmp : 300 timeout-max : 604800 timeout-tcp : 3600 timeout-tcp-fin : 300 timeout-tcp-rst : 120 timeout-udp : 300 transport : tcp
get system flow-export-data
Use this command to display the flow-export data. To configure flow export, see config system flow-export.
Syntax
get system flow-export-data flows {all | <count>} {ip | subnet | mac | all} <switch_interface_name>
get system flow-export-data flows-raw {all | <count>} {ip | subnet | mac | all} <switch_interface_name>
get system flow-export-data statistics
NOTE: Layer-2 flows for netflow 1 and netflow 5 are not supported. For the output of the get system flow-export-data statistics
command, the Incompatible Type field displays how many flows are not exported because they are not supported.
Variable |
Description |
flows {all | <count>} {ip | subnet | mac | all} <switch_interface_name> |
Display the specified number of records or all records of flow data for the specified IP address, subnet (class IP address and netmask), MAC address, or all. |
flows-raw {all | <count>} {ip | subnet | mac | all} <switch_interface_name> |
Display the specified number of records or all records of raw flow data for the specified IP address, subnet (class IP address and netmask), MAC address, or all. |
statistics |
Display the statistics for the flow data. |
get system fsw-cloud
Use this command to display the configuration of the FortiSwitch Cloud. To configure the FortiSwitch Cloud, see config system fsw-cloud.
Syntax
get system fsw-cloud
Example output
S524DF4K15000024 # get system fsw-cloud interval : 15 name : fortiswitch-dispatch.forticloud.com port : 443 status : enable
get system fsw-cloud-mgr connection-info
Use this command to check your connections to the FortiSwitch Cloud.
Syntax
get system fsw-cloud-mgr connection-info
Example output
S1D243Z14000027 # get system fsw-cloud-mgr connection-info Dispatch Service : IP= xx.xxx.xxx.xx Access Service : IP= xx.xxx.xxx.xxx, Port= 443, Connected on: 2017-10-25 18:03:33 State-Machine : State= FSMGR_STATE_READY, Event= EV_READY_HBEAT_GOOD Bootstrap Service : hostname= xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.com, Port= 8000 Bootstrap State : State= OK, api-ver= v1 SSL verify Code : ok SSL Tunnel Uptime : Days: 0 Hours: 20 Mins: 5 SSL Tunnel stats : restart-count= 5, Reason= HTTP Response data error Stats: ======== Switch Keep Alive Tx/Reply := 2408 / 2408 Manager Keep Alive Rx/Error := 2410 / 0 Socks Req Rx/Last Stream-ID := 10131 / 490 Reset Req Rx/last Stream-ID := 247 / 490 Goaway Req Rx := 0 Unknown Req Rx := 0 Syslog Tx/Err := 199 / 0 Used SOCKS stream-id: ======================= SID SockFd State Description ___ ______ _____ _______________ 5 0 DATA SYSLOG DATA
get system global
Use this command to get the global settings of your FortiSwitch unit. To configure global settings, config system global.
Syntax
get system global
Example output
S524DF4K15000024 # get system global
802.1x-ca-certificate: Entrust_802.1x_CA 802.1x-certificate : Entrust_802.1x admin-concurrent : enable admin-https-pki-required: disable admin-https-ssl-versions: tlsv1-1 tlsv1-2 admin-lockout-duration: 60 admin-lockout-threshold: 3 admin-port : 80 admin-scp : disable admin-server-cert : Fortinet_Firmware admin-sport : 443 admin-ssh-grace-time: 120 admin-ssh-port : 22 admin-ssh-v1 : disable admin-telnet-port : 23 admintimeout : 5 allow-subnet-overlap: disable asset-tag : (null) cfg-save : automatic csr-ca-attribute : enable daily-restart : disable detect-ip-conflict : enable dst : enable gui-lines-per-page : 50 hostname : S524DF4K15000024 image-rotation : disable kernel-crashlog : enable language : english ldapconntimeout : 500 radius-port : 1812 refresh : 0 remoteauthtimeout : 5 revision-backup-on-logout: enable revision-backup-on-upgrade: enable strong-crypto : disable switch-mgmt-mode : local timezone : (GMT-8:00)Pacific Time(US&Canada). user-server-cert : Fortinet_Factory
get system info admin ssh
Use this command to display information about the SSH configuration on the FortiSwitch unit such as:
- the SSH port number
- the interfaces with SSH enabled
- the hostkey DSA fingerprint
- the hostkey RSA fingerprint
Syntax
get system info admin ssh
Example output
# get system info admin ssh
SSH v2 is enabled on port 22
SSH is enabled on the following 1 interfaces:
mgmt
SSH hostkey DSA fingerprint = cd:e1:87:70:bb:f0:9c:7d:e3:7b:73:f7:44:23:a5:99
SSH hostkey RSA fingerprint = c9:5b:49:1d:7c:ba:be:f3:9d:39:33:4d:48:9d:b8:49
get system info admin status
Use this command to display administrators that are logged into the FortiSwitch unit.
Syntax
get system info admin status
Variable |
Description |
Index |
The order the administrators logged in. |
User name |
The name of the user account logged in. |
Login type |
Which interface was used to log in. |
From |
The IP address this user logged in from. |
Example output
Index User name Login type From
0 admin CLI ssh(172.20.120.16)
1 admin WEB 172.20.120.16
get system interface physical
Use this command to list information about the physical network interfaces.
Syntax
get system interface physical
Example output
S524DF4K15000024 # get system interface physical == [onboard] ==[internal] mode: static ip: 0.0.0.0 0.0.0.0 ipv6: ::/0 status: up speed: n/a (Duplex: n/a) rx : 0 bytes 0 packets tx : 8405158 bytes 160742 packets ==[mgmt] mode: dhcp ip: 10.105.19.3 255.255.252.0 ipv6: ::/0 status: up speed: 1000Mbps (Duplex: full) rx : 11558117 bytes 85986 packets tx : 7048800 bytes 39380 packet
get system ipv6-neighbor-cache
Use this command to list information about the IPv6 neighbor cache table. To configure the IPv6 neighbor cache table, see config system ipv6-neighbor-cache.
Syntax
get system ipv6-neighbor-cache
get system link-monitor
Use this command to list information about the physical network interfaces. To configure the link health monitor, see config system link-monitor .
Syntax
get system link-monitor
get system location
Use this command to get information about the location table used by LLDP-MED for enhanced 911 emergency calls. To configure a location table, see config system location.
Syntax
get system location
Example output
S548DF5018000776 # get system location
== [ Fortinet ]
name: Fortinet
get system ntp
Use this command to get information about the NTP settings. To configure an NTP server, see config system ntp.
Syntax
get system ntp
Example output
ntpserver:
== [ 1 ]
id: 1
== [ 2 ]
id: 2
ntpsync : enable
source-ip : 0.0.0.0
syncinterval : 1
get system password-policy
Use this command to view the password policy. To create a password policy, see config system password-policy.
Syntax
get system password-policy
Example output
# get system password-policy
status : enable
apply-to : admin-password
minimum-length : 8
min-lower-case-letter: 2
min-upper-case-letter: 2
min-non-alphanumeric: 0
min-number : 2
change-4-characters : disable
expire-status : disable
get system performance firewall statistics
Use this command to display a list of traffic types (such as browsing, email, and DNS) and the number of packets and number of payload bytes accepted by the firewall for each type since the system was restarted.
Syntax
get system performance firewall statistics
Example output
get system performance firewall statistics
getting traffic statistics...
Browsing: 623738 packets, 484357448 bytes
DNS: 5129187383836672 packets, 182703613804544 bytes
E-Mail: 23053606 packets, 2 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 654722117362778112 packets, 674223966126080 bytes
VoIP: 16834455 packets, 10 bytes
Generic TCP: 266287972352 packets, 8521215115264 bytes
Generic UDP: 0 packets, 0 bytes
Generic ICMP: 0 packets, 0 bytes
Generic IP: 0 packets, 0 bytes
get system performance status
Use this command to display FortiSwitch CPU usage, memory usage, network usage, sessions, virus, IPS attacks, and system up time.
Syntax
get system performance status
Example output
S524DF4K15000024 # get system performance status CPU states: 0% user 16% system 0% nice 84% idle Memory states: 10% used Average network usage: 0 kbps in 1 minute, 0 kbps in 10 minutes, 0 kbps in 30 minutes Uptime: 0 days, 22 hours, 5 minutes
Variable |
Description |
CPU states |
The percentages of CPU cycles used by user, system, nice and idle categories of processes. These categories are:
|
Memory states |
The percentage of memory used. |
Average network usage |
The average amount of network traffic in kbps in the last 1, 10 and 30 minutes. |
Uptime |
How long since the system has been restarted. |
get system performance top
Use this command to display the list of processes running on the system (similar to the Linux top
command).
The following commands are available when get system performance top
is running:
- Press Q or Ctrl+C to quit.
- Press P to sort the processes by the amount of CPU that the processes are using.
- Press M to sort the processes by the amount of memory that the processes are using.
Syntax
get system performance top [<delay_int>] <max_lines_int>]]
Variable |
Description |
<delay_int> |
The delay, in seconds, between updating the process list. The default is 5 seconds. |
<max_lines_int> |
The maximum number of processes displayed in the output. The default is 20 lines. |
Example output
S524DF4K15000024 # get system performance top Run Time: 0 days, 22 hours and 13 minutes 0U, 7S, 93I; 1978T, 1684F newcli 3424 R < 0.1 0.4 pyfcgid 770 S 0.0 0.7 pyfcgid 898 S 0.0 0.7 pyfcgid 899 S 0.0 0.7 cmdbsvr 610 S 0.0 0.6 httpsd 771 S 0.0 0.6 httpsd 1998 S 0.0 0.5 httpsd 901 S 0.0 0.5 miglogd 773 S 0.0 0.5 initXXXXXXXXXXX 1 S 0.0 0.5 newcli 1040 S < 0.0 0.5 ipconflictd 799 S 0.0 0.5 httpsd 900 S 0.0 0.4 fsmgrd 806 S 0.0 0.4 lldpmedd 800 S 0.0 0.4 eap_proxy 804 S 0.0 0.4 authd 803 S 0.0 0.4 router_launcher 768 S 0.0 0.4 sshd 790 S 0.0 0.4 stpd 795 S 0.0 0.4
get system schedule group
Use this command to list available schedule groups for when an access control list (ACL) will be active. To configure a schedule group, see config system schedule group.
Syntax
get system schedule group
Example output
S548DF5018000776 # get system schedule group
== [ group1 ]
name: group1
get system schedule onetime
Use this command to list available one-time schedules for when an access control list (ACL) will be active. To configure a one-time schedule, see config system schedule onetime.
Syntax
get system schedule onetime
Example output
S548DF5018000776 # get system schedule onetime
== [ schedule1 ]
name: schedule1
get system schedule recurring
Use this command to list schedules for when an access control list (ACL) will be active every week. To configure a recurring schedule, see config system schedule recurring.
Syntax
get system schedule recurring
Example output
S548DF5018000776 # get system schedule recurring
== [ schedule2 ]
name: schedule2
get system settings
Use this command to get information about equal cost multi-path (ECMP) routing. To configure ECMP routing, see config system settings.
Syntax
get system settings
Example output
#get system settings
v4-ecmp-mode : source-ip-based
get system sflow
Use this command to display the sFlow settings. To configure sFlow, see config system sflow.
Syntax
get system sflow
Example output
S524DF4K15000024 # get system sflow
collector-ip : 0.0.0.0 collector-port : 6343
get system sniffer-profile capture
Use this command to display the packet capture for a specific packet-capture profile. To create a packet-capture profile, see config system sniffer-profile.
Syntax
get system sniffer-profile capture <profile_name>
get system sniffer-profile summary
Use this command to display the status of all configured packet-capture profiles. To create a packet-capture profile, see config system sniffer-profile.
Syntax
get system sniffer-profile summary
Example output
S524DF4K15000024 # get system sniffer-profile summary
Maximum memory available for storing packet-capture: 100 MB.
Name | Status | Pkt-Count |Snap Len | Size (KB) | Filter
=========================================================================================
profile1 | Stop | No Capture | 100 | 0.00 | none
get system snmp sysinfo
Use this command to get information about your system’s SNMP settings. To configure the SNMP agent, see config system snmp sysinfo.
Syntax
get system snmp sysinfo
Example output
S524DF4K15000024 # get system snmp sysinfo contact-info : (null) description : (null) engine-id : (null) location : (null) status : disable trap-high-cpu-threshold: 80 trap-log-full-threshold: 90 trap-low-memory-threshold: 80 trap-temp-alarm-threshold: 60 trap-temp-warning-threshold: 50
get system source-ip status
Use this command to list defined source IP addresses.
Syntax
get system source-ip status
Example output
# get sys source-ip status
The following services force their communication to use
a specific source IP address:
service=NTP source-ip=172.18.19.101
service=DNS source-ip=172.18.19.101
vdom=root service=RADIUS name=server-pc25 source-ip=10.1.100.101
vdom=root service=TACACS+ name=tac_plus_pc25 source-ip=10.1.100.101
vdom=root service=FSAE name=pc26 source-ip=172.18.19.101
vdom=V1 service=RADIUS name=pc25-Radius source-ip=172.16.200.101
vdom=V1 service=TACACS+ name=pc25-tacacs+ source-ip=172.16.200.101
vdom=V1 service=FSAE name=pc16 source-ip=172.16.200.101
get system startup-error-log
Use this command to display information about system startup errors. This command only displays information if an error occurs when the system starts up.
Syntax
get system startup-error-log
get system status
Use this command to display FortiSwitch status information including:
- firmware version, build number, and branch point
- serial number
- host name
- system time and date and related settings
Syntax
get system status
Example output
S524DF4K15000024 # get system status Version: FortiSwitch-524D-FPOE v3.6.2,build0382,170829 (GA) Serial-Number: S524DF4K15000024 BIOS version: 04000013 System Part-Number: P18045-04 Burn in MAC: 08:5b:0e:f1:95:e4 Hostname: S524DF4K15000024 Distribution: International Branch point: 382 System time: Tue Sep 12 16:16:40 2017
get test
Use this command to display information about applications on this FortiSwitch unit:
Syntax
get test {dnsproxy | fpmd | radiusd | sflowd | snmpd} <test_level_int>
Variable |
Description |
{dnsproxy | fpmd | radiusd | sflowd | snmpd} |
Set the application to be tested. Tests can be run on the following applications:
|
<test_level_int> |
Set the level for the test. |
Example output
S524DF4K15000024 # get test fpmd 1 ROUTE_V4_ADD : 9 INTF_V4_ADDR_ADD : 14 ROUTE_V4_MGMT_FWD_DISABLED : 4 ROUTE_ADD_INVALID_FAMILY : 3 ROUTE_ADD_INET127 : 1 S524DF4K15000024 # get test sflowd 1 cmf sflow collector:0.0.0.0:[6343] sflowd collector:0.0.0.0:[6343]
get user group
Use this command to list all user groups. To add a user group, see config user group.
Syntax
get user group
Example output
S524DF4K15000024 # get user group
== [ group1 ] name: group1 == [ radgroup ] name: radgroup
get user ldap
Use this command to list LDAP users. To add an LDAP user, see config user ldap.
Syntax
get user ldap
get user local
Use this command to list local users. To add a local user, see config user local.
Syntax
get user local
Example output
S524DF4K15000024 # get user local == [ user1 ] name: user1
get user radius
Use this command to list RADIUS users. To add a RADIUS user, see config user radius.
Syntax
get user radius
Example output
S524DF4K15000024 # get user radius == [ serve2 ] name: serve2 == [ radone ] name: radone
get user setting
Use this command to get information about all the system’s user settings.
Syntax
get user setting
Example output
S524DF4K15000024 # get user setting auth-blackout-time : 0 auth-cert : (null) auth-http-basic : disable auth-invalid-max : 5 auth-multi-group : enable auth-ports: == [ 1 ] id: 1 auth-secure-http : disable auth-timeout : 5 auth-timeout-type : idle-timeout auth-type : http https ftp telnet
get user tacacs+
Use this command to get information about tacacs+ users.
Syntax
get user tacacs+
Example output
S524DF4K15000024 # get user tacacs+ == [ tacserver ] name: tacserver