Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Administration Guide
Introduction
System
Dashboard
Network
Management ports
Models without a dedicated management port
Models with a dedicated management port
Example configurations
Overlapping subnets
Switch virtual interfaces
VRRP
Loopback
IP conflict detection
ARP timeout value
Using SSH and the Telnet client
Config
SNMP
Firmware
Backup
Revisions
Licenses
Time
SSL
Configuring the temperature sensor
Admin
Administrators
Profiles
Access control
Monitor
Setting the idle timeout
Configuring system banners
Using the alias commands
User
User definition
User groups
Authentication
RADIUS
TACACS
TACACS+ server
Administrative accounts
User accounts
Example configuration
Flow export
DHCP
Configuring a DHCP server
Detailed operation of a DHCP relay
Configuring a DHCP relay
Packet capture
Fault relay support
Identifying a specific FortiSwitch unit
Switch
Port
Physical port settings
Configuring general port settings
Configuring flow control, priority-based flow control, and ingress pause metering
Auto-module speed detection
Setting port speed (autonegotiation)
Configuring power over Ethernet on a port
Energy-efficient Ethernet
Diagnostic monitoring interface module status
Configuring split ports
Configuring QSFP low-power mode
Configuring physical port loopbacks
Switched interfaces
Dynamic MAC address learning
Layer-2 table
Loop guard
TFTP network port
Cable diagnostics
Link aggregation groups
MCLAG
Multi-stage load balance
Unicast hashing
Interface
MACsec
802.1x authentication
Dynamic VLAN assignment
Dynamic access control lists
MAC authentication bypass (MAB)
Configuring global settings
Configuring the 802.1x settings on an interface
Viewing the 802.1x details
Clearing port authorizations
Authenticating users with a RADIUS server
Authenticating an admin user with RADIUS
RADIUS accounting and FortiGate RADIUS single sign-on
RADIUS change of authorization (CoA)
Use cases
Detailed deployment notes
STP
MSTP overview and terminology
MSTP configuration
Interactions outside of the MSTP region
Viewing the MSTP configuration
Support for interoperation with Rapid per-VLAN RSTP (Rapid PVST+ or RPVST+)
Flap guard
IP source guard
Dynamic ARP inspection
IPv6 router advertisement guard
LLDP-MED
Configuration notes
LLDP global settings
Configuring LLDP profiles
Configuring an LLDP profile for the port
Enabling LLDP on a port
Checking the LLDP configuration
Configuration deployment example
Checking LLDP details
LLDP OIDs
ACL
ACL policy attributes
Configuring an ACL policy
Configuration examples
Selective packet sampling
Creating a schedule
IGMP snooping
MLD snooping
PoE
sFlow
Mirror
Configuring a SPAN mirror
Configuring an RSPAN mirror
Configuring an ERSPAN auto mirror
Configuring an ERSPAN manual mirror
VLAN
Native VLAN
Allowed VLAN list
Untagged VLAN list
Packet processing
Configuring VLANs
Example 1
Example 2
VLAN stacking (QnQ)
MAC/IP/protocol-based VLANs
Private VLANs
Virtual wires
Storm control
MAC entries
Persistent (sticky) MAC addresses
Static MAC addresses
Network monitoring
IP-MAC binding
QoS
Classification
Marking
Queuing
Determining the egress queue
Configuring FortiSwitch QoS
Checking the QoS statistics
Resetting and restoring QoS counters
Configuring security checks
Cut-through switching mode
Enabling packet forwarding
Configuring auto topology
Viewing port statistics
DHCP snooping
Media Redundancy Protocol
Configuring PTP transparent-clock mode
Router
Config
Layer-3 routing in hardware
Using layer-3 routing within an MCLAG
Unicast reverse-path forwarding (uRPF)
Policy-based routing
OSPF
RIP
BGP routing
Parts and terminology of BGP
How BGP works
Troubleshooting BGP
Configuring BGP
Sample configuration
IS-IS routing
Multicast
Static and IPv6 static
Remote access to the management port
Equal cost multi-path (ECMP) routing
Link probes
Link monitor
Bidirectional forwarding detection
Virtual routing and forwarding
Diagnostic
ARP table
Monitor
Log
Deployment scenario
Appendix A: FortiSwitch-supported RFCs
Appendix B: Supported attributes for RADIUS CoA and RSSO
Home
FortiSwitch 7.0.2
Administration Guide
7.0.2
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.9
7.0.8
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.11
6.4.6
6.4.5
6.4.3
6.4.2
6.4.0
6.2.5
6.2.2
6.2.1
6.2.0
Network
Network
The following topics provide information about network settings:
Management ports
Overlapping subnets
Switch virtual interfaces
VRRP
Loopback
IP conflict detection
ARP timeout value
Using SSH and the Telnet client
Previous
Next
Network
Network
The following topics provide information about network settings:
Management ports
Overlapping subnets
Switch virtual interfaces
VRRP
Loopback
IP conflict detection
ARP timeout value
Using SSH and the Telnet client
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Introduction
System
Dashboard
Network
Management ports
Models without a dedicated management port
Models with a dedicated management port
Example configurations
Overlapping subnets
Switch virtual interfaces
VRRP
Loopback
IP conflict detection
ARP timeout value
Using SSH and the Telnet client
Config
SNMP
Firmware
Backup
Revisions
Licenses
Time
SSL
Configuring the temperature sensor
Admin
Administrators
Profiles
Access control
Monitor
Setting the idle timeout
Configuring system banners
Using the alias commands
User
User definition
User groups
Authentication
RADIUS
TACACS
TACACS+ server
Administrative accounts
User accounts
Example configuration
Flow export
DHCP
Configuring a DHCP server
Detailed operation of a DHCP relay
Configuring a DHCP relay
Packet capture
Fault relay support
Identifying a specific FortiSwitch unit
Switch
Port
Physical port settings
Configuring general port settings
Configuring flow control, priority-based flow control, and ingress pause metering
Auto-module speed detection
Setting port speed (autonegotiation)
Configuring power over Ethernet on a port
Energy-efficient Ethernet
Diagnostic monitoring interface module status
Configuring split ports
Configuring QSFP low-power mode
Configuring physical port loopbacks
Switched interfaces
Dynamic MAC address learning
Layer-2 table
Loop guard
TFTP network port
Cable diagnostics
Link aggregation groups
MCLAG
Multi-stage load balance
Unicast hashing
Interface
MACsec
802.1x authentication
Dynamic VLAN assignment
Dynamic access control lists
MAC authentication bypass (MAB)
Configuring global settings
Configuring the 802.1x settings on an interface
Viewing the 802.1x details
Clearing port authorizations
Authenticating users with a RADIUS server
Authenticating an admin user with RADIUS
RADIUS accounting and FortiGate RADIUS single sign-on
RADIUS change of authorization (CoA)
Use cases
Detailed deployment notes
STP
MSTP overview and terminology
MSTP configuration
Interactions outside of the MSTP region
Viewing the MSTP configuration
Support for interoperation with Rapid per-VLAN RSTP (Rapid PVST+ or RPVST+)
Flap guard
IP source guard
Dynamic ARP inspection
IPv6 router advertisement guard
LLDP-MED
Configuration notes
LLDP global settings
Configuring LLDP profiles
Configuring an LLDP profile for the port
Enabling LLDP on a port
Checking the LLDP configuration
Configuration deployment example
Checking LLDP details
LLDP OIDs
ACL
ACL policy attributes
Configuring an ACL policy
Configuration examples
Selective packet sampling
Creating a schedule
IGMP snooping
MLD snooping
PoE
sFlow
Mirror
Configuring a SPAN mirror
Configuring an RSPAN mirror
Configuring an ERSPAN auto mirror
Configuring an ERSPAN manual mirror
VLAN
Native VLAN
Allowed VLAN list
Untagged VLAN list
Packet processing
Configuring VLANs
Example 1
Example 2
VLAN stacking (QnQ)
MAC/IP/protocol-based VLANs
Private VLANs
Virtual wires
Storm control
MAC entries
Persistent (sticky) MAC addresses
Static MAC addresses
Network monitoring
IP-MAC binding
QoS
Classification
Marking
Queuing
Determining the egress queue
Configuring FortiSwitch QoS
Checking the QoS statistics
Resetting and restoring QoS counters
Configuring security checks
Cut-through switching mode
Enabling packet forwarding
Configuring auto topology
Viewing port statistics
DHCP snooping
Media Redundancy Protocol
Configuring PTP transparent-clock mode
Router
Config
Layer-3 routing in hardware
Using layer-3 routing within an MCLAG
Unicast reverse-path forwarding (uRPF)
Policy-based routing
OSPF
RIP
BGP routing
Parts and terminology of BGP
How BGP works
Troubleshooting BGP
Configuring BGP
Sample configuration
IS-IS routing
Multicast
Static and IPv6 static
Remote access to the management port
Equal cost multi-path (ECMP) routing
Link probes
Link monitor
Bidirectional forwarding detection
Virtual routing and forwarding
Diagnostic
ARP table
Monitor
Log
Deployment scenario
Appendix A: FortiSwitch-supported RFCs
Appendix B: Supported attributes for RADIUS CoA and RSSO