Fortinet white logo
Fortinet white logo

Administration Guide

Introduction

Introduction

This guide provides information about configuring a FortiSwitch unit in standalone mode. In standalone mode, you manage the FortiSwitch unit by connecting directly to the unit, either using the web-based manager (also known as the GUI) or the CLI.

If you will be managing your FortiSwitch unit using a FortiGate unit, refer to the FortiLink Guide—FortiSwitch Devices Managed by FortiOS 7.2.

If you will be managing your FortiSwitch unit using FortiLAN Cloud, see the FortiLAN Cloud User Guide.

If you will be managing your FortiSwitch unit using FortiSwitch Manager, see the FortiSwitch Manager Administration Guide.

This section covers the following topics:

Supported models

This guide is for all FortiSwitch models that are supported by FortiSwitchOS, which includes all of the D-series, E-series, and F-series models.

Whatʼs new in FortiSwitchOS 7.2.2

Release 7.2.2 provides the following new features:

  • You can now specify static entries for DHCP snooping and DAI by manually associating an IP address with a MAC address in the CLI. For more details, see Specify any DHCP-snooping static entries.

  • You can now override the global option-82 setting for DHCP requests by specifying plain text strings for the Circuit ID field and the Remote ID field for a specific VLAN on a port. For more details, see Overriding the option-82 settings for a specific VLAN on a port.

  • You can now use the GUI to configure MLD snooping on FortiSwitch VLANs. For more details, see Configuring MLD snooping on the VLANs.

  • You can now use the following wildcard characters in the set value command for the automation trigger used for an automation stitch:

    • Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

    • Use square brackets to match one of the multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

  • You can now configure multiple fields for the automation trigger used for an automation stitch when the event-type is event-log and the logid is set. The action is only performed if all conditions are valid (using AND logic). For more details, see Configuring automation stitches.

  • You can use a new CLI command to change how a FortiSwitch unit with Power over Ethernet (PoE) disconnects from a powered device:

    config switch physical-port

    edit <port_name>

    set poe-disconnection-type {AC | DC | DC-delay}

    next

    end

    For more details, see Configuring PoE in the CLI.

  • VXLAN tunnels are now supported on FS-3032E.

  • If an unverified firmware image is uploaded to FortiSwitchOS, the following warning is displayed in the GUI: “WARNING: This firmware failed signature validation.”

  • You can now display IPv4 and IPv6 routes by VRF instance on the Router > Monitor > Routing and Router > Monitor > IPv6 Routing pages.

  • The default value for the set dhcp-snoop-client-req command (under config system global) is now drop-untrusted, instead of forward-untrusted.

  • The new set ebgp-requires-policy command (under config router bgp) is set to enable by default, which prevents the BGP router from learning or advertising prefixes from or to its eBGP peers.

  • Under the config router ospf command, set ucast-ttl has been renamed to set ttl. This setting now applies to multicast OSPF packets, as well as unicast OSPF packets.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Before you begin

Before you start administrating your FortiSwitch unit, it is assumed that you have completed the initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your FortiSwitch model and have administrative access to the FortiSwitch unit’s GUI and CLI.

Introduction

Introduction

This guide provides information about configuring a FortiSwitch unit in standalone mode. In standalone mode, you manage the FortiSwitch unit by connecting directly to the unit, either using the web-based manager (also known as the GUI) or the CLI.

If you will be managing your FortiSwitch unit using a FortiGate unit, refer to the FortiLink Guide—FortiSwitch Devices Managed by FortiOS 7.2.

If you will be managing your FortiSwitch unit using FortiLAN Cloud, see the FortiLAN Cloud User Guide.

If you will be managing your FortiSwitch unit using FortiSwitch Manager, see the FortiSwitch Manager Administration Guide.

This section covers the following topics:

Supported models

This guide is for all FortiSwitch models that are supported by FortiSwitchOS, which includes all of the D-series, E-series, and F-series models.

Whatʼs new in FortiSwitchOS 7.2.2

Release 7.2.2 provides the following new features:

  • You can now specify static entries for DHCP snooping and DAI by manually associating an IP address with a MAC address in the CLI. For more details, see Specify any DHCP-snooping static entries.

  • You can now override the global option-82 setting for DHCP requests by specifying plain text strings for the Circuit ID field and the Remote ID field for a specific VLAN on a port. For more details, see Overriding the option-82 settings for a specific VLAN on a port.

  • You can now use the GUI to configure MLD snooping on FortiSwitch VLANs. For more details, see Configuring MLD snooping on the VLANs.

  • You can now use the following wildcard characters in the set value command for the automation trigger used for an automation stitch:

    • Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

    • Use square brackets to match one of the multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

  • You can now configure multiple fields for the automation trigger used for an automation stitch when the event-type is event-log and the logid is set. The action is only performed if all conditions are valid (using AND logic). For more details, see Configuring automation stitches.

  • You can use a new CLI command to change how a FortiSwitch unit with Power over Ethernet (PoE) disconnects from a powered device:

    config switch physical-port

    edit <port_name>

    set poe-disconnection-type {AC | DC | DC-delay}

    next

    end

    For more details, see Configuring PoE in the CLI.

  • VXLAN tunnels are now supported on FS-3032E.

  • If an unverified firmware image is uploaded to FortiSwitchOS, the following warning is displayed in the GUI: “WARNING: This firmware failed signature validation.”

  • You can now display IPv4 and IPv6 routes by VRF instance on the Router > Monitor > Routing and Router > Monitor > IPv6 Routing pages.

  • The default value for the set dhcp-snoop-client-req command (under config system global) is now drop-untrusted, instead of forward-untrusted.

  • The new set ebgp-requires-policy command (under config router bgp) is set to enable by default, which prevents the BGP router from learning or advertising prefixes from or to its eBGP peers.

  • Under the config router ospf command, set ucast-ttl has been renamed to set ttl. This setting now applies to multicast OSPF packets, as well as unicast OSPF packets.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Before you begin

Before you start administrating your FortiSwitch unit, it is assumed that you have completed the initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your FortiSwitch model and have administrative access to the FortiSwitch unit’s GUI and CLI.