config switch-controller managed-switch
Description: Configure FortiSwitch devices that are managed by this FortiGate.
edit <switch-id>
set name {string}
set description {string}
set switch-profile {string}
set access-profile {string}
set fsw-wan1-peer {string}
set fsw-wan1-admin [discovered|disable|...]
set poe-pre-standard-detection [enable|disable]
set poe-detection-type {integer}
set poe-lldp-detection [enable|disable]
set directly-connected {integer}
set version {integer}
set pre-provisioned {integer}
set dynamic-capability {integer}
set switch-device-tag {string}
set mclag-igmp-snooping-aware [enable|disable]
set dynamically-discovered {integer}
set type [virtual|physical]
set owner-vdom {string}
set flow-identity {user}
set staged-image-version {string}
set delayed-restart-trigger {integer}
config ports
Description: Managed-switch port list.
edit <port-name>
set port-owner {string}
set switch-id {string}
set speed [10half|10full|...]
set status [up|down]
set poe-status [enable|disable]
set poe-pre-standard-detection [enable|disable]
set port-number {integer}
set port-prefix-type {integer}
set fortilink-port {integer}
set poe-capable {integer}
set stacking-port {integer}
set fiber-port {integer}
set flags {integer}
set isl-local-trunk-name {string}
set isl-peer-port-name {string}
set isl-peer-device-name {string}
set fgt-peer-port-name {string}
set fgt-peer-device-name {string}
set vlan {string}
set allowed-vlans-all [enable|disable]
set allowed-vlans <vlan-name1>, <vlan-name2>, ...
set untagged-vlans <vlan-name1>, <vlan-name2>, ...
set type [physical|trunk]
set dhcp-snooping [untrusted|trusted]
set dhcp-snoop-option82-trust [enable|disable]
set arp-inspection-trust [untrusted|trusted]
set igmp-snooping [enable|disable]
set igmps-flood-reports [enable|disable]
set igmps-flood-traffic [enable|disable]
set stp-state [enabled|disabled]
set stp-root-guard [enabled|disabled]
set stp-bpdu-guard [enabled|disabled]
set stp-bpdu-guard-timeout {integer}
set edge-port [enable|disable]
set discard-mode [none|all-untagged|...]
set packet-sampler [enabled|disabled]
set packet-sample-rate {integer}
set sflow-counter-interval {integer}
set sample-direction [tx|rx|...]
set loop-guard [enabled|disabled]
set loop-guard-timeout {integer}
set qos-policy {string}
set storm-control-policy {string}
set port-security-policy {string}
set export-to-pool {string}
set export-tags <tag-name1>, <tag-name2>, ...
set learning-limit {integer}
set sticky-mac [enable|disable]
set lldp-status [disable|rx-only|...]
set lldp-profile {string}
set export-to {string}
set mac-addr {mac-address}
set port-selection-criteria [src-mac|dst-mac|...]
set description {string}
set lacp-speed [slow|fast]
set mode [static|lacp-passive|...]
set bundle [enable|disable]
set member-withdrawal-behavior [forward|block]
set mclag [enable|disable]
set min-bundle {integer}
set max-bundle {integer}
set members <member-name1>, <member-name2>, ...
next
end
config stp-settings
Description: Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
set local-override [enable|disable]
set name {string}
set revision {integer}
set hello-time {integer}
set forward-time {integer}
set max-age {integer}
set max-hops {integer}
set pending-timer {integer}
end
config stp-instance
Description: Configuration method to edit Spanning Tree Protocol (STP) instances.
edit <id>
set priority [0|4096|...]
next
end
set override-snmp-sysinfo [disable|enable]
config snmp-sysinfo
Description: Configuration method to edit Simple Network Management Protocol (SNMP) system info.
set status [disable|enable]
set engine-id {string}
set description {string}
set contact-info {string}
set location {string}
end
set override-snmp-trap-threshold [enable|disable]
config snmp-trap-threshold
Description: Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.
set trap-high-cpu-threshold {integer}
set trap-low-memory-threshold {integer}
set trap-log-full-threshold {integer}
end
set override-snmp-community [enable|disable]
config snmp-community
Description: Configuration method to edit Simple Network Management Protocol (SNMP) communities.
edit <id>
set name {string}
set status [disable|enable]
config hosts
Description: Configure IPv4 SNMP managers (hosts).
edit <id>
set ip {user}
next
end
set query-v1-status [disable|enable]
set query-v1-port {integer}
set query-v2c-status [disable|enable]
set query-v2c-port {integer}
set trap-v1-status [disable|enable]
set trap-v1-lport {integer}
set trap-v1-rport {integer}
set trap-v2c-status [disable|enable]
set trap-v2c-lport {integer}
set trap-v2c-rport {integer}
set events {option1}, {option2}, ...
next
end
set override-snmp-user [enable|disable]
config snmp-user
Description: Configuration method to edit Simple Network Management Protocol (SNMP) users.
edit <name>
set queries [disable|enable]
set query-port {integer}
set security-level [no-auth-no-priv|auth-no-priv|...]
set auth-proto [md5|sha]
set auth-pwd {password}
set priv-proto [aes|des]
set priv-pwd {password}
next
end
config switch-log
Description: Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
set local-override [enable|disable]
set status [enable|disable]
set severity [emergency|alert|...]
end
config remote-log
Description: Configure logging by FortiSwitch device to a remote syslog server.
edit <name>
set status [enable|disable]
set server {string}
set port {integer}
set severity [emergency|alert|...]
set csv [enable|disable]
set facility [kernel|user|...]
next
end
config storm-control
Description: Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
set local-override [enable|disable]
set rate {integer}
set unknown-unicast [enable|disable]
set unknown-multicast [enable|disable]
set broadcast [enable|disable]
end
config mirror
Description: Configuration method to edit FortiSwitch packet mirror.
edit <name>
set status [active|inactive]
set switching-packet [enable|disable]
set dst {string}
set src-ingress <name1>, <name2>, ...
set src-egress <name1>, <name2>, ...
next
end
config static-mac
Description: Configuration method to edit FortiSwitch Static and Sticky MAC.
edit <id>
set type [static|sticky]
set vlan {string}
set mac {mac-address}
set interface {string}
set description {string}
next
end
config custom-command
Description: Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
edit <command-entry>
set command-name {string}
next
end
config igmp-snooping
Description: Configure FortiSwitch IGMP snooping global settings.
set local-override [enable|disable]
set aging-time {integer}
set flood-unknown-multicast [enable|disable]
end
config 802-1X-settings
Description: Configuration method to edit FortiSwitch 802.1X global settings.
set local-override [enable|disable]
set link-down-auth [set-unauth|no-action]
set reauth-period {integer}
set max-reauth-attempt {integer}
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
name | Managed-switch name. | string | Maximum length: 35 |
description | Description. | string | Maximum length: 63 |
switch-profile | FortiSwitch profile. | string | Maximum length: 35 |
access-profile | FortiSwitch access profile. | string | Maximum length: 31 |
fsw-wan1-peer | Fortiswitch WAN1 peer port. | string | Maximum length: 35 |
fsw-wan1-admin | FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. discovered: Link waiting to be authorized. disable: Link unauthorized. enable: Link authorized. |
option | - |
poe-pre-standard-detection | Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection. |
option | - |
poe-detection-type | PoE detection type for FortiSwitch. | integer | Minimum value: 0 Maximum value: 255 |
poe-lldp-detection | Enable/disable PoE LLDP detection. enable: Enable PoE LLDP detection. disable: Disable PoE LLDP detection. |
option | - |
directly-connected | Directly connected FortiSwitch. | integer | Minimum value: 0 Maximum value: 1 |
version | FortiSwitch version. | integer | Minimum value: 0 Maximum value: 255 |
pre-provisioned | Pre-provisioned managed switch. | integer | Minimum value: 0 Maximum value: 255 |
dynamic-capability | List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. | integer | Minimum value: 0 Maximum value: 4294967295 |
switch-device-tag | User definable label/tag. | string | Maximum length: 32 |
mclag-igmp-snooping-aware | Enable/disable MCLAG IGMP-snooping awareness. enable: Enable MCLAG IGMP-snooping awareness. disable: Disable MCLAG IGMP-snooping awareness. |
option | - |
dynamically-discovered | Dynamically discovered FortiSwitch. | integer | Minimum value: 0 Maximum value: 1 |
type | Indication of switch type, physical or virtual. virtual: Switch is of type virtual. physical: Switch is of type physical. |
option | - |
owner-vdom | VDOM which owner of port belongs to. | string | Maximum length: 31 |
flow-identity | Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF default=0). | user | Not Specified |
staged-image-version | Staged image version for FortiSwitch. | string | Maximum length: 127 |
delayed-restart-trigger | Delayed restart triggered for this FortiSwitch. | integer | Minimum value: 0 Maximum value: 255 |
override-snmp-sysinfo | Enable/disable overriding the global SNMP system information. disable: Use the global SNMP system information. enable: Override the global SNMP system information. |
option | - |
override-snmp-trap-threshold | Enable/disable overriding the global SNMP trap threshold values. enable: Override the global SNMP trap threshold values. disable: Use the global SNMP trap threshold values. |
option | - |
override-snmp-community | Enable/disable overriding the global SNMP communities. enable: Override the global SNMP communities. disable: Use the global SNMP communities. |
option | - |
override-snmp-user | Enable/disable overriding the global SNMP users. enable: Override the global SNMPv3 users. disable: Use the global SNMPv3 users. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
port-owner | Switch port name. | string | Maximum length: 15 |
switch-id | Switch id. | string | Maximum length: 16 |
speed | Switch port speed; default and available settings depend on hardware. 10half: 10M half-duplex. 10full: 10M full-duplex. 100half: 100M half-duplex. 100full: 100M full-duplex. 1000auto: Auto-negotiation (1G full-duplex only). 1000fiber: 1G full-duplex (fiber SFPs only) 1000full: 1G full-duplex 10000: 10G full-duplex 40000: 40G full-duplex auto: Auto-negotiation. auto-module: Auto Module. 100FX-half: 100Mbps half-duplex.100Base-FX. 100FX-full: 100Mbps full-duplex.100Base-FX. 100000full: 100Gbps full-duplex. 2500auto: Auto-Negotiation (2.5Gbps Only). 25000full: 25Gbps full-duplex. 50000full: 50Gbps full-duplex. 10000cr: 10Gbps copper interface. 10000sr: 10Gbps SFI interface. 100000sr4: 100Gbps SFI interface. 100000cr4: 100Gbps copper interface. 25000cr4: 25Gbps copper interface. 25000sr4: 25Gbps SFI interface. 5000full: 5Gbps full-duplex. |
option | - |
status | Switch port admin status: up or down. up: Set admin status up. down: Set admin status down. |
option | - |
poe-status | Enable/disable PoE status. enable: Enable PoE status. disable: Disable PoE status. |
option | - |
poe-pre-standard-detection | Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection. |
option | - |
port-number | Port number. | integer | Minimum value: 1 Maximum value: 64 |
port-prefix-type | Port prefix type. | integer | Minimum value: 0 Maximum value: 1 |
fortilink-port | FortiLink uplink port. | integer | Minimum value: 0 Maximum value: 1 |
poe-capable | PoE capable. | integer | Minimum value: 0 Maximum value: 1 |
stacking-port | Stacking port. | integer | Minimum value: 0 Maximum value: 1 |
fiber-port | Fiber-port. | integer | Minimum value: 0 Maximum value: 1 |
flags | Port properties flags. | integer | Minimum value: 0 Maximum value: 4294967295 |
isl-local-trunk-name | ISL local trunk name. | string | Maximum length: 15 |
isl-peer-port-name | ISL peer port name. | string | Maximum length: 15 |
isl-peer-device-name | ISL peer device name. | string | Maximum length: 16 |
fgt-peer-port-name | FGT peer port name. | string | Maximum length: 15 |
fgt-peer-device-name | FGT peer device name. | string | Maximum length: 16 |
vlan | Assign switch ports to a VLAN. | string | Maximum length: 15 |
allowed-vlans-all | Enable/disable all defined vlans on this port. enable: Enable all defined VLANs on this port. disable: Disable all defined VLANs on this port. |
option | - |
allowed-vlans <vlan-name> |
Configure switch port tagged vlans VLAN name. |
string | Maximum length: 79 |
untagged-vlans <vlan-name> |
Configure switch port untagged vlans VLAN name. |
string | Maximum length: 79 |
type | Interface type: physical or trunk port. physical: Physical port. trunk: Trunk port. |
option | - |
dhcp-snooping | Trusted or untrusted DHCP-snooping interface. untrusted: Untrusted DHCP snooping interface. trusted: Trusted DHCP snooping interface. |
option | - |
dhcp-snoop-option82-trust | Enable/disable allowance of DHCP with option-82 on untrusted interface. enable: Enable allowance of DHCP with option-82 on untrusted interface. disable: Disable allowance of DHCP with option-82 on untrusted interface. |
option | - |
arp-inspection-trust | Trusted or untrusted dynamic ARP inspection. untrusted: Untrusted dynamic ARP inspection. trusted: Trusted dynamic ARP inspection. |
option | - |
igmp-snooping | Set IGMP snooping mode for the physical port interface. enable: Interface takes part in IGMP snooping. disable: Interface does not take part in IGMP snooping. |
option | - |
igmps-flood-reports | Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. enable: Enable flooding of IGMP snooping reports to this interface. disable: Disable flooding of IGMP snooping reports to this interface. |
option | - |
igmps-flood-traffic | Enable/disable flooding of IGMP snooping traffic to this interface. enable: Enable flooding of IGMP snooping traffic to this interface. disable: Disable flooding of IGMP snooping traffic to this interface. |
option | - |
stp-state | Enable/disable Spanning Tree Protocol (STP) on this interface. enabled: Enable STP on this interface. disabled: Disable STP on this interface. |
option | - |
stp-root-guard | Enable/disable STP root guard on this interface. enabled: Enable STP root-guard on this interface. disabled: Disable STP root-guard on this interface. |
option | - |
stp-bpdu-guard | Enable/disable STP BPDU guard on this interface. enabled: Enable STP BPDU guard on this interface. disabled: Disable STP BPDU guard on this interface. |
option | - |
stp-bpdu-guard-timeout | BPDU Guard disabling protection (0 - 120 min). | integer | Minimum value: 0 Maximum value: 120 |
edge-port | Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. enable: Enable this interface as an edge port. disable: Disable this interface as an edge port. |
option | - |
discard-mode | Configure discard mode for port. none: Discard disabled. all-untagged: Discard all frames that are untagged. all-tagged: Discard all frames that are tagged. |
option | - |
packet-sampler | Enable/disable packet sampling on this interface. enabled: Enable packet sampling on this interface. disabled: Disable packet sampling on this interface. |
option | - |
packet-sample-rate | Packet sampling rate (0 - 99999 p/sec). | integer | Minimum value: 0 Maximum value: 99999 |
sflow-counter-interval | sFlow sampling counter polling interval (0 - 255 sec). | integer | Minimum value: 0 Maximum value: 255 |
sample-direction | Packet sampling direction. tx: Monitor transmitted traffic. rx: Monitor received traffic. both: Monitor transmitted and received traffic. |
option | - |
loop-guard | Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. enabled: Enable loop-guard on this interface. disabled: Disable loop-guard on this interface. |
option | - |
loop-guard-timeout | Loop-guard timeout (0 - 120 min, default = 45). | integer | Minimum value: 0 Maximum value: 120 |
qos-policy | Switch controller QoS policy from available options. | string | Maximum length: 63 |
storm-control-policy | Switch controller storm control policy from available options. | string | Maximum length: 63 |
port-security-policy | Switch controller authentication policy to apply to this managed switch from available options. | string | Maximum length: 31 |
export-to-pool | Switch controller export port to pool-list. | string | Maximum length: 35 |
export-tags <tag-name> |
Configure export tag(s) for FortiSwitch port when exported to a virtual pool. FortiSwitch port tag name when exported to a virtual pool. |
string | Maximum length: 63 |
learning-limit | Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). | integer | Minimum value: 0 Maximum value: 128 |
sticky-mac | Enable or disable sticky-mac on the interface. enable: Enable sticky mac on the interface. disable: Disable sticky mac on the interface. |
option | - |
lldp-status | LLDP transmit and receive status. disable: Disable LLDP TX and RX. rx-only: Enable LLDP as RX only. tx-only: Enable LLDP as TX only. tx-rx: Enable LLDP TX and RX. |
option | - |
lldp-profile | LLDP port TLV profile. | string | Maximum length: 63 |
export-to | Export managed-switch port to a tenant VDOM. | string | Maximum length: 31 |
mac-addr | Port/Trunk MAC. | mac-address | Not Specified |
port-selection-criteria | Algorithm for aggregate port selection. src-mac: Source MAC address. dst-mac: Destination MAC address. src-dst-mac: Source and destination MAC address. src-ip: Source IP address. dst-ip: Destination IP address. src-dst-ip: Source and destination IP address. |
option | - |
description | Description for port. | string | Maximum length: 63 |
lacp-speed | end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). slow: Send LACP message every 30 seconds. fast: Send LACP message every second. |
option | - |
mode | LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. static: Static aggregation, do not send and ignore any control messages. lacp-passive: Passively use LACP to negotiate 802.3ad aggregation. lacp-active: Actively use LACP to negotiate 802.3ad aggregation. |
option | - |
bundle | Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. enable: Enable bundling. disable: Disable bundling. |
option | - |
member-withdrawal-behavior | Port behavior after it withdraws because of loss of control packets. forward: Forward traffic. block: Block traffic. |
option | - |
mclag | Enable/disable multi-chassis link aggregation (MCLAG). enable: Enable MCLAG. disable: Disable MCLAG. |
option | - |
min-bundle | Minimum size of LAG bundle (1 - 24, default = 1) | integer | Minimum value: 1 Maximum value: 24 |
max-bundle | Maximum size of LAG bundle (1 - 24, default = 24) | integer | Minimum value: 1 Maximum value: 24 |
members <member-name> |
Aggregated LAG bundle interfaces. Interface name from available options. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to configure local STP settings that override global STP settings. enable: Override global STP settings. disable: Use global STP settings. |
option | - |
name | Name of local STP settings configuration. | string | Maximum length: 31 |
revision | STP revision number (0 - 65535). | integer | Minimum value: 0 Maximum value: 65535 |
hello-time | Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2). | integer | Minimum value: 1 Maximum value: 10 |
forward-time | Period of time a port is in listening and learning state (4 - 30 sec, default = 15). | integer | Minimum value: 4 Maximum value: 30 |
max-age | Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20). | integer | Minimum value: 6 Maximum value: 40 |
max-hops | Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20). | integer | Minimum value: 1 Maximum value: 40 |
pending-timer | Pending time (1 - 15 sec, default = 4). | integer | Minimum value: 1 Maximum value: 15 |
Parameter Name | Description | Type | Size |
---|---|---|---|
priority | Priority. 0: 0. 4096: 4096. 8192: 8192. 12288: 12288. 16384: 16384. 20480: 20480. 24576: 24576. 28672: 28672. 32768: 32768. 36864: 36864. 40960: 40960. 45056: 45056. 49152: 49152. 53248: 53248. 57344: 57344. 61440: 61440. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable SNMP. disable: Disable SNMP. enable: Enable SNMP. |
option | - |
engine-id | Local SNMP engine ID string (max 24 char). | string | Maximum length: 24 |
description | System description. | string | Maximum length: 35 |
contact-info | Contact information. | string | Maximum length: 35 |
location | System location. | string | Maximum length: 35 |
Parameter Name | Description | Type | Size |
---|---|---|---|
trap-high-cpu-threshold | CPU usage when trap is sent. | integer | Minimum value: 0 Maximum value: 4294967295 |
trap-low-memory-threshold | Memory usage when trap is sent. | integer | Minimum value: 0 Maximum value: 4294967295 |
trap-log-full-threshold | Log disk usage when trap is sent. | integer | Minimum value: 0 Maximum value: 4294967295 |
Parameter Name | Description | Type | Size |
---|---|---|---|
name | SNMP community name. | string | Maximum length: 35 |
status | Enable/disable this SNMP community. disable: Disable SNMP community. enable: Enable SNMP community. |
option | - |
query-v1-status | Enable/disable SNMP v1 queries. disable: Disable SNMP v1 queries. enable: Enable SNMP v1 queries. |
option | - |
query-v1-port | SNMP v1 query port (default = 161). | integer | Minimum value: 0 Maximum value: 65535 |
query-v2c-status | Enable/disable SNMP v2c queries. disable: Disable SNMP v2c queries. enable: Enable SNMP v2c queries. |
option | - |
query-v2c-port | SNMP v2c query port (default = 161). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v1-status | Enable/disable SNMP v1 traps. disable: Disable SNMP v1 traps. enable: Enable SNMP v1 traps. |
option | - |
trap-v1-lport | SNMP v2c trap local port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v1-rport | SNMP v2c trap remote port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v2c-status | Enable/disable SNMP v2c traps. disable: Disable SNMP v2c traps. enable: Enable SNMP v2c traps. |
option | - |
trap-v2c-lport | SNMP v2c trap local port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v2c-rport | SNMP v2c trap remote port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
events | SNMP notifications (traps) to send. cpu-high: Send a trap when CPU usage too high. mem-low: Send a trap when available memory is low. log-full: Send a trap when log disk space becomes low. intf-ip: Send a trap when an interface IP address is changed. ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133). |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ip | IPv4 address of the SNMP manager (host). | user | Not Specified |
Parameter Name | Description | Type | Size |
---|---|---|---|
queries | Enable/disable SNMP queries for this user. disable: Disable SNMP queries for this user. enable: Enable SNMP queries for this user. |
option | - |
query-port | SNMPv3 query port (default = 161). | integer | Minimum value: 0 Maximum value: 65535 |
security-level | Security level for message authentication and encryption. no-auth-no-priv: Message with no authentication and no privacy (encryption). auth-no-priv: Message with authentication but no privacy (encryption). auth-priv: Message with authentication and privacy (encryption). |
option | - |
auth-proto | Authentication protocol. md5: HMAC-MD5-96 authentication protocol. sha: HMAC-SHA-96 authentication protocol. |
option | - |
auth-pwd | Password for authentication protocol. | password | Not Specified |
priv-proto | Privacy (encryption) protocol. aes: CFB128-AES-128 symmetric encryption protocol. des: CBC-DES symmetric encryption protocol. |
option | - |
priv-pwd | Password for privacy (encryption) protocol. | password | Not Specified |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to configure local logging settings that override global logging settings. enable: Override global logging settings. disable: Use global logging settings. |
option | - |
status | Enable/disable adding FortiSwitch logs to the FortiGate event log. enable: Add FortiSwitch logs to the FortiGate event log. disable: Do not add FortiSwitch logs to the FortiGate event log. |
option | - |
severity | Severity of FortiSwitch logs that are added to the FortiGate event log. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable logging by FortiSwitch device to a remote syslog server. enable: Enable logging by FortiSwitch device to a remote syslog server. disable: Disable logging by FortiSwitch device to a remote syslog server. |
option | - |
server | IPv4 address of the remote syslog server. | string | Maximum length: 63 |
port | Remote syslog server listening port. | integer | Minimum value: 0 Maximum value: 65535 |
severity | Severity of logs to be transferred to remote log server. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level. |
option | - |
csv | Enable/disable comma-separated value (CSV) strings. enable: Enable comma-separated value (CSV) strings. disable: Disable comma-separated value (CSV) strings. |
option | - |
facility | Facility to log to remote syslog server. kernel: Kernel messages. user: Random user-level messages. mail: Mail system. daemon: System daemons. auth: Security/authorization messages. syslog: Messages generated internally by syslogd. lpr: Line printer subsystem. news: Network news subsystem. uucp: UUCP server messages. cron: Clock daemon. authpriv: Security/authorization messages (private). ftp: FTP daemon. ntp: NTP daemon. audit: Log audit. alert: Log alert. clock: Clock daemon. local0: Reserved for local use. local1: Reserved for local use. local2: Reserved for local use. local3: Reserved for local use. local4: Reserved for local use. local5: Reserved for local use. local6: Reserved for local use. local7: Reserved for local use. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to override global FortiSwitch storm control settings for this FortiSwitch. enable: Override global storm control settings. disable: Use global storm control settings. |
option | - |
rate | Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold. | integer | Minimum value: 1 Maximum value: 10000000 |
unknown-unicast | Enable/disable storm control to drop unknown unicast traffic. enable: Drop unknown unicast traffic. disable: Allow unknown unicast traffic. |
option | - |
unknown-multicast | Enable/disable storm control to drop unknown multicast traffic. enable: Drop unknown multicast traffic. disable: Allow unknown multicast traffic. |
option | - |
broadcast | Enable/disable storm control to drop broadcast traffic. enable: Drop broadcast traffic. disable: Allow broadcast traffic. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Active/inactive mirror configuration. active: Activate mirror configuration. inactive: Deactivate mirror configuration. |
option | - |
switching-packet | Enable/disable switching functionality when mirroring. enable: Enable switching functionality when mirroring. disable: Disable switching functionality when mirroring. |
option | - |
dst | Destination port. | string | Maximum length: 63 |
src-ingress <name> |
Source ingress interfaces. Interface name. |
string | Maximum length: 79 |
src-egress <name> |
Source egress interfaces. Interface name. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
type | Type. static: Static MAC. sticky: Sticky MAC. |
option | - |
vlan | Vlan. | string | Maximum length: 15 |
mac | MAC address. | mac-address | Not Specified |
interface | Interface name. | string | Maximum length: 35 |
description | Description. | string | Maximum length: 63 |
Parameter Name | Description | Type | Size |
---|---|---|---|
command-name | Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. | string | Maximum length: 35 |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable/disable overriding the global IGMP snooping configuration. enable: Override the global IGMP snooping configuration. disable: Use the global IGMP snooping configuration. |
option | - |
aging-time | Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300). | integer | Minimum value: 15 Maximum value: 3600 |
flood-unknown-multicast | Enable/disable unknown multicast flooding. enable: Enable unknown multicast flooding. disable: Disable unknown multicast flooding. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to override global 802.1X settings on individual FortiSwitches. enable: Override global 802.1X settings. disable: Use global 802.1X settings. |
option | - |
link-down-auth | Authentication state to set if a link is down. set-unauth: Interface set to unauth when down. Reauthentication is needed. no-action: Interface reauthentication is not needed. |
option | - |
reauth-period | Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable). | integer | Minimum value: 0 Maximum value: 1440 |
max-reauth-attempt | Maximum number of authentication attempts (0 - 15, default = 3). | integer | Minimum value: 0 Maximum value: 15 |
config switch-controller managed-switch
Description: Configure FortiSwitch devices that are managed by this FortiGate.
edit <switch-id>
set name {string}
set description {string}
set switch-profile {string}
set access-profile {string}
set fsw-wan1-peer {string}
set fsw-wan1-admin [discovered|disable|...]
set poe-pre-standard-detection [enable|disable]
set poe-detection-type {integer}
set poe-lldp-detection [enable|disable]
set directly-connected {integer}
set version {integer}
set pre-provisioned {integer}
set dynamic-capability {integer}
set switch-device-tag {string}
set mclag-igmp-snooping-aware [enable|disable]
set dynamically-discovered {integer}
set type [virtual|physical]
set owner-vdom {string}
set flow-identity {user}
set staged-image-version {string}
set delayed-restart-trigger {integer}
config ports
Description: Managed-switch port list.
edit <port-name>
set port-owner {string}
set switch-id {string}
set speed [10half|10full|...]
set status [up|down]
set poe-status [enable|disable]
set poe-pre-standard-detection [enable|disable]
set port-number {integer}
set port-prefix-type {integer}
set fortilink-port {integer}
set poe-capable {integer}
set stacking-port {integer}
set fiber-port {integer}
set flags {integer}
set isl-local-trunk-name {string}
set isl-peer-port-name {string}
set isl-peer-device-name {string}
set fgt-peer-port-name {string}
set fgt-peer-device-name {string}
set vlan {string}
set allowed-vlans-all [enable|disable]
set allowed-vlans <vlan-name1>, <vlan-name2>, ...
set untagged-vlans <vlan-name1>, <vlan-name2>, ...
set type [physical|trunk]
set dhcp-snooping [untrusted|trusted]
set dhcp-snoop-option82-trust [enable|disable]
set arp-inspection-trust [untrusted|trusted]
set igmp-snooping [enable|disable]
set igmps-flood-reports [enable|disable]
set igmps-flood-traffic [enable|disable]
set stp-state [enabled|disabled]
set stp-root-guard [enabled|disabled]
set stp-bpdu-guard [enabled|disabled]
set stp-bpdu-guard-timeout {integer}
set edge-port [enable|disable]
set discard-mode [none|all-untagged|...]
set packet-sampler [enabled|disabled]
set packet-sample-rate {integer}
set sflow-counter-interval {integer}
set sample-direction [tx|rx|...]
set loop-guard [enabled|disabled]
set loop-guard-timeout {integer}
set qos-policy {string}
set storm-control-policy {string}
set port-security-policy {string}
set export-to-pool {string}
set export-tags <tag-name1>, <tag-name2>, ...
set learning-limit {integer}
set sticky-mac [enable|disable]
set lldp-status [disable|rx-only|...]
set lldp-profile {string}
set export-to {string}
set mac-addr {mac-address}
set port-selection-criteria [src-mac|dst-mac|...]
set description {string}
set lacp-speed [slow|fast]
set mode [static|lacp-passive|...]
set bundle [enable|disable]
set member-withdrawal-behavior [forward|block]
set mclag [enable|disable]
set min-bundle {integer}
set max-bundle {integer}
set members <member-name1>, <member-name2>, ...
next
end
config stp-settings
Description: Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
set local-override [enable|disable]
set name {string}
set revision {integer}
set hello-time {integer}
set forward-time {integer}
set max-age {integer}
set max-hops {integer}
set pending-timer {integer}
end
config stp-instance
Description: Configuration method to edit Spanning Tree Protocol (STP) instances.
edit <id>
set priority [0|4096|...]
next
end
set override-snmp-sysinfo [disable|enable]
config snmp-sysinfo
Description: Configuration method to edit Simple Network Management Protocol (SNMP) system info.
set status [disable|enable]
set engine-id {string}
set description {string}
set contact-info {string}
set location {string}
end
set override-snmp-trap-threshold [enable|disable]
config snmp-trap-threshold
Description: Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.
set trap-high-cpu-threshold {integer}
set trap-low-memory-threshold {integer}
set trap-log-full-threshold {integer}
end
set override-snmp-community [enable|disable]
config snmp-community
Description: Configuration method to edit Simple Network Management Protocol (SNMP) communities.
edit <id>
set name {string}
set status [disable|enable]
config hosts
Description: Configure IPv4 SNMP managers (hosts).
edit <id>
set ip {user}
next
end
set query-v1-status [disable|enable]
set query-v1-port {integer}
set query-v2c-status [disable|enable]
set query-v2c-port {integer}
set trap-v1-status [disable|enable]
set trap-v1-lport {integer}
set trap-v1-rport {integer}
set trap-v2c-status [disable|enable]
set trap-v2c-lport {integer}
set trap-v2c-rport {integer}
set events {option1}, {option2}, ...
next
end
set override-snmp-user [enable|disable]
config snmp-user
Description: Configuration method to edit Simple Network Management Protocol (SNMP) users.
edit <name>
set queries [disable|enable]
set query-port {integer}
set security-level [no-auth-no-priv|auth-no-priv|...]
set auth-proto [md5|sha]
set auth-pwd {password}
set priv-proto [aes|des]
set priv-pwd {password}
next
end
config switch-log
Description: Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
set local-override [enable|disable]
set status [enable|disable]
set severity [emergency|alert|...]
end
config remote-log
Description: Configure logging by FortiSwitch device to a remote syslog server.
edit <name>
set status [enable|disable]
set server {string}
set port {integer}
set severity [emergency|alert|...]
set csv [enable|disable]
set facility [kernel|user|...]
next
end
config storm-control
Description: Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
set local-override [enable|disable]
set rate {integer}
set unknown-unicast [enable|disable]
set unknown-multicast [enable|disable]
set broadcast [enable|disable]
end
config mirror
Description: Configuration method to edit FortiSwitch packet mirror.
edit <name>
set status [active|inactive]
set switching-packet [enable|disable]
set dst {string}
set src-ingress <name1>, <name2>, ...
set src-egress <name1>, <name2>, ...
next
end
config static-mac
Description: Configuration method to edit FortiSwitch Static and Sticky MAC.
edit <id>
set type [static|sticky]
set vlan {string}
set mac {mac-address}
set interface {string}
set description {string}
next
end
config custom-command
Description: Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
edit <command-entry>
set command-name {string}
next
end
config igmp-snooping
Description: Configure FortiSwitch IGMP snooping global settings.
set local-override [enable|disable]
set aging-time {integer}
set flood-unknown-multicast [enable|disable]
end
config 802-1X-settings
Description: Configuration method to edit FortiSwitch 802.1X global settings.
set local-override [enable|disable]
set link-down-auth [set-unauth|no-action]
set reauth-period {integer}
set max-reauth-attempt {integer}
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
name | Managed-switch name. | string | Maximum length: 35 |
description | Description. | string | Maximum length: 63 |
switch-profile | FortiSwitch profile. | string | Maximum length: 35 |
access-profile | FortiSwitch access profile. | string | Maximum length: 31 |
fsw-wan1-peer | Fortiswitch WAN1 peer port. | string | Maximum length: 35 |
fsw-wan1-admin | FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. discovered: Link waiting to be authorized. disable: Link unauthorized. enable: Link authorized. |
option | - |
poe-pre-standard-detection | Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection. |
option | - |
poe-detection-type | PoE detection type for FortiSwitch. | integer | Minimum value: 0 Maximum value: 255 |
poe-lldp-detection | Enable/disable PoE LLDP detection. enable: Enable PoE LLDP detection. disable: Disable PoE LLDP detection. |
option | - |
directly-connected | Directly connected FortiSwitch. | integer | Minimum value: 0 Maximum value: 1 |
version | FortiSwitch version. | integer | Minimum value: 0 Maximum value: 255 |
pre-provisioned | Pre-provisioned managed switch. | integer | Minimum value: 0 Maximum value: 255 |
dynamic-capability | List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. | integer | Minimum value: 0 Maximum value: 4294967295 |
switch-device-tag | User definable label/tag. | string | Maximum length: 32 |
mclag-igmp-snooping-aware | Enable/disable MCLAG IGMP-snooping awareness. enable: Enable MCLAG IGMP-snooping awareness. disable: Disable MCLAG IGMP-snooping awareness. |
option | - |
dynamically-discovered | Dynamically discovered FortiSwitch. | integer | Minimum value: 0 Maximum value: 1 |
type | Indication of switch type, physical or virtual. virtual: Switch is of type virtual. physical: Switch is of type physical. |
option | - |
owner-vdom | VDOM which owner of port belongs to. | string | Maximum length: 31 |
flow-identity | Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF default=0). | user | Not Specified |
staged-image-version | Staged image version for FortiSwitch. | string | Maximum length: 127 |
delayed-restart-trigger | Delayed restart triggered for this FortiSwitch. | integer | Minimum value: 0 Maximum value: 255 |
override-snmp-sysinfo | Enable/disable overriding the global SNMP system information. disable: Use the global SNMP system information. enable: Override the global SNMP system information. |
option | - |
override-snmp-trap-threshold | Enable/disable overriding the global SNMP trap threshold values. enable: Override the global SNMP trap threshold values. disable: Use the global SNMP trap threshold values. |
option | - |
override-snmp-community | Enable/disable overriding the global SNMP communities. enable: Override the global SNMP communities. disable: Use the global SNMP communities. |
option | - |
override-snmp-user | Enable/disable overriding the global SNMP users. enable: Override the global SNMPv3 users. disable: Use the global SNMPv3 users. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
port-owner | Switch port name. | string | Maximum length: 15 |
switch-id | Switch id. | string | Maximum length: 16 |
speed | Switch port speed; default and available settings depend on hardware. 10half: 10M half-duplex. 10full: 10M full-duplex. 100half: 100M half-duplex. 100full: 100M full-duplex. 1000auto: Auto-negotiation (1G full-duplex only). 1000fiber: 1G full-duplex (fiber SFPs only) 1000full: 1G full-duplex 10000: 10G full-duplex 40000: 40G full-duplex auto: Auto-negotiation. auto-module: Auto Module. 100FX-half: 100Mbps half-duplex.100Base-FX. 100FX-full: 100Mbps full-duplex.100Base-FX. 100000full: 100Gbps full-duplex. 2500auto: Auto-Negotiation (2.5Gbps Only). 25000full: 25Gbps full-duplex. 50000full: 50Gbps full-duplex. 10000cr: 10Gbps copper interface. 10000sr: 10Gbps SFI interface. 100000sr4: 100Gbps SFI interface. 100000cr4: 100Gbps copper interface. 25000cr4: 25Gbps copper interface. 25000sr4: 25Gbps SFI interface. 5000full: 5Gbps full-duplex. |
option | - |
status | Switch port admin status: up or down. up: Set admin status up. down: Set admin status down. |
option | - |
poe-status | Enable/disable PoE status. enable: Enable PoE status. disable: Disable PoE status. |
option | - |
poe-pre-standard-detection | Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection. |
option | - |
port-number | Port number. | integer | Minimum value: 1 Maximum value: 64 |
port-prefix-type | Port prefix type. | integer | Minimum value: 0 Maximum value: 1 |
fortilink-port | FortiLink uplink port. | integer | Minimum value: 0 Maximum value: 1 |
poe-capable | PoE capable. | integer | Minimum value: 0 Maximum value: 1 |
stacking-port | Stacking port. | integer | Minimum value: 0 Maximum value: 1 |
fiber-port | Fiber-port. | integer | Minimum value: 0 Maximum value: 1 |
flags | Port properties flags. | integer | Minimum value: 0 Maximum value: 4294967295 |
isl-local-trunk-name | ISL local trunk name. | string | Maximum length: 15 |
isl-peer-port-name | ISL peer port name. | string | Maximum length: 15 |
isl-peer-device-name | ISL peer device name. | string | Maximum length: 16 |
fgt-peer-port-name | FGT peer port name. | string | Maximum length: 15 |
fgt-peer-device-name | FGT peer device name. | string | Maximum length: 16 |
vlan | Assign switch ports to a VLAN. | string | Maximum length: 15 |
allowed-vlans-all | Enable/disable all defined vlans on this port. enable: Enable all defined VLANs on this port. disable: Disable all defined VLANs on this port. |
option | - |
allowed-vlans <vlan-name> |
Configure switch port tagged vlans VLAN name. |
string | Maximum length: 79 |
untagged-vlans <vlan-name> |
Configure switch port untagged vlans VLAN name. |
string | Maximum length: 79 |
type | Interface type: physical or trunk port. physical: Physical port. trunk: Trunk port. |
option | - |
dhcp-snooping | Trusted or untrusted DHCP-snooping interface. untrusted: Untrusted DHCP snooping interface. trusted: Trusted DHCP snooping interface. |
option | - |
dhcp-snoop-option82-trust | Enable/disable allowance of DHCP with option-82 on untrusted interface. enable: Enable allowance of DHCP with option-82 on untrusted interface. disable: Disable allowance of DHCP with option-82 on untrusted interface. |
option | - |
arp-inspection-trust | Trusted or untrusted dynamic ARP inspection. untrusted: Untrusted dynamic ARP inspection. trusted: Trusted dynamic ARP inspection. |
option | - |
igmp-snooping | Set IGMP snooping mode for the physical port interface. enable: Interface takes part in IGMP snooping. disable: Interface does not take part in IGMP snooping. |
option | - |
igmps-flood-reports | Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. enable: Enable flooding of IGMP snooping reports to this interface. disable: Disable flooding of IGMP snooping reports to this interface. |
option | - |
igmps-flood-traffic | Enable/disable flooding of IGMP snooping traffic to this interface. enable: Enable flooding of IGMP snooping traffic to this interface. disable: Disable flooding of IGMP snooping traffic to this interface. |
option | - |
stp-state | Enable/disable Spanning Tree Protocol (STP) on this interface. enabled: Enable STP on this interface. disabled: Disable STP on this interface. |
option | - |
stp-root-guard | Enable/disable STP root guard on this interface. enabled: Enable STP root-guard on this interface. disabled: Disable STP root-guard on this interface. |
option | - |
stp-bpdu-guard | Enable/disable STP BPDU guard on this interface. enabled: Enable STP BPDU guard on this interface. disabled: Disable STP BPDU guard on this interface. |
option | - |
stp-bpdu-guard-timeout | BPDU Guard disabling protection (0 - 120 min). | integer | Minimum value: 0 Maximum value: 120 |
edge-port | Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. enable: Enable this interface as an edge port. disable: Disable this interface as an edge port. |
option | - |
discard-mode | Configure discard mode for port. none: Discard disabled. all-untagged: Discard all frames that are untagged. all-tagged: Discard all frames that are tagged. |
option | - |
packet-sampler | Enable/disable packet sampling on this interface. enabled: Enable packet sampling on this interface. disabled: Disable packet sampling on this interface. |
option | - |
packet-sample-rate | Packet sampling rate (0 - 99999 p/sec). | integer | Minimum value: 0 Maximum value: 99999 |
sflow-counter-interval | sFlow sampling counter polling interval (0 - 255 sec). | integer | Minimum value: 0 Maximum value: 255 |
sample-direction | Packet sampling direction. tx: Monitor transmitted traffic. rx: Monitor received traffic. both: Monitor transmitted and received traffic. |
option | - |
loop-guard | Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. enabled: Enable loop-guard on this interface. disabled: Disable loop-guard on this interface. |
option | - |
loop-guard-timeout | Loop-guard timeout (0 - 120 min, default = 45). | integer | Minimum value: 0 Maximum value: 120 |
qos-policy | Switch controller QoS policy from available options. | string | Maximum length: 63 |
storm-control-policy | Switch controller storm control policy from available options. | string | Maximum length: 63 |
port-security-policy | Switch controller authentication policy to apply to this managed switch from available options. | string | Maximum length: 31 |
export-to-pool | Switch controller export port to pool-list. | string | Maximum length: 35 |
export-tags <tag-name> |
Configure export tag(s) for FortiSwitch port when exported to a virtual pool. FortiSwitch port tag name when exported to a virtual pool. |
string | Maximum length: 63 |
learning-limit | Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). | integer | Minimum value: 0 Maximum value: 128 |
sticky-mac | Enable or disable sticky-mac on the interface. enable: Enable sticky mac on the interface. disable: Disable sticky mac on the interface. |
option | - |
lldp-status | LLDP transmit and receive status. disable: Disable LLDP TX and RX. rx-only: Enable LLDP as RX only. tx-only: Enable LLDP as TX only. tx-rx: Enable LLDP TX and RX. |
option | - |
lldp-profile | LLDP port TLV profile. | string | Maximum length: 63 |
export-to | Export managed-switch port to a tenant VDOM. | string | Maximum length: 31 |
mac-addr | Port/Trunk MAC. | mac-address | Not Specified |
port-selection-criteria | Algorithm for aggregate port selection. src-mac: Source MAC address. dst-mac: Destination MAC address. src-dst-mac: Source and destination MAC address. src-ip: Source IP address. dst-ip: Destination IP address. src-dst-ip: Source and destination IP address. |
option | - |
description | Description for port. | string | Maximum length: 63 |
lacp-speed | end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). slow: Send LACP message every 30 seconds. fast: Send LACP message every second. |
option | - |
mode | LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. static: Static aggregation, do not send and ignore any control messages. lacp-passive: Passively use LACP to negotiate 802.3ad aggregation. lacp-active: Actively use LACP to negotiate 802.3ad aggregation. |
option | - |
bundle | Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. enable: Enable bundling. disable: Disable bundling. |
option | - |
member-withdrawal-behavior | Port behavior after it withdraws because of loss of control packets. forward: Forward traffic. block: Block traffic. |
option | - |
mclag | Enable/disable multi-chassis link aggregation (MCLAG). enable: Enable MCLAG. disable: Disable MCLAG. |
option | - |
min-bundle | Minimum size of LAG bundle (1 - 24, default = 1) | integer | Minimum value: 1 Maximum value: 24 |
max-bundle | Maximum size of LAG bundle (1 - 24, default = 24) | integer | Minimum value: 1 Maximum value: 24 |
members <member-name> |
Aggregated LAG bundle interfaces. Interface name from available options. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to configure local STP settings that override global STP settings. enable: Override global STP settings. disable: Use global STP settings. |
option | - |
name | Name of local STP settings configuration. | string | Maximum length: 31 |
revision | STP revision number (0 - 65535). | integer | Minimum value: 0 Maximum value: 65535 |
hello-time | Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2). | integer | Minimum value: 1 Maximum value: 10 |
forward-time | Period of time a port is in listening and learning state (4 - 30 sec, default = 15). | integer | Minimum value: 4 Maximum value: 30 |
max-age | Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20). | integer | Minimum value: 6 Maximum value: 40 |
max-hops | Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20). | integer | Minimum value: 1 Maximum value: 40 |
pending-timer | Pending time (1 - 15 sec, default = 4). | integer | Minimum value: 1 Maximum value: 15 |
Parameter Name | Description | Type | Size |
---|---|---|---|
priority | Priority. 0: 0. 4096: 4096. 8192: 8192. 12288: 12288. 16384: 16384. 20480: 20480. 24576: 24576. 28672: 28672. 32768: 32768. 36864: 36864. 40960: 40960. 45056: 45056. 49152: 49152. 53248: 53248. 57344: 57344. 61440: 61440. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable SNMP. disable: Disable SNMP. enable: Enable SNMP. |
option | - |
engine-id | Local SNMP engine ID string (max 24 char). | string | Maximum length: 24 |
description | System description. | string | Maximum length: 35 |
contact-info | Contact information. | string | Maximum length: 35 |
location | System location. | string | Maximum length: 35 |
Parameter Name | Description | Type | Size |
---|---|---|---|
trap-high-cpu-threshold | CPU usage when trap is sent. | integer | Minimum value: 0 Maximum value: 4294967295 |
trap-low-memory-threshold | Memory usage when trap is sent. | integer | Minimum value: 0 Maximum value: 4294967295 |
trap-log-full-threshold | Log disk usage when trap is sent. | integer | Minimum value: 0 Maximum value: 4294967295 |
Parameter Name | Description | Type | Size |
---|---|---|---|
name | SNMP community name. | string | Maximum length: 35 |
status | Enable/disable this SNMP community. disable: Disable SNMP community. enable: Enable SNMP community. |
option | - |
query-v1-status | Enable/disable SNMP v1 queries. disable: Disable SNMP v1 queries. enable: Enable SNMP v1 queries. |
option | - |
query-v1-port | SNMP v1 query port (default = 161). | integer | Minimum value: 0 Maximum value: 65535 |
query-v2c-status | Enable/disable SNMP v2c queries. disable: Disable SNMP v2c queries. enable: Enable SNMP v2c queries. |
option | - |
query-v2c-port | SNMP v2c query port (default = 161). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v1-status | Enable/disable SNMP v1 traps. disable: Disable SNMP v1 traps. enable: Enable SNMP v1 traps. |
option | - |
trap-v1-lport | SNMP v2c trap local port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v1-rport | SNMP v2c trap remote port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v2c-status | Enable/disable SNMP v2c traps. disable: Disable SNMP v2c traps. enable: Enable SNMP v2c traps. |
option | - |
trap-v2c-lport | SNMP v2c trap local port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
trap-v2c-rport | SNMP v2c trap remote port (default = 162). | integer | Minimum value: 0 Maximum value: 65535 |
events | SNMP notifications (traps) to send. cpu-high: Send a trap when CPU usage too high. mem-low: Send a trap when available memory is low. log-full: Send a trap when log disk space becomes low. intf-ip: Send a trap when an interface IP address is changed. ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133). |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ip | IPv4 address of the SNMP manager (host). | user | Not Specified |
Parameter Name | Description | Type | Size |
---|---|---|---|
queries | Enable/disable SNMP queries for this user. disable: Disable SNMP queries for this user. enable: Enable SNMP queries for this user. |
option | - |
query-port | SNMPv3 query port (default = 161). | integer | Minimum value: 0 Maximum value: 65535 |
security-level | Security level for message authentication and encryption. no-auth-no-priv: Message with no authentication and no privacy (encryption). auth-no-priv: Message with authentication but no privacy (encryption). auth-priv: Message with authentication and privacy (encryption). |
option | - |
auth-proto | Authentication protocol. md5: HMAC-MD5-96 authentication protocol. sha: HMAC-SHA-96 authentication protocol. |
option | - |
auth-pwd | Password for authentication protocol. | password | Not Specified |
priv-proto | Privacy (encryption) protocol. aes: CFB128-AES-128 symmetric encryption protocol. des: CBC-DES symmetric encryption protocol. |
option | - |
priv-pwd | Password for privacy (encryption) protocol. | password | Not Specified |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to configure local logging settings that override global logging settings. enable: Override global logging settings. disable: Use global logging settings. |
option | - |
status | Enable/disable adding FortiSwitch logs to the FortiGate event log. enable: Add FortiSwitch logs to the FortiGate event log. disable: Do not add FortiSwitch logs to the FortiGate event log. |
option | - |
severity | Severity of FortiSwitch logs that are added to the FortiGate event log. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable logging by FortiSwitch device to a remote syslog server. enable: Enable logging by FortiSwitch device to a remote syslog server. disable: Disable logging by FortiSwitch device to a remote syslog server. |
option | - |
server | IPv4 address of the remote syslog server. | string | Maximum length: 63 |
port | Remote syslog server listening port. | integer | Minimum value: 0 Maximum value: 65535 |
severity | Severity of logs to be transferred to remote log server. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level. |
option | - |
csv | Enable/disable comma-separated value (CSV) strings. enable: Enable comma-separated value (CSV) strings. disable: Disable comma-separated value (CSV) strings. |
option | - |
facility | Facility to log to remote syslog server. kernel: Kernel messages. user: Random user-level messages. mail: Mail system. daemon: System daemons. auth: Security/authorization messages. syslog: Messages generated internally by syslogd. lpr: Line printer subsystem. news: Network news subsystem. uucp: UUCP server messages. cron: Clock daemon. authpriv: Security/authorization messages (private). ftp: FTP daemon. ntp: NTP daemon. audit: Log audit. alert: Log alert. clock: Clock daemon. local0: Reserved for local use. local1: Reserved for local use. local2: Reserved for local use. local3: Reserved for local use. local4: Reserved for local use. local5: Reserved for local use. local6: Reserved for local use. local7: Reserved for local use. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to override global FortiSwitch storm control settings for this FortiSwitch. enable: Override global storm control settings. disable: Use global storm control settings. |
option | - |
rate | Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold. | integer | Minimum value: 1 Maximum value: 10000000 |
unknown-unicast | Enable/disable storm control to drop unknown unicast traffic. enable: Drop unknown unicast traffic. disable: Allow unknown unicast traffic. |
option | - |
unknown-multicast | Enable/disable storm control to drop unknown multicast traffic. enable: Drop unknown multicast traffic. disable: Allow unknown multicast traffic. |
option | - |
broadcast | Enable/disable storm control to drop broadcast traffic. enable: Drop broadcast traffic. disable: Allow broadcast traffic. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Active/inactive mirror configuration. active: Activate mirror configuration. inactive: Deactivate mirror configuration. |
option | - |
switching-packet | Enable/disable switching functionality when mirroring. enable: Enable switching functionality when mirroring. disable: Disable switching functionality when mirroring. |
option | - |
dst | Destination port. | string | Maximum length: 63 |
src-ingress <name> |
Source ingress interfaces. Interface name. |
string | Maximum length: 79 |
src-egress <name> |
Source egress interfaces. Interface name. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
type | Type. static: Static MAC. sticky: Sticky MAC. |
option | - |
vlan | Vlan. | string | Maximum length: 15 |
mac | MAC address. | mac-address | Not Specified |
interface | Interface name. | string | Maximum length: 35 |
description | Description. | string | Maximum length: 63 |
Parameter Name | Description | Type | Size |
---|---|---|---|
command-name | Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. | string | Maximum length: 35 |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable/disable overriding the global IGMP snooping configuration. enable: Override the global IGMP snooping configuration. disable: Use the global IGMP snooping configuration. |
option | - |
aging-time | Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300). | integer | Minimum value: 15 Maximum value: 3600 |
flood-unknown-multicast | Enable/disable unknown multicast flooding. enable: Enable unknown multicast flooding. disable: Disable unknown multicast flooding. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
local-override | Enable to override global 802.1X settings on individual FortiSwitches. enable: Override global 802.1X settings. disable: Use global 802.1X settings. |
option | - |
link-down-auth | Authentication state to set if a link is down. set-unauth: Interface set to unauth when down. Reauthentication is needed. no-action: Interface reauthentication is not needed. |
option | - |
reauth-period | Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable). | integer | Minimum value: 0 Maximum value: 1440 |
max-reauth-attempt | Maximum number of authentication attempts (0 - 15, default = 3). | integer | Minimum value: 0 Maximum value: 15 |