Fortinet white logo
Fortinet white logo

CLI Reference

config switch-controller global

config switch-controller global

Note

This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 101E, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 121G, FortiGate 140E-POE, FortiGate 140E, FortiGate 1500DT, FortiGate 1500D, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3201F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 900G, FortiGate 901G, FortiGate 90E, FortiGate 90G, FortiGate 91E, FortiGate 91G, FortiGate VM64, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 5001E1, FortiGate 5001E.

Configure FortiSwitch global settings.

config switch-controller global
    Description: Configure FortiSwitch global settings.
    set bounce-quarantined-link [disable|enable]
    config custom-command
        Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
        edit <command-entry>
            set command-name {string}
        next
    end
    set default-virtual-switch-vlan {string}
    set dhcp-server-access-list [enable|disable]
    set disable-discovery <name1>, <name2>, ...
    set fips-enforce [disable|enable]
    set firmware-provision-on-authorization [enable|disable]
    set https-image-push [enable|disable]
    set log-mac-limit-violations [enable|disable]
    set mac-aging-interval {integer}
    set mac-event-logging [enable|disable]
    set mac-retention-period {integer}
    set mac-violation-timer {integer}
    set quarantine-mode [by-vlan|by-redirect]
    set sn-dns-resolution [enable|disable]
    set update-user-device {option1}, {option2}, ...
    set vlan-all-mode [all|defined]
    set vlan-identity [description|name]
    set vlan-optimization [enable|disable]
end

config switch-controller global

Parameter

Description

Type

Size

Default

bounce-quarantined-link

Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

option

-

disable

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

enable

Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

default-virtual-switch-vlan

Default VLAN for ports when added to the virtual-switch.

string

Maximum length: 15

dhcp-server-access-list

Enable/disable DHCP snooping server access list.

option

-

disable

Option

Description

enable

Enable DHCP server access list.

disable

Disable DHCP server access list.

disable-discovery <name>

Prevent this FortiSwitch from discovering.

Managed device ID.

string

Maximum length: 79

fips-enforce

Enable/disable enforcement of FIPS on managed FortiSwitch devices.

option

-

enable

Option

Description

disable

Disable enforcement of FIPS on managed FortiSwitch devices.

enable

Enable enforcement of FIPS on managed FortiSwitch devices.

firmware-provision-on-authorization

Enable/disable automatic provisioning of latest firmware on authorization.

option

-

disable

Option

Description

enable

Enable firmware provision on authorization.

disable

Disable firmware provision on authorization.

https-image-push

Enable/disable image push to FortiSwitch using HTTPS.

option

-

enable

Option

Description

enable

Enable image push to FortiSwitch using HTTPS.

disable

Disable image push to FortiSwitch using HTTPS.

log-mac-limit-violations

Enable/disable logs for Learning Limit Violations.

option

-

disable

Option

Description

enable

Enable Learn Limit Violation.

disable

Disable Learn Limit Violation.

mac-aging-interval

Time after which an inactive MAC is aged out.

integer

Minimum value: 10 Maximum value: 1000000

300

mac-event-logging

Enable/disable MAC address event logging.

option

-

disable

Option

Description

enable

Enable MAC address event logging.

disable

Disable MAC address event logging.

mac-retention-period

Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

integer

Minimum value: 0 Maximum value: 168

24

mac-violation-timer

Set timeout for Learning Limit Violations (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

quarantine-mode

Quarantine mode.

option

-

by-vlan

Option

Description

by-vlan

Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

by-redirect

Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

sn-dns-resolution

Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

option

-

enable

Option

Description

enable

Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

disable

Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

update-user-device

Control which sources update the device user list.

option

-

mac-cache lldp dhcp-snooping l2-db l3-db

Option

Description

mac-cache

Update MAC address from switch-controller mac-cache.

lldp

Update from FortiSwitch LLDP neighbor database.

dhcp-snooping

Update from FortiSwitch DHCP snooping client and server databases.

l2-db

Update from FortiSwitch Network-monitor Layer 2 tracking database.

l3-db

Update from FortiSwitch Network-monitor Layer 3 tracking database.

vlan-all-mode

VLAN configuration mode, user-defined-vlans or all-possible-vlans.

option

-

defined

Option

Description

all

Include all possible VLANs (1-4093).

defined

Include user defined VLANs.

vlan-identity

Identity of the VLAN. Commonly used for RADIUS Tunnel-Private-Group-Id.

option

-

name

Option

Description

description

Configure the VLAN description to that of the FortiOS interface description if available; otherwise use the interface name.

name

Configure the VLAN description to that of the FortiOS interface name.

vlan-optimization

FortiLink VLAN optimization.

option

-

enable

Option

Description

enable

Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable

Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

config custom-command

Parameter

Description

Type

Size

Default

command-entry

List of FortiSwitch commands.

string

Maximum length: 35

command-name

Name of custom command to push to all FortiSwitches in VDOM.

string

Maximum length: 35

config switch-controller global

config switch-controller global

Note

This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 101E, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 121G, FortiGate 140E-POE, FortiGate 140E, FortiGate 1500DT, FortiGate 1500D, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3201F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 900G, FortiGate 901G, FortiGate 90E, FortiGate 90G, FortiGate 91E, FortiGate 91G, FortiGate VM64, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 5001E1, FortiGate 5001E.

Configure FortiSwitch global settings.

config switch-controller global
    Description: Configure FortiSwitch global settings.
    set bounce-quarantined-link [disable|enable]
    config custom-command
        Description: List of custom commands to be pushed to all FortiSwitches in the VDOM.
        edit <command-entry>
            set command-name {string}
        next
    end
    set default-virtual-switch-vlan {string}
    set dhcp-server-access-list [enable|disable]
    set disable-discovery <name1>, <name2>, ...
    set fips-enforce [disable|enable]
    set firmware-provision-on-authorization [enable|disable]
    set https-image-push [enable|disable]
    set log-mac-limit-violations [enable|disable]
    set mac-aging-interval {integer}
    set mac-event-logging [enable|disable]
    set mac-retention-period {integer}
    set mac-violation-timer {integer}
    set quarantine-mode [by-vlan|by-redirect]
    set sn-dns-resolution [enable|disable]
    set update-user-device {option1}, {option2}, ...
    set vlan-all-mode [all|defined]
    set vlan-identity [description|name]
    set vlan-optimization [enable|disable]
end

config switch-controller global

Parameter

Description

Type

Size

Default

bounce-quarantined-link

Enable/disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last. Helps to re-initiate the DHCP process for a device.

option

-

disable

Option

Description

disable

Disable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

enable

Enable bouncing (administratively bring the link down, up) of a switch port where a quarantined device was seen last.

default-virtual-switch-vlan

Default VLAN for ports when added to the virtual-switch.

string

Maximum length: 15

dhcp-server-access-list

Enable/disable DHCP snooping server access list.

option

-

disable

Option

Description

enable

Enable DHCP server access list.

disable

Disable DHCP server access list.

disable-discovery <name>

Prevent this FortiSwitch from discovering.

Managed device ID.

string

Maximum length: 79

fips-enforce

Enable/disable enforcement of FIPS on managed FortiSwitch devices.

option

-

enable

Option

Description

disable

Disable enforcement of FIPS on managed FortiSwitch devices.

enable

Enable enforcement of FIPS on managed FortiSwitch devices.

firmware-provision-on-authorization

Enable/disable automatic provisioning of latest firmware on authorization.

option

-

disable

Option

Description

enable

Enable firmware provision on authorization.

disable

Disable firmware provision on authorization.

https-image-push

Enable/disable image push to FortiSwitch using HTTPS.

option

-

enable

Option

Description

enable

Enable image push to FortiSwitch using HTTPS.

disable

Disable image push to FortiSwitch using HTTPS.

log-mac-limit-violations

Enable/disable logs for Learning Limit Violations.

option

-

disable

Option

Description

enable

Enable Learn Limit Violation.

disable

Disable Learn Limit Violation.

mac-aging-interval

Time after which an inactive MAC is aged out.

integer

Minimum value: 10 Maximum value: 1000000

300

mac-event-logging

Enable/disable MAC address event logging.

option

-

disable

Option

Description

enable

Enable MAC address event logging.

disable

Disable MAC address event logging.

mac-retention-period

Time in hours after which an inactive MAC is removed from client DB (0 = aged out based on mac-aging-interval).

integer

Minimum value: 0 Maximum value: 168

24

mac-violation-timer

Set timeout for Learning Limit Violations (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

quarantine-mode

Quarantine mode.

option

-

by-vlan

Option

Description

by-vlan

Quarantined device traffic is sent to FortiGate on a separate quarantine VLAN.

by-redirect

Quarantined device traffic is redirected only to the FortiGate on the received VLAN.

sn-dns-resolution

Enable/disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

option

-

enable

Option

Description

enable

Enable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

disable

Disable DNS resolution of the FortiSwitch unit's IP address by use of its serial number.

update-user-device

Control which sources update the device user list.

option

-

mac-cache lldp dhcp-snooping l2-db l3-db

Option

Description

mac-cache

Update MAC address from switch-controller mac-cache.

lldp

Update from FortiSwitch LLDP neighbor database.

dhcp-snooping

Update from FortiSwitch DHCP snooping client and server databases.

l2-db

Update from FortiSwitch Network-monitor Layer 2 tracking database.

l3-db

Update from FortiSwitch Network-monitor Layer 3 tracking database.

vlan-all-mode

VLAN configuration mode, user-defined-vlans or all-possible-vlans.

option

-

defined

Option

Description

all

Include all possible VLANs (1-4093).

defined

Include user defined VLANs.

vlan-identity

Identity of the VLAN. Commonly used for RADIUS Tunnel-Private-Group-Id.

option

-

name

Option

Description

description

Configure the VLAN description to that of the FortiOS interface description if available; otherwise use the interface name.

name

Configure the VLAN description to that of the FortiOS interface name.

vlan-optimization

FortiLink VLAN optimization.

option

-

enable

Option

Description

enable

Enable VLAN optimization on FortiSwitch units for auto-generated trunks.

disable

Disable VLAN optimization on FortiSwitch units for auto-generated trunks.

config custom-command

Parameter

Description

Type

Size

Default

command-entry

List of FortiSwitch commands.

string

Maximum length: 35

command-name

Name of custom command to push to all FortiSwitches in VDOM.

string

Maximum length: 35