ansible / ansible.builtin / v2.8.15 / module / fortios_switch_controller_managed_switch Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of ansible.builtin" Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityansible.builtin.fortios_switch_controller_managed_switch (v2.8.15) — module
pip
Install with pip install ansible==2.8.15
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost vars: host: "192.168.122.40" username: "admin" password: "" vdom: "root" tasks: - name: Configure FortiSwitch devices that are managed by this FortiGate. fortios_switch_controller_managed_switch: host: "{{ host }}" username: "{{ username }}" password: "{{ password }}" vdom: "{{ vdom }}" https: "False" switch_controller_managed_switch: state: "present" 802-1X-settings: link-down-auth: "set-unauth" local-override: "enable" max-reauth-attempt: "6" reauth-period: "7" connected: "8" custom-command: - command-entry: "<your_own_value>" command-name: "<your_own_value> (source switch-controller.custom-command.command-name)" delayed-restart-trigger: "12" description: "<your_own_value>" directly-connected: "14" dynamic-capability: "15" dynamically-discovered: "16" fsw-wan1-admin: "discovered" fsw-wan1-peer: "<your_own_value>" fsw-wan2-admin: "discovered" fsw-wan2-peer: "<your_own_value>" igmp-snooping: aging-time: "22" flood-unknown-multicast: "enable" local-override: "enable" max-allowed-trunk-members: "25" mirror: - dst: "<your_own_value>" name: "default_name_28" src-egress: - name: "default_name_30" src-ingress: - name: "default_name_32" status: "active" switching-packet: "enable" name: "default_name_35" owner-vdom: "<your_own_value>" poe-pre-standard-detection: "enable" ports: - allowed-vlans: - vlan-name: "<your_own_value> (source system.interface.name)" allowed-vlans-all: "enable" arp-inspection-trust: "untrusted" bundle: "enable" description: "<your_own_value>" dhcp-snoop-option82-trust: "enable" dhcp-snooping: "untrusted" discard-mode: "none" edge-port: "enable" export-tags: - tag-name: "<your_own_value> (source switch-controller.switch-interface-tag.name)" export-to: "<your_own_value> (source system.vdom.name)" export-to-pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)" export-to-pool_flag: "53" fgt-peer-device-name: "<your_own_value>" fgt-peer-port-name: "<your_own_value>" fiber-port: "56" flags: "57" fortilink-port: "58" igmp-snooping: "enable" igmps-flood-reports: "enable" igmps-flood-traffic: "enable" isl-local-trunk-name: "<your_own_value>" isl-peer-device-name: "<your_own_value>" isl-peer-port-name: "<your_own_value>" lacp-speed: "slow" learning-limit: "66" lldp-profile: "<your_own_value> (source switch-controller.lldp-profile.name)" lldp-status: "disable" loop-guard: "enabled" loop-guard-timeout: "70" max-bundle: "71" mclag: "enable" member-withdrawal-behavior: "forward" members: - member-name: "<your_own_value>" min-bundle: "76" mode: "static" poe-capable: "78" poe-pre-standard-detection: "enable" poe-status: "enable" port-name: "<your_own_value>" port-number: "82" port-owner: "<your_own_value>" port-prefix-type: "84" port-security-policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal .name)" port-selection-criteria: "src-mac" qos-policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)" sample-direction: "tx" sflow-counter-interval: "89" sflow-sample-rate: "90" sflow-sampler: "enabled" speed: "10half" speed-mask: "93" stacking-port: "94" status: "up" stp-bpdu-guard: "enabled" stp-bpdu-guard-timeout: "97" stp-root-guard: "enabled" stp-state: "enabled" switch-id: "<your_own_value>" type: "physical" untagged-vlans: - vlan-name: "<your_own_value> (source system.interface.name)" virtual-port: "104" vlan: "<your_own_value> (source system.interface.name)" pre-provisioned: "106" staged-image-version: "<your_own_value>" storm-control: broadcast: "enable" local-override: "enable" rate: "111" unknown-multicast: "enable" unknown-unicast: "enable" stp-settings: forward-time: "115" hello-time: "116" local-override: "enable" max-age: "118" max-hops: "119" name: "default_name_120" pending-timer: "121" revision: "122" status: "enable" switch-device-tag: "<your_own_value>" switch-id: "<your_own_value>" switch-log: local-override: "enable" severity: "emergency" status: "enable" switch-profile: "<your_own_value> (source switch-controller.switch-profile.name)" switch-stp-settings: status: "enable" type: "virtual" version: "134"
host: description: - FortiOS or FortiGate ip address. required: true vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. https: default: true description: - Indicates if the requests towards FortiGate must use HTTPS protocol type: bool password: default: '' description: - FortiOS or FortiGate password. username: description: - FortiOS or FortiGate username. required: true switch_controller_managed_switch: default: null description: - Configure FortiSwitch devices that are managed by this FortiGate. suboptions: 802-1X-settings: description: - Configuration method to edit FortiSwitch 802.1X global settings. suboptions: link-down-auth: choices: - set-unauth - no-action description: - Authentication state to set if a link is down. local-override: choices: - enable - disable description: - Enable to override global 802.1X settings on individual FortiSwitches. max-reauth-attempt: description: - Maximum number of authentication attempts (0 - 15, default = 3). reauth-period: description: - Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable). connected: description: - CAPWAP connection. custom-command: description: - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch. suboptions: command-entry: description: - List of FortiSwitch commands. required: true command-name: description: - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name. delayed-restart-trigger: description: - Delayed restart triggered for this FortiSwitch. description: description: - Description. directly-connected: description: - Directly connected FortiSwitch. dynamic-capability: description: - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. dynamically-discovered: description: - Dynamically discovered FortiSwitch. fsw-wan1-admin: choices: - discovered - disable - enable description: - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. fsw-wan1-peer: description: - Fortiswitch WAN1 peer port. fsw-wan2-admin: choices: - discovered - disable - enable description: - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. fsw-wan2-peer: description: - FortiSwitch WAN2 peer port. igmp-snooping: description: - Configure FortiSwitch IGMP snooping global settings. suboptions: aging-time: description: - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300). flood-unknown-multicast: choices: - enable - disable description: - Enable/disable unknown multicast flooding. local-override: choices: - enable - disable description: - Enable/disable overriding the global IGMP snooping configuration. max-allowed-trunk-members: description: - FortiSwitch maximum allowed trunk members. mirror: description: - Configuration method to edit FortiSwitch packet mirror. suboptions: dst: description: - Destination port. name: description: - Mirror name. required: true src-egress: description: - Source egress interfaces. suboptions: name: description: - Interface name. required: true src-ingress: description: - Source ingress interfaces. suboptions: name: description: - Interface name. required: true status: choices: - active - inactive description: - Active/inactive mirror configuration. switching-packet: choices: - enable - disable description: - Enable/disable switching functionality when mirroring. name: description: - Managed-switch name. owner-vdom: description: - VDOM which owner of port belongs to. poe-pre-standard-detection: choices: - enable - disable description: - Enable/disable PoE pre-standard detection. ports: description: - Managed-switch port list. suboptions: allowed-vlans: description: - Configure switch port tagged vlans suboptions: vlan-name: description: - VLAN name. Source system.interface.name. required: true allowed-vlans-all: choices: - enable - disable description: - Enable/disable all defined vlans on this port. arp-inspection-trust: choices: - untrusted - trusted description: - Trusted or untrusted dynamic ARP inspection. bundle: choices: - enable - disable description: - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. description: description: - Description for port. dhcp-snoop-option82-trust: choices: - enable - disable description: - Enable/disable allowance of DHCP with option-82 on untrusted interface. dhcp-snooping: choices: - untrusted - trusted description: - Trusted or untrusted DHCP-snooping interface. discard-mode: choices: - none - all-untagged - all-tagged description: - Configure discard mode for port. edge-port: choices: - enable - disable description: - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. export-tags: description: - Switch controller export tag name. suboptions: tag-name: description: - Switch tag name. Source switch-controller.switch-interface-tag.name. required: true export-to: description: - Export managed-switch port to a tenant VDOM. Source system.vdom.name. export-to-pool: description: - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. export-to-pool_flag: description: - Switch controller export port to pool-list. fgt-peer-device-name: description: - FGT peer device name. fgt-peer-port-name: description: - FGT peer port name. fiber-port: description: - Fiber-port. flags: description: - Port properties flags. fortilink-port: description: - FortiLink uplink port. igmp-snooping: choices: - enable - disable description: - Set IGMP snooping mode for the physical port interface. igmps-flood-reports: choices: - enable - disable description: - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. igmps-flood-traffic: choices: - enable - disable description: - Enable/disable flooding of IGMP snooping traffic to this interface. isl-local-trunk-name: description: - ISL local trunk name. isl-peer-device-name: description: - ISL peer device name. isl-peer-port-name: description: - ISL peer port name. lacp-speed: choices: - slow - fast description: - end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). learning-limit: description: - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). lldp-profile: description: - LLDP port TLV profile. Source switch-controller.lldp-profile.name. lldp-status: choices: - disable - rx-only - tx-only - tx-rx description: - LLDP transmit and receive status. loop-guard: choices: - enabled - disabled description: - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. loop-guard-timeout: description: - Loop-guard timeout (0 - 120 min, default = 45). max-bundle: description: - Maximum size of LAG bundle (1 - 24, default = 24) mclag: choices: - enable - disable description: - Enable/disable multi-chassis link aggregation (MCLAG). member-withdrawal-behavior: choices: - forward - block description: - Port behavior after it withdraws because of loss of control packets. members: description: - Aggregated LAG bundle interfaces. suboptions: member-name: description: - Interface name from available options. required: true min-bundle: description: - Minimum size of LAG bundle (1 - 24, default = 1) mode: choices: - static - lacp-passive - lacp-active description: - 'LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively.' poe-capable: description: - PoE capable. poe-pre-standard-detection: choices: - enable - disable description: - Enable/disable PoE pre-standard detection. poe-status: choices: - enable - disable description: - Enable/disable PoE status. port-name: description: - Switch port name. required: true port-number: description: - Port number. port-owner: description: - Switch port name. port-prefix-type: description: - Port prefix type. port-security-policy: description: - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name. port-selection-criteria: choices: - src-mac - dst-mac - src-dst-mac - src-ip - dst-ip - src-dst-ip description: - Algorithm for aggregate port selection. qos-policy: description: - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. sample-direction: choices: - tx - rx - both description: - sFlow sample direction. sflow-counter-interval: description: - sFlow sampler counter polling interval (1 - 255 sec). sflow-sample-rate: description: - sFlow sampler sample rate (0 - 99999 p/sec). sflow-sampler: choices: - enabled - disabled description: - Enable/disable sFlow protocol on this interface. speed: choices: - 10half - 10full - 100half - 100full - 1000auto - 1000fiber - 1000full - 10000 - 40000 - auto - auto-module - 100FX-half - 100FX-full - 100000full - 2500full - 25000full - 50000full description: - Switch port speed; default and available settings depend on hardware. speed-mask: description: - Switch port speed mask. stacking-port: description: - Stacking port. status: choices: - up - down description: - 'Switch port admin status: up or down.' stp-bpdu-guard: choices: - enabled - disabled description: - Enable/disable STP BPDU guard on this interface. stp-bpdu-guard-timeout: description: - BPDU Guard disabling protection (0 - 120 min). stp-root-guard: choices: - enabled - disabled description: - Enable/disable STP root guard on this interface. stp-state: choices: - enabled - disabled description: - Enable/disable Spanning Tree Protocol (STP) on this interface. switch-id: description: - Switch id. type: choices: - physical - trunk description: - 'Interface type: physical or trunk port.' untagged-vlans: description: - Configure switch port untagged vlans suboptions: vlan-name: description: - VLAN name. Source system.interface.name. required: true virtual-port: description: - Virtualized switch port. vlan: description: - Assign switch ports to a VLAN. Source system.interface.name. pre-provisioned: description: - Pre-provisioned managed switch. staged-image-version: description: - Staged image version for FortiSwitch. state: choices: - present - absent description: - Indicates whether to create or remove the object storm-control: description: - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. suboptions: broadcast: choices: - enable - disable description: - Enable/disable storm control to drop broadcast traffic. local-override: choices: - enable - disable description: - Enable to override global FortiSwitch storm control settings for this FortiSwitch. rate: description: - Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold. unknown-multicast: choices: - enable - disable description: - Enable/disable storm control to drop unknown multicast traffic. unknown-unicast: choices: - enable - disable description: - Enable/disable storm control to drop unknown unicast traffic. stp-settings: description: - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. suboptions: forward-time: description: - Period of time a port is in listening and learning state (4 - 30 sec, default = 15). hello-time: description: - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2). local-override: choices: - enable - disable description: - Enable to configure local STP settings that override global STP settings. max-age: description: - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20). max-hops: description: - Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20). name: description: - Name of local STP settings configuration. pending-timer: description: - Pending time (1 - 15 sec, default = 4). revision: description: - STP revision number (0 - 65535). status: choices: - enable - disable description: - Enable/disable STP. switch-device-tag: description: - User definable label/tag. switch-id: description: - Managed-switch id. required: true switch-log: description: - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). suboptions: local-override: choices: - enable - disable description: - Enable to configure local logging settings that override global logging settings. severity: choices: - emergency - alert - critical - error - warning - notification - information - debug description: - Severity of FortiSwitch logs that are added to the FortiGate event log. status: choices: - enable - disable description: - Enable/disable adding FortiSwitch logs to the FortiGate event log. switch-profile: description: - FortiSwitch profile. Source switch-controller.switch-profile.name. switch-stp-settings: description: - Configure spanning tree protocol (STP). suboptions: status: choices: - enable - disable description: - Enable/disable STP. type: choices: - virtual - physical description: - Indication of switch type, physical or virtual. version: description: - FortiSwitch version.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str