drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_switchcontroller_managedswitch Configure FortiSwitch devices that are managed by this FortiGate. | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_switchcontroller_managedswitch (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure FortiSwitch devices that are managed by this FortiGate. fmgr_switchcontroller_managedswitch: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> switchcontroller_managedswitch: _platform: <value of string> description: <value of string> name: <value of string> ports: - allowed-vlans: <value of string> allowed-vlans-all: <value in [disable, enable]> arp-inspection-trust: <value in [untrusted, trusted]> bundle: <value in [disable, enable]> description: <value of string> dhcp-snoop-option82-trust: <value in [disable, enable]> dhcp-snooping: <value in [trusted, untrusted]> discard-mode: <value in [none, all-untagged, all-tagged]> edge-port: <value in [disable, enable]> igmp-snooping: <value in [disable, enable]> igmps-flood-reports: <value in [disable, enable]> igmps-flood-traffic: <value in [disable, enable]> lacp-speed: <value in [slow, fast]> learning-limit: <value of integer> lldp-profile: <value of string> lldp-status: <value in [disable, rx-only, tx-only, ...]> loop-guard: <value in [disabled, enabled]> loop-guard-timeout: <value of integer> max-bundle: <value of integer> mclag: <value in [disable, enable]> member-withdrawal-behavior: <value in [forward, block]> members: <value of string> min-bundle: <value of integer> mode: <value in [static, lacp-passive, lacp-active]> poe-pre-standard-detection: <value in [disable, enable]> poe-status: <value in [disable, enable]> port-name: <value of string> port-owner: <value of string> port-security-policy: <value of string> port-selection-criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]> qos-policy: <value of string> sample-direction: <value in [rx, tx, both]> sflow-counter-interval: <value of integer> sflow-sample-rate: <value of integer> sflow-sampler: <value in [disabled, enabled]> stp-bpdu-guard: <value in [disabled, enabled]> stp-bpdu-guard-timeout: <value of integer> stp-root-guard: <value in [disabled, enabled]> stp-state: <value in [disabled, enabled]> type: <value in [physical, trunk]> untagged-vlans: <value of string> vlan: <value of string> export-to-pool-flag: <value of integer> mac-addr: <value of string> packet-sample-rate: <value of integer> packet-sampler: <value in [disabled, enabled]> sticky-mac: <value in [disable, enable]> storm-control-policy: <value of string> dot1x-enable: <value in [disable, enable]> max-miss-heartbeats: <value of integer> access-mode: <value in [normal, nac, dynamic, ...]> ip-source-guard: <value in [disable, enable]> mclag-icl-port: <value of integer> p2p-port: <value of integer> aggregator-mode: <value in [bandwidth, count]> rpvst-port: <value in [disabled, enabled]> flow-control: <value in [disable, tx, rx, ...]> media-type: <value of string> pause-meter: <value of integer> pause-meter-resume: <value in [25%, 50%, 75%]> trunk-member: <value of integer> fec-capable: <value of integer> fec-state: <value in [disabled, cl74, cl91]> matched-dpp-intf-tags: <value of string> matched-dpp-policy: <value of string> port-policy: <value of string> status: <value in [down, up]> dsl-profile: <value of string> flap-duration: <value of integer> flap-rate: <value of integer> flap-timeout: <value of integer> flapguard: <value in [disable, enable]> interface-tags: <value of string> poe-max-power: <value of string> poe-standard: <value of string> igmp-snooping-flood-reports: <value in [disable, enable]> mcast-snooping-flood-traffic: <value in [disable, enable]> link-status: <value in [down, up]> poe-mode-bt-cabable: <value of integer> poe-port-mode: <value in [ieee802-3af, ieee802-3at, ieee802-3bt]> poe-port-power: <value in [normal, perpetual, perpetual-fast]> poe-port-priority: <value in [critical-priority, high-priority, low-priority, ...]> acl-group: <value of string> dhcp-snoop-option82-override: - circuit-id: <value of string> remote-id: <value of string> vlan-name: <value of string> fortiswitch-acls: <value of integer> isl-peer-device-sn: <value of string> switch-id: <value of string> override-snmp-community: <value in [disable, enable]> override-snmp-sysinfo: <value in [disable, enable]> override-snmp-trap-threshold: <value in [disable, enable]> override-snmp-user: <value in [disable, enable]> poe-detection-type: <value of integer> remote-log: - csv: <value in [disable, enable]> facility: <value in [kernel, user, mail, ...]> name: <value of string> port: <value of integer> server: <value of string> severity: <value in [emergency, alert, critical, ...]> status: <value in [disable, enable]> snmp-community: - events: - cpu-high - mem-low - log-full - intf-ip - ent-conf-change hosts: - id: <value of integer> ip: <value of string> id: <value of integer> name: <value of string> query-v1-port: <value of integer> query-v1-status: <value in [disable, enable]> query-v2c-port: <value of integer> query-v2c-status: <value in [disable, enable]> status: <value in [disable, enable]> trap-v1-lport: <value of integer> trap-v1-rport: <value of integer> trap-v1-status: <value in [disable, enable]> trap-v2c-lport: <value of integer> trap-v2c-rport: <value of integer> trap-v2c-status: <value in [disable, enable]> snmp-user: - auth-proto: <value in [md5, sha]> auth-pwd: <value of string> name: <value of string> priv-proto: <value in [des, aes]> priv-pwd: <value of string> queries: <value in [disable, enable]> query-port: <value of integer> security-level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]> mclag-igmp-snooping-aware: <value in [disable, enable]> ip-source-guard: - binding-entry: - entry-name: <value of string> ip: <value of string> mac: <value of string> description: <value of string> port: <value of string> l3-discovered: <value of integer> qos-drop-policy: <value in [taildrop, random-early-detection]> qos-red-probability: <value of integer> switch-dhcp_opt43_key: <value of string> tdr-supported: <value of string> custom-command: - command-entry: <value of string> command-name: <value of string> firmware-provision: <value in [disable, enable]> firmware-provision-version: <value of string> dhcp-server-access-list: <value in [disable, enable, global]> firmware-provision-latest: <value in [disable, once]> dhcp-snooping-static-client: - ip: <value of string> mac: <value of string> name: <value of string> port: <value of string> vlan: <value of string>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int switchcontroller_managedswitch: description: the top level parameters set required: false suboptions: _platform: description: _Platform. type: str custom-command: description: Custom-Command. elements: dict suboptions: command-entry: description: List of FortiSwitch commands. type: str command-name: description: Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. type: str type: list description: description: Description. type: str dhcp-server-access-list: choices: - disable - enable - global description: DHCP snooping server access list. type: str dhcp-snooping-static-client: description: description elements: dict suboptions: ip: description: Client static IP address. type: str mac: description: Client MAC address. type: str name: description: Client name. type: str port: description: Interface name. type: str vlan: description: VLAN name. type: str type: list firmware-provision: choices: - disable - enable description: Enable/disable provisioning of firmware to FortiSwitches on join connection. type: str firmware-provision-latest: choices: - disable - once description: Enable/disable one-time automatic provisioning of the latest firmware version. type: str firmware-provision-version: description: Firmware version to provision to this FortiSwitch on bootup type: str ip-source-guard: description: description elements: dict suboptions: binding-entry: description: description elements: dict suboptions: entry-name: description: Configure binding pair. type: str ip: description: Source IP for this rule. type: str mac: description: MAC address for this rule. type: str type: list description: description: Description. type: str port: description: Ingress interface to which source guard is bound. type: str type: list l3-discovered: description: L3-Discovered. type: int mclag-igmp-snooping-aware: choices: - disable - enable description: Enable/disable MCLAG IGMP-snooping awareness. type: str name: description: Managed-switch name. type: str override-snmp-community: choices: - disable - enable description: Enable/disable overriding the global SNMP communities. type: str override-snmp-sysinfo: choices: - disable - enable description: Enable/disable overriding the global SNMP system information. type: str override-snmp-trap-threshold: choices: - disable - enable description: Enable/disable overriding the global SNMP trap threshold values. type: str override-snmp-user: choices: - disable - enable description: Enable/disable overriding the global SNMP users. type: str poe-detection-type: description: Poe-Detection-Type. type: int ports: description: Ports. elements: dict suboptions: access-mode: choices: - normal - nac - dynamic - static description: Access mode of the port. type: str acl-group: description: description type: str aggregator-mode: choices: - bandwidth - count description: LACP member select mode. type: str allowed-vlans: description: Configure switch port tagged vlans type: str allowed-vlans-all: choices: - disable - enable description: Enable/disable all defined vlans on this port. type: str arp-inspection-trust: choices: - untrusted - trusted description: Trusted or untrusted dynamic ARP inspection. type: str bundle: choices: - disable - enable description: Enable/disable Link Aggregation Group type: str description: description: Description for port. type: str dhcp-snoop-option82-override: description: description elements: dict suboptions: circuit-id: description: Circuit ID string. type: str remote-id: description: Remote ID string. type: str vlan-name: description: DHCP snooping option 82 VLAN. type: str type: list dhcp-snoop-option82-trust: choices: - disable - enable description: Enable/disable allowance of DHCP with option-82 on untrusted interface. type: str dhcp-snooping: choices: - trusted - untrusted description: Trusted or untrusted DHCP-snooping interface. type: str discard-mode: choices: - none - all-untagged - all-tagged description: Configure discard mode for port. type: str dot1x-enable: choices: - disable - enable description: no description type: str dsl-profile: description: DSL policy configuration. type: str edge-port: choices: - disable - enable description: Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. type: str export-to-pool-flag: description: Switch controller export port to pool-list. type: int fec-capable: description: FEC capable. type: int fec-state: choices: - disabled - cl74 - cl91 description: State of forward error correction. type: str flap-duration: description: Period over which flap events are calculated type: int flap-rate: description: Number of stage change events needed within flap-duration. type: int flap-timeout: description: Flap guard disabling protection type: int flapguard: choices: - disable - enable description: Enable/disable flap guard. type: str flow-control: choices: - disable - tx - rx - both description: Flow control direction. type: str fortiswitch-acls: description: description type: int igmp-snooping: choices: - disable - enable description: Set IGMP snooping mode for the physical port interface. type: str igmp-snooping-flood-reports: choices: - disable - enable description: Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str igmps-flood-reports: choices: - disable - enable description: Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str igmps-flood-traffic: choices: - disable - enable description: Enable/disable flooding of IGMP snooping traffic to this interface. type: str interface-tags: description: description type: str ip-source-guard: choices: - disable - enable description: Enable/disable IP source guard. type: str isl-peer-device-sn: description: no description type: str lacp-speed: choices: - slow - fast description: end Link Aggregation Control Protocol type: str learning-limit: description: Limit the number of dynamic MAC addresses on this Port type: int link-status: choices: - down - up description: no description type: str lldp-profile: description: LLDP port TLV profile. type: str lldp-status: choices: - disable - rx-only - tx-only - tx-rx description: LLDP transmit and receive status. type: str loop-guard: choices: - disabled - enabled description: Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. type: str loop-guard-timeout: description: Loop-guard timeout type: int mac-addr: description: Port/Trunk MAC. type: str matched-dpp-intf-tags: description: Matched interface tags in the dynamic port policy. type: str matched-dpp-policy: description: Matched child policy in the dynamic port policy. type: str max-bundle: description: Maximum size of LAG bundle type: int max-miss-heartbeats: description: Maximum tolerant missed heartbeats. type: int mcast-snooping-flood-traffic: choices: - disable - enable description: Enable/disable flooding of IGMP snooping traffic to this interface. type: str mclag: choices: - disable - enable description: Enable/disable multi-chassis link aggregation type: str mclag-icl-port: description: Mclag-Icl-Port. type: int media-type: description: Media-Type. type: str member-withdrawal-behavior: choices: - forward - block description: Port behavior after it withdraws because of loss of control packets. type: str members: description: Aggregated LAG bundle interfaces. type: str min-bundle: description: Minimum size of LAG bundle type: int mode: choices: - static - lacp-passive - lacp-active description: LACP mode type: str p2p-port: description: P2P-Port. type: int packet-sample-rate: description: Packet sampling rate type: int packet-sampler: choices: - disabled - enabled description: Enable/disable packet sampling on this interface. type: str pause-meter: description: Configure ingress pause metering rate, in kbps type: int pause-meter-resume: choices: - 25% - 50% - 75% description: Resume threshold for resuming traffic on ingress port. type: str poe-max-power: description: no description type: str poe-mode-bt-cabable: description: PoE mode IEEE 802. type: int poe-port-mode: choices: - ieee802-3af - ieee802-3at - ieee802-3bt description: Configure PoE port mode. type: str poe-port-power: choices: - normal - perpetual - perpetual-fast description: Configure PoE port power. type: str poe-port-priority: choices: - critical-priority - high-priority - low-priority - medium-priority description: Configure PoE port priority. type: str poe-pre-standard-detection: choices: - disable - enable description: Enable/disable PoE pre-standard detection. type: str poe-standard: description: no description type: str poe-status: choices: - disable - enable description: Enable/disable PoE status. type: str port-name: description: Switch port name. type: str port-owner: description: Switch port name. type: str port-policy: description: Switch controller dynamic port policy from available options. type: str port-security-policy: description: Switch controller authentication policy to apply to this managed switch from available options. type: str port-selection-criteria: choices: - src-mac - dst-mac - src-dst-mac - src-ip - dst-ip - src-dst-ip description: Algorithm for aggregate port selection. type: str qos-policy: description: Switch controller QoS policy from available options. type: str rpvst-port: choices: - disabled - enabled description: Enable/disable inter-operability with rapid PVST on this interface. type: str sample-direction: choices: - rx - tx - both description: sFlow sample direction. type: str sflow-counter-interval: description: sFlow sampler counter polling interval type: int sflow-sample-rate: description: sFlow sampler sample rate type: int sflow-sampler: choices: - disabled - enabled description: Enable/disable sFlow protocol on this interface. type: str status: choices: - down - up description: Switch port admin status type: str sticky-mac: choices: - disable - enable description: Enable or disable sticky-mac on the interface. type: str storm-control-policy: description: Switch controller storm control policy from available options. type: str stp-bpdu-guard: choices: - disabled - enabled description: Enable/disable STP BPDU guard on this interface. type: str stp-bpdu-guard-timeout: description: BPDU Guard disabling protection type: int stp-root-guard: choices: - disabled - enabled description: Enable/disable STP root guard on this interface. type: str stp-state: choices: - disabled - enabled description: Enable/disable Spanning Tree Protocol type: str trunk-member: description: Trunk member. type: int type: choices: - physical - trunk description: Interface type type: str untagged-vlans: description: Configure switch port untagged vlans type: str vlan: description: Assign switch ports to a VLAN. type: str type: list qos-drop-policy: choices: - taildrop - random-early-detection description: Set QoS drop-policy. type: str qos-red-probability: description: Set QoS RED/WRED drop probability. type: int remote-log: description: description elements: dict suboptions: csv: choices: - disable - enable description: Enable/disable comma-separated value type: str facility: choices: - kernel - user - mail - daemon - auth - syslog - lpr - news - uucp - cron - authpriv - ftp - ntp - audit - alert - clock - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 description: Facility to log to remote syslog server. type: str name: description: Remote log name. type: str port: description: Remote syslog server listening port. type: int server: description: IPv4 address of the remote syslog server. type: str severity: choices: - emergency - alert - critical - error - warning - notification - information - debug description: Severity of logs to be transferred to remote log server. type: str status: choices: - disable - enable description: Enable/disable logging by FortiSwitch device to a remote syslog server. type: str type: list snmp-community: description: description elements: dict suboptions: events: choices: - cpu-high - mem-low - log-full - intf-ip - ent-conf-change description: description elements: str type: list hosts: description: description elements: dict suboptions: id: description: Host entry ID. type: int ip: description: IPv4 address of the SNMP manager type: str type: list id: description: SNMP community ID. type: int name: description: SNMP community name. type: str query-v1-port: description: SNMP v1 query port type: int query-v1-status: choices: - disable - enable description: Enable/disable SNMP v1 queries. type: str query-v2c-port: description: SNMP v2c query port type: int query-v2c-status: choices: - disable - enable description: Enable/disable SNMP v2c queries. type: str status: choices: - disable - enable description: Enable/disable this SNMP community. type: str trap-v1-lport: description: SNMP v2c trap local port type: int trap-v1-rport: description: SNMP v2c trap remote port type: int trap-v1-status: choices: - disable - enable description: Enable/disable SNMP v1 traps. type: str trap-v2c-lport: description: SNMP v2c trap local port type: int trap-v2c-rport: description: SNMP v2c trap remote port type: int trap-v2c-status: choices: - disable - enable description: Enable/disable SNMP v2c traps. type: str type: list snmp-user: description: description elements: dict suboptions: auth-proto: choices: - md5 - sha description: Authentication protocol. type: str auth-pwd: description: description type: str name: description: SNMP user name. type: str priv-proto: choices: - des - aes description: Privacy type: str priv-pwd: description: description type: str queries: choices: - disable - enable description: Enable/disable SNMP queries for this user. type: str query-port: description: SNMPv3 query port type: int security-level: choices: - no-auth-no-priv - auth-no-priv - auth-priv description: Security level for message authentication and encryption. type: str type: list switch-dhcp_opt43_key: description: DHCP option43 key. type: str switch-id: description: Managed-switch id. type: str tdr-supported: description: Tdr-Supported. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list