fortinet / fortinet.fortios / 2.3.6 / module / fortios_switch_controller_managed_switch Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_switch_controller_managed_switch (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure FortiSwitch devices that are managed by this FortiGate. fortinet.fortios.fortios_switch_controller_managed_switch: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" switch_controller_managed_switch: settings_802_1X: link_down_auth: "set-unauth" local_override: "enable" mab_reauth: "disable" mac_called_station_delimiter: "colon" mac_calling_station_delimiter: "colon" mac_case: "lowercase" mac_password_delimiter: "colon" mac_username_delimiter: "colon" max_reauth_attempt: "3" reauth_period: "60" tx_period: "30" access_profile: "<your_own_value> (source switch-controller.security-policy.local-access.name)" custom_command: - command_entry: "<your_own_value>" command_name: "<your_own_value> (source switch-controller.custom-command.command-name)" delayed_restart_trigger: "0" description: "<your_own_value>" dhcp_server_access_list: "global" dhcp_snooping_static_client: - ip: "<your_own_value>" mac: "<your_own_value>" name: "default_name_25" port: "<your_own_value>" vlan: "<your_own_value> (source system.interface.name)" directly_connected: "0" dynamic_capability: "<your_own_value>" dynamically_discovered: "0" firmware_provision: "enable" firmware_provision_latest: "disable" firmware_provision_version: "<your_own_value>" flow_identity: "<your_own_value>" fsw_wan1_admin: "discovered" fsw_wan1_peer: "<your_own_value> (source system.interface.name)" fsw_wan2_admin: "discovered" fsw_wan2_peer: "<your_own_value>" igmp_snooping: aging_time: "300" flood_unknown_multicast: "enable" local_override: "enable" vlans: - proxy: "disable" querier: "disable" querier_addr: "<your_own_value>" version: "2" vlan_name: "<your_own_value> (source system.interface.name)" ip_source_guard: - binding_entry: - entry_name: "<your_own_value>" ip: "<your_own_value>" mac: "<your_own_value>" description: "<your_own_value>" port: "<your_own_value>" l3_discovered: "0" max_allowed_trunk_members: "0" mclag_igmp_snooping_aware: "enable" mgmt_mode: "0" mirror: - dst: "<your_own_value>" name: "default_name_62" src_egress: - name: "default_name_64" src_ingress: - name: "default_name_66" status: "active" switching_packet: "enable" name: "default_name_69" override_snmp_community: "enable" override_snmp_sysinfo: "disable" override_snmp_trap_threshold: "enable" override_snmp_user: "enable" owner_vdom: "<your_own_value>" poe_detection_type: "0" poe_lldp_detection: "enable" poe_pre_standard_detection: "enable" ports: - access_mode: "dynamic" acl_group: - name: "default_name_81 (source switch-controller.acl.group.name)" aggregator_mode: "bandwidth" allowed_vlans: - vlan_name: "<your_own_value> (source system.interface.name)" allowed_vlans_all: "enable" arp_inspection_trust: "untrusted" bundle: "enable" description: "<your_own_value>" dhcp_snoop_option82_override: - circuit_id: "<your_own_value>" remote_id: "<your_own_value>" vlan_name: "<your_own_value> (source system.interface.name)" dhcp_snoop_option82_trust: "enable" dhcp_snooping: "untrusted" discard_mode: "none" edge_port: "enable" export_tags: - tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)" export_to: "<your_own_value> (source system.vdom.name)" export_to_pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)" export_to_pool_flag: "0" fec_capable: "0" fec_state: "disabled" fgt_peer_device_name: "<your_own_value>" fgt_peer_port_name: "<your_own_value>" fiber_port: "0" flags: "0" flap_duration: "30" flap_rate: "5" flap_timeout: "0" flapguard: "enable" flow_control: "disable" fortilink_port: "0" fortiswitch_acls: - id: "115" igmp_snooping: "enable" igmp_snooping_flood_reports: "enable" igmps_flood_reports: "enable" igmps_flood_traffic: "enable" interface_tags: - tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)" ip_source_guard: "disable" isl_local_trunk_name: "<your_own_value>" isl_peer_device_name: "<your_own_value>" isl_peer_port_name: "<your_own_value>" lacp_speed: "slow" learning_limit: "0" lldp_profile: "<your_own_value> (source switch-controller.lldp-profile.name)" lldp_status: "disable" loop_guard: "enabled" loop_guard_timeout: "45" mac_addr: "<your_own_value>" matched_dpp_intf_tags: "<your_own_value>" matched_dpp_policy: "<your_own_value>" max_bundle: "24" mcast_snooping_flood_traffic: "enable" mclag: "enable" mclag_icl_port: "0" media_type: "<your_own_value>" member_withdrawal_behavior: "forward" members: - member_name: "<your_own_value>" min_bundle: "1" mode: "static" p2p_port: "0" packet_sample_rate: "512" packet_sampler: "enabled" pause_meter: "0" pause_meter_resume: "75%" poe_capable: "0" poe_max_power: "<your_own_value>" poe_mode_bt_cabable: "0" poe_port_mode: "ieee802-3af" poe_port_power: "normal" poe_port_priority: "critical-priority" poe_pre_standard_detection: "enable" poe_standard: "<your_own_value>" poe_status: "enable" port_name: "<your_own_value>" port_number: "0" port_owner: "<your_own_value>" port_policy: "<your_own_value> (source switch-controller.dynamic-port-policy.name)" port_prefix_type: "0" port_security_policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name)" port_selection_criteria: "src-mac" ptp_policy: "<your_own_value> (source switch-controller.ptp.interface-policy.name)" ptp_status: "disable" qos_policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)" rpvst_port: "disabled" sample_direction: "tx" sflow_counter_interval: "0" sflow_sample_rate: "49999" sflow_sampler: "enabled" speed: "10half" speed_mask: "2147483647" stacking_port: "0" status: "up" sticky_mac: "enable" storm_control_policy: "<your_own_value> (source switch-controller.storm-control-policy.name)" stp_bpdu_guard: "enabled" stp_bpdu_guard_timeout: "5" stp_root_guard: "enabled" stp_state: "enabled" switch_id: "<your_own_value>" type: "physical" untagged_vlans: - vlan_name: "<your_own_value> (source system.interface.name)" virtual_port: "0" vlan: "<your_own_value> (source system.interface.name)" pre_provisioned: "0" ptp_profile: "<your_own_value> (source switch-controller.ptp.profile.name)" ptp_status: "disable" purdue_level: "1" qos_drop_policy: "taildrop" qos_red_probability: "12" radius_nas_ip: "<your_own_value>" radius_nas_ip_override: "disable" remote_log: - csv: "enable" facility: "kernel" name: "default_name_201" port: "514" server: "192.168.100.40" severity: "emergency" status: "enable" route_offload: "disable" route_offload_mclag: "disable" route_offload_router: - router_ip: "<your_own_value>" vlan_name: "<your_own_value> (source system.interface.name)" sn: "<your_own_value>" snmp_community: - events: "cpu-high" hosts: - id: "215" ip: "<your_own_value>" id: "217" name: "default_name_218" query_v1_port: "161" query_v1_status: "disable" query_v2c_port: "161" query_v2c_status: "disable" status: "disable" trap_v1_lport: "162" trap_v1_rport: "162" trap_v1_status: "disable" trap_v2c_lport: "162" trap_v2c_rport: "162" trap_v2c_status: "disable" snmp_sysinfo: contact_info: "<your_own_value>" description: "<your_own_value>" engine_id: "<your_own_value>" location: "<your_own_value>" status: "disable" snmp_trap_threshold: trap_high_cpu_threshold: "80" trap_log_full_threshold: "90" trap_low_memory_threshold: "80" snmp_user: - auth_proto: "md5" auth_pwd: "<your_own_value>" name: "default_name_243" priv_proto: "aes128" priv_pwd: "<your_own_value>" queries: "disable" query_port: "161" security_level: "no-auth-no-priv" staged_image_version: "<your_own_value>" static_mac: - description: "<your_own_value>" id: "252" interface: "<your_own_value>" mac: "<your_own_value>" type: "static" vlan: "<your_own_value> (source system.interface.name)" storm_control: broadcast: "enable" local_override: "enable" rate: "500" unknown_multicast: "enable" unknown_unicast: "enable" stp_instance: - id: "264" priority: "0" stp_settings: forward_time: "15" hello_time: "2" local_override: "enable" max_age: "20" max_hops: "20" name: "default_name_272" pending_timer: "4" revision: "0" status: "enable" switch_device_tag: "<your_own_value>" switch_dhcp_opt43_key: "<your_own_value>" switch_id: "<your_own_value>" switch_log: local_override: "enable" severity: "emergency" status: "enable" switch_profile: "<your_own_value> (source switch-controller.switch-profile.name)" switch_stp_settings: status: "enable" tdr_supported: "<your_own_value>" type: "virtual" version: "0" vlan: - assignment_priority: "128" vlan_name: "<your_own_value> (source system.interface.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str switch_controller_managed_switch: default: null description: - Configure FortiSwitch devices that are managed by this FortiGate. suboptions: access_profile: description: - FortiSwitch access profile. Source switch-controller.security-policy.local-access.name. type: str custom_command: description: - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch. elements: dict suboptions: command_entry: description: - List of FortiSwitch commands. required: true type: str command_name: description: - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name. type: str type: list delayed_restart_trigger: description: - Delayed restart triggered for this FortiSwitch. type: int description: description: - Description. type: str dhcp_server_access_list: choices: - global - enable - disable description: - DHCP snooping server access list. type: str dhcp_snooping_static_client: description: - Configure FortiSwitch DHCP snooping static clients. elements: dict suboptions: ip: description: - Client static IP address. type: str mac: description: - Client MAC address. type: str name: description: - Client name. required: true type: str port: description: - Interface name. type: str vlan: description: - VLAN name. Source system.interface.name. type: str type: list directly_connected: description: - Directly connected FortiSwitch. type: int dynamic_capability: description: - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. type: str dynamically_discovered: description: - Dynamically discovered FortiSwitch. type: int firmware_provision: choices: - enable - disable description: - Enable/disable provisioning of firmware to FortiSwitches on join connection. type: str firmware_provision_latest: choices: - disable - once description: - Enable/disable one-time automatic provisioning of the latest firmware version. type: str firmware_provision_version: description: - Firmware version to provision to this FortiSwitch on bootup (major.minor.build, i.e. 6.2.1234). type: str flow_identity: description: - Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF ). type: str fsw_wan1_admin: choices: - discovered - disable - enable description: - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. type: str fsw_wan1_peer: description: - FortiSwitch WAN1 peer port. Source system.interface.name. type: str fsw_wan2_admin: choices: - discovered - disable - enable description: - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. type: str fsw_wan2_peer: description: - FortiSwitch WAN2 peer port. type: str igmp_snooping: description: - Configure FortiSwitch IGMP snooping global settings. suboptions: aging_time: description: - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). type: int flood_unknown_multicast: choices: - enable - disable description: - Enable/disable unknown multicast flooding. type: str local_override: choices: - enable - disable description: - Enable/disable overriding the global IGMP snooping configuration. type: str vlans: description: - Configure IGMP snooping VLAN. elements: dict suboptions: proxy: choices: - disable - enable - global description: - IGMP snooping proxy for the VLAN interface. type: str querier: choices: - disable - enable description: - Enable/disable IGMP snooping querier for the VLAN interface. type: str querier_addr: description: - IGMP snooping querier address. type: str version: description: - IGMP snooping querying version. type: int vlan_name: description: - List of FortiSwitch VLANs. Source system.interface.name. required: true type: str type: list type: dict ip_source_guard: description: - IP source guard. elements: dict suboptions: binding_entry: description: - IP and MAC address configuration. elements: dict suboptions: entry_name: description: - Configure binding pair. required: true type: str ip: description: - Source IP for this rule. type: str mac: description: - MAC address for this rule. type: str type: list description: description: - Description. type: str port: description: - Ingress interface to which source guard is bound. required: true type: str type: list l3_discovered: description: - Layer 3 management discovered. type: int max_allowed_trunk_members: description: - FortiSwitch maximum allowed trunk members. type: int mclag_igmp_snooping_aware: choices: - enable - disable description: - Enable/disable MCLAG IGMP-snooping awareness. type: str mgmt_mode: description: - FortiLink management mode. type: int mirror: description: - Configuration method to edit FortiSwitch packet mirror. elements: dict suboptions: dst: description: - Destination port. type: str name: description: - Mirror name. required: true type: str src_egress: description: - Source egress interfaces. elements: dict suboptions: name: description: - Interface name. required: true type: str type: list src_ingress: description: - Source ingress interfaces. elements: dict suboptions: name: description: - Interface name. required: true type: str type: list status: choices: - active - inactive description: - Active/inactive mirror configuration. type: str switching_packet: choices: - enable - disable description: - Enable/disable switching functionality when mirroring. type: str type: list name: description: - Managed-switch name. type: str override_snmp_community: choices: - enable - disable description: - Enable/disable overriding the global SNMP communities. type: str override_snmp_sysinfo: choices: - disable - enable description: - Enable/disable overriding the global SNMP system information. type: str override_snmp_trap_threshold: choices: - enable - disable description: - Enable/disable overriding the global SNMP trap threshold values. type: str override_snmp_user: choices: - enable - disable description: - Enable/disable overriding the global SNMP users. type: str owner_vdom: description: - VDOM which owner of port belongs to. type: str poe_detection_type: description: - PoE detection type for FortiSwitch. type: int poe_lldp_detection: choices: - enable - disable description: - Enable/disable PoE LLDP detection. type: str poe_pre_standard_detection: choices: - enable - disable description: - Enable/disable PoE pre-standard detection. type: str ports: description: - Managed-switch port list. elements: dict suboptions: access_mode: choices: - dynamic - nac - static - normal description: - Access mode of the port. type: str acl_group: description: - ACL groups on this port. elements: dict suboptions: name: description: - ACL group name. Source switch-controller.acl.group.name. required: true type: str type: list aggregator_mode: choices: - bandwidth - count description: - LACP member select mode. type: str allowed_vlans: description: - Configure switch port tagged VLANs. elements: dict suboptions: vlan_name: description: - VLAN name. Source system.interface.name. required: true type: str type: list allowed_vlans_all: choices: - enable - disable description: - Enable/disable all defined vlans on this port. type: str arp_inspection_trust: choices: - untrusted - trusted description: - Trusted or untrusted dynamic ARP inspection. type: str bundle: choices: - enable - disable description: - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. type: str description: description: - Description for port. type: str dhcp_snoop_option82_override: description: - Configure DHCP snooping option 82 override. elements: dict suboptions: circuit_id: description: - Circuit ID string. type: str remote_id: description: - Remote ID string. type: str vlan_name: description: - DHCP snooping option 82 VLAN. Source system.interface.name. required: true type: str type: list dhcp_snoop_option82_trust: choices: - enable - disable description: - Enable/disable allowance of DHCP with option-82 on untrusted interface. type: str dhcp_snooping: choices: - untrusted - trusted description: - Trusted or untrusted DHCP-snooping interface. type: str discard_mode: choices: - none - all-untagged - all-tagged description: - Configure discard mode for port. type: str edge_port: choices: - enable - disable description: - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. type: str export_tags: description: - Configure export tag(s) for FortiSwitch port when exported to a virtual port pool. elements: dict suboptions: tag_name: description: - FortiSwitch port tag name when exported to a virtual port pool. Source switch-controller.switch-interface-tag.name. required: true type: str type: list export_to: description: - Export managed-switch port to a tenant VDOM. Source system.vdom.name. type: str export_to_pool: description: - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. type: str export_to_pool_flag: description: - Switch controller export port to pool-list. type: int fec_capable: description: - FEC capable. type: int fec_state: choices: - disabled - cl74 - cl91 - detect-by-module description: - State of forward error correction. type: str fgt_peer_device_name: description: - FGT peer device name. type: str fgt_peer_port_name: description: - FGT peer port name. type: str fiber_port: description: - Fiber-port. type: int flags: description: - Port properties flags. type: int flap_duration: description: - Period over which flap events are calculated (seconds). type: int flap_rate: description: - Number of stage change events needed within flap-duration. type: int flap_timeout: description: - Flap guard disabling protection (min). type: int flapguard: choices: - enable - disable description: - Enable/disable flap guard. type: str flow_control: choices: - disable - tx - rx - both description: - Flow control direction. type: str fortilink_port: description: - FortiLink uplink port. type: int fortiswitch_acls: description: - ACLs on this port. elements: dict suboptions: id: description: - ACL ID. see <a href='#notes'>Notes</a>. required: true type: int type: list igmp_snooping: choices: - enable - disable description: - Set IGMP snooping mode for the physical port interface. type: str igmp_snooping_flood_reports: choices: - enable - disable description: - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str igmps_flood_reports: choices: - enable - disable description: - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str igmps_flood_traffic: choices: - enable - disable description: - Enable/disable flooding of IGMP snooping traffic to this interface. type: str interface_tags: description: - Tag(s) associated with the interface for various features including virtual port pool, dynamic port policy. elements: dict suboptions: tag_name: description: - FortiSwitch port tag name when exported to a virtual port pool or matched to dynamic port policy. Source switch-controller.switch-interface-tag.name. required: true type: str type: list ip_source_guard: choices: - disable - enable description: - Enable/disable IP source guard. type: str isl_local_trunk_name: description: - ISL local trunk name. type: str isl_peer_device_name: description: - ISL peer device name. type: str isl_peer_port_name: description: - ISL peer port name. type: str lacp_speed: choices: - slow - fast description: - End Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). type: str learning_limit: description: - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). type: int lldp_profile: description: - LLDP port TLV profile. Source switch-controller.lldp-profile.name. type: str lldp_status: choices: - disable - rx-only - tx-only - tx-rx description: - LLDP transmit and receive status. type: str loop_guard: choices: - enabled - disabled description: - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. type: str loop_guard_timeout: description: - Loop-guard timeout (0 - 120 min). type: int mac_addr: description: - Port/Trunk MAC. type: str matched_dpp_intf_tags: description: - Matched interface tags in the dynamic port policy. type: str matched_dpp_policy: description: - Matched child policy in the dynamic port policy. type: str max_bundle: description: - Maximum size of LAG bundle (1 - 24). type: int mcast_snooping_flood_traffic: choices: - enable - disable description: - Enable/disable flooding of IGMP snooping traffic to this interface. type: str mclag: choices: - enable - disable description: - Enable/disable multi-chassis link aggregation (MCLAG). type: str mclag_icl_port: description: - MCLAG-ICL port. type: int media_type: description: - Media type. type: str member_withdrawal_behavior: choices: - forward - block description: - Port behavior after it withdraws because of loss of control packets. type: str members: description: - Aggregated LAG bundle interfaces. elements: dict suboptions: member_name: description: - Interface name from available options. required: true type: str type: list min_bundle: description: - Minimum size of LAG bundle (1 - 24). type: int mode: choices: - static - lacp-passive - lacp-active description: - 'LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively.' type: str p2p_port: description: - General peer to peer tunnel port. type: int packet_sample_rate: description: - Packet sampling rate (0 - 99999 p/sec). type: int packet_sampler: choices: - enabled - disabled description: - Enable/disable packet sampling on this interface. type: str pause_meter: description: - Configure ingress pause metering rate, in kbps . type: int pause_meter_resume: choices: - 75% - 50% - 25% description: - Resume threshold for resuming traffic on ingress port. type: str poe_capable: description: - PoE capable. type: int poe_max_power: description: - PoE maximum power. type: str poe_mode_bt_cabable: description: - PoE mode IEEE 802.3BT capable. type: int poe_port_mode: choices: - ieee802-3af - ieee802-3at - ieee802-3bt description: - Configure PoE port mode. type: str poe_port_power: choices: - normal - perpetual - perpetual-fast description: - Configure PoE port power. type: str poe_port_priority: choices: - critical-priority - high-priority - low-priority - medium-priority description: - Configure PoE port priority. type: str poe_pre_standard_detection: choices: - enable - disable description: - Enable/disable PoE pre-standard detection. type: str poe_standard: description: - PoE standard supported. type: str poe_status: choices: - enable - disable description: - Enable/disable PoE status. type: str port_name: description: - Switch port name. required: true type: str port_number: description: - Port number. type: int port_owner: description: - Switch port name. type: str port_policy: description: - Switch controller dynamic port policy from available options. Source switch-controller.dynamic-port-policy.name. type: str port_prefix_type: description: - Port prefix type. type: int port_security_policy: description: - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name. type: str port_selection_criteria: choices: - src-mac - dst-mac - src-dst-mac - src-ip - dst-ip - src-dst-ip description: - Algorithm for aggregate port selection. type: str ptp_policy: description: - PTP policy configuration. Source switch-controller.ptp.interface-policy.name. type: str ptp_status: choices: - disable - enable description: - Enable/disable PTP policy on this FortiSwitch port. type: str qos_policy: description: - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. type: str rpvst_port: choices: - disabled - enabled description: - Enable/disable inter-operability with rapid PVST on this interface. type: str sample_direction: choices: - tx - rx - both description: - Packet sampling direction. type: str sflow_counter_interval: description: - sFlow sampling counter polling interval in seconds (0 - 255). type: int sflow_sample_rate: description: - sFlow sampler sample rate (0 - 99999 p/sec). type: int sflow_sampler: choices: - enabled - disabled description: - Enable/disable sFlow protocol on this interface. type: str speed: choices: - 10half - 10full - 100half - 100full - 1000full - 10000full - auto - 1000auto - 1000full-fiber - 40000full - auto-module - 100FX-half - 100FX-full - 100000full - 2500auto - 25000full - 50000full - 10000cr - 10000sr - 100000sr4 - 100000cr4 - 40000sr4 - 40000cr4 - 25000cr - 25000sr - 50000cr - 50000sr - 5000auto - 1000fiber - '10000' - '40000' - 25000cr4 - 25000sr4 - 5000full - 2500full description: - Switch port speed; default and available settings depend on hardware. type: str speed_mask: description: - Switch port speed mask. type: int stacking_port: description: - Stacking port. type: int status: choices: - up - down description: - 'Switch port admin status: up or down.' type: str sticky_mac: choices: - enable - disable description: - Enable or disable sticky-mac on the interface. type: str storm_control_policy: description: - Switch controller storm control policy from available options. Source switch-controller.storm-control-policy.name. type: str stp_bpdu_guard: choices: - enabled - disabled description: - Enable/disable STP BPDU guard on this interface. type: str stp_bpdu_guard_timeout: description: - BPDU Guard disabling protection (0 - 120 min). type: int stp_root_guard: choices: - enabled - disabled description: - Enable/disable STP root guard on this interface. type: str stp_state: choices: - enabled - disabled description: - Enable/disable Spanning Tree Protocol (STP) on this interface. type: str switch_id: description: - Switch id. type: str type: choices: - physical - trunk description: - 'Interface type: physical or trunk port.' type: str untagged_vlans: description: - Configure switch port untagged VLANs. elements: dict suboptions: vlan_name: description: - VLAN name. Source system.interface.name. required: true type: str type: list virtual_port: description: - Virtualized switch port. type: int vlan: description: - Assign switch ports to a VLAN. Source system.interface.name. type: str type: list pre_provisioned: description: - Pre-provisioned managed switch. type: int ptp_profile: description: - PTP profile configuration. Source switch-controller.ptp.profile.name. type: str ptp_status: choices: - disable - enable description: - Enable/disable PTP profile on this FortiSwitch. type: str purdue_level: choices: - '1' - '1.5' - '2' - '2.5' - '3' - '3.5' - '4' - '5' - '5.5' description: - Purdue Level of this FortiSwitch. type: str qos_drop_policy: choices: - taildrop - random-early-detection description: - Set QoS drop-policy. type: str qos_red_probability: description: - Set QoS RED/WRED drop probability. type: int radius_nas_ip: description: - NAS-IP address. type: str radius_nas_ip_override: choices: - disable - enable description: - Use locally defined NAS-IP. type: str remote_log: description: - Configure logging by FortiSwitch device to a remote syslog server. elements: dict suboptions: csv: choices: - enable - disable description: - Enable/disable comma-separated value (CSV) strings. type: str facility: choices: - kernel - user - mail - daemon - auth - syslog - lpr - news - uucp - cron - authpriv - ftp - ntp - audit - alert - clock - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 description: - Facility to log to remote syslog server. type: str name: description: - Remote log name. required: true type: str port: description: - Remote syslog server listening port. type: int server: description: - IPv4 address of the remote syslog server. type: str severity: choices: - emergency - alert - critical - error - warning - notification - information - debug description: - Severity of logs to be transferred to remote log server. type: str status: choices: - enable - disable description: - Enable/disable logging by FortiSwitch device to a remote syslog server. type: str type: list route_offload: choices: - disable - enable description: - Enable/disable route offload on this FortiSwitch. type: str route_offload_mclag: choices: - disable - enable description: - Enable/disable route offload MCLAG on this FortiSwitch. type: str route_offload_router: description: - Configure route offload MCLAG IP address. elements: dict suboptions: router_ip: description: - Router IP address. type: str vlan_name: description: - VLAN name. Source system.interface.name. required: true type: str type: list settings_802_1X: description: - Configuration method to edit FortiSwitch 802.1X global settings. suboptions: link_down_auth: choices: - set-unauth - no-action description: - Authentication state to set if a link is down. type: str local_override: choices: - enable - disable description: - Enable to override global 802.1X settings on individual FortiSwitches. type: str mab_reauth: choices: - disable - enable description: - Enable or disable MAB reauthentication settings. type: str mac_called_station_delimiter: choices: - colon - hyphen - none - single-hyphen description: - MAC called station delimiter . type: str mac_calling_station_delimiter: choices: - colon - hyphen - none - single-hyphen description: - MAC calling station delimiter . type: str mac_case: choices: - lowercase - uppercase description: - MAC case . type: str mac_password_delimiter: choices: - colon - hyphen - none - single-hyphen description: - MAC authentication password delimiter . type: str mac_username_delimiter: choices: - colon - hyphen - none - single-hyphen description: - MAC authentication username delimiter . type: str max_reauth_attempt: description: - Maximum number of authentication attempts (0 - 15). type: int reauth_period: description: - Reauthentication time interval (1 - 1440 min). type: int tx_period: description: - 802.1X Tx period (seconds). type: int type: dict sn: description: - Managed-switch serial number. type: str snmp_community: description: - Configuration method to edit Simple Network Management Protocol (SNMP) communities. elements: dict suboptions: events: choices: - cpu-high - mem-low - log-full - intf-ip - ent-conf-change description: - SNMP notifications (traps) to send. elements: str type: list hosts: description: - Configure IPv4 SNMP managers (hosts). elements: dict suboptions: id: description: - Host entry ID. see <a href='#notes'>Notes</a>. required: true type: int ip: description: - IPv4 address of the SNMP manager (host). type: str type: list id: description: - SNMP community ID. see <a href='#notes'>Notes</a>. required: true type: int name: description: - SNMP community name. type: str query_v1_port: description: - SNMP v1 query port . type: int query_v1_status: choices: - disable - enable description: - Enable/disable SNMP v1 queries. type: str query_v2c_port: description: - SNMP v2c query port . type: int query_v2c_status: choices: - disable - enable description: - Enable/disable SNMP v2c queries. type: str status: choices: - disable - enable description: - Enable/disable this SNMP community. type: str trap_v1_lport: description: - SNMP v2c trap local port . type: int trap_v1_rport: description: - SNMP v2c trap remote port . type: int trap_v1_status: choices: - disable - enable description: - Enable/disable SNMP v1 traps. type: str trap_v2c_lport: description: - SNMP v2c trap local port . type: int trap_v2c_rport: description: - SNMP v2c trap remote port . type: int trap_v2c_status: choices: - disable - enable description: - Enable/disable SNMP v2c traps. type: str type: list snmp_sysinfo: description: - Configuration method to edit Simple Network Management Protocol (SNMP) system info. suboptions: contact_info: description: - Contact information. type: str description: description: - System description. type: str engine_id: description: - Local SNMP engine ID string (max 24 char). type: str location: description: - System location. type: str status: choices: - disable - enable description: - Enable/disable SNMP. type: str type: dict snmp_trap_threshold: description: - Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values. suboptions: trap_high_cpu_threshold: description: - CPU usage when trap is sent. type: int trap_log_full_threshold: description: - Log disk usage when trap is sent. type: int trap_low_memory_threshold: description: - Memory usage when trap is sent. type: int type: dict snmp_user: description: - Configuration method to edit Simple Network Management Protocol (SNMP) users. elements: dict suboptions: auth_proto: choices: - md5 - sha1 - sha224 - sha256 - sha384 - sha512 - sha description: - Authentication protocol. type: str auth_pwd: description: - Password for authentication protocol. type: str name: description: - SNMP user name. required: true type: str priv_proto: choices: - aes128 - aes192 - aes192c - aes256 - aes256c - des - aes description: - Privacy (encryption) protocol. type: str priv_pwd: description: - Password for privacy (encryption) protocol. type: str queries: choices: - disable - enable description: - Enable/disable SNMP queries for this user. type: str query_port: description: - SNMPv3 query port . type: int security_level: choices: - no-auth-no-priv - auth-no-priv - auth-priv description: - Security level for message authentication and encryption. type: str type: list staged_image_version: description: - Staged image version for FortiSwitch. type: str static_mac: description: - Configuration method to edit FortiSwitch Static and Sticky MAC. elements: dict suboptions: description: description: - Description. type: str id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int interface: description: - Interface name. type: str mac: description: - MAC address. type: str type: choices: - static - sticky description: - Type. type: str vlan: description: - Vlan. Source system.interface.name. type: str type: list storm_control: description: - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. suboptions: broadcast: choices: - enable - disable description: - Enable/disable storm control to drop broadcast traffic. type: str local_override: choices: - enable - disable description: - Enable to override global FortiSwitch storm control settings for this FortiSwitch. type: str rate: description: - Rate in packets per second at which storm control drops excess traffic(0-10000000). type: int unknown_multicast: choices: - enable - disable description: - Enable/disable storm control to drop unknown multicast traffic. type: str unknown_unicast: choices: - enable - disable description: - Enable/disable storm control to drop unknown unicast traffic. type: str type: dict stp_instance: description: - Configuration method to edit Spanning Tree Protocol (STP) instances. elements: dict suboptions: id: description: - Instance ID. required: true type: str priority: choices: - '0' - '4096' - '8192' - '12288' - '16384' - '20480' - '24576' - '28672' - '32768' - '36864' - '40960' - '45056' - '49152' - '53248' - '57344' - '61440' description: - Priority. type: str type: list stp_settings: description: - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. suboptions: forward_time: description: - Period of time a port is in listening and learning state (4 - 30 sec). type: int hello_time: description: - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). type: int local_override: choices: - enable - disable description: - Enable to configure local STP settings that override global STP settings. type: str max_age: description: - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). type: int max_hops: description: - Maximum number of hops between the root bridge and the furthest bridge (1- 40). type: int name: description: - Name of local STP settings configuration. type: str pending_timer: description: - Pending time (1 - 15 sec). type: int revision: description: - STP revision number (0 - 65535). type: int status: choices: - enable - disable description: - Enable/disable STP. type: str type: dict switch_device_tag: description: - User definable label/tag. type: str switch_dhcp_opt43_key: description: - DHCP option43 key. type: str switch_id: description: - Managed-switch name. required: true type: str switch_log: description: - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). suboptions: local_override: choices: - enable - disable description: - Enable to configure local logging settings that override global logging settings. type: str severity: choices: - emergency - alert - critical - error - warning - notification - information - debug description: - Severity of FortiSwitch logs that are added to the FortiGate event log. type: str status: choices: - enable - disable description: - Enable/disable adding FortiSwitch logs to the FortiGate event log. type: str type: dict switch_profile: description: - FortiSwitch profile. Source switch-controller.switch-profile.name. type: str switch_stp_settings: description: - Configure spanning tree protocol (STP). suboptions: status: choices: - enable - disable description: - Enable/disable STP. type: str type: dict tdr_supported: description: - TDR supported. type: str type: choices: - virtual - physical description: - Indication of switch type, physical or virtual. type: str version: description: - FortiSwitch version. type: int vlan: description: - Configure VLAN assignment priority. elements: dict suboptions: assignment_priority: description: - 802.1x Radius (Tunnel-Private-Group-Id) VLANID assign-by-name priority. A smaller value has a higher priority. type: int vlan_name: description: - VLAN name. Source system.interface.name. required: true type: str type: list type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str