Try SpotterConfigure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fortinet.fortios.fortios_switch_controller_managed_switch:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
switch_controller_managed_switch:
settings_802_1X:
link_down_auth: "set-unauth"
local_override: "enable"
mab_reauth: "disable"
mac_called_station_delimiter: "colon"
mac_calling_station_delimiter: "colon"
mac_case: "lowercase"
mac_password_delimiter: "colon"
mac_username_delimiter: "colon"
max_reauth_attempt: "3"
reauth_period: "60"
tx_period: "30"
access_profile: "<your_own_value> (source switch-controller.security-policy.local-access.name)"
custom_command:
-
command_entry: "<your_own_value>"
command_name: "<your_own_value> (source switch-controller.custom-command.command-name)"
delayed_restart_trigger: "0"
description: "<your_own_value>"
dhcp_server_access_list: "global"
dhcp_snooping_static_client:
-
ip: "<your_own_value>"
mac: "<your_own_value>"
name: "default_name_25"
port: "<your_own_value>"
vlan: "<your_own_value> (source system.interface.name)"
directly_connected: "0"
dynamic_capability: "<your_own_value>"
dynamically_discovered: "0"
firmware_provision: "enable"
firmware_provision_latest: "disable"
firmware_provision_version: "<your_own_value>"
flow_identity: "<your_own_value>"
fsw_wan1_admin: "discovered"
fsw_wan1_peer: "<your_own_value> (source system.interface.name)"
fsw_wan2_admin: "discovered"
fsw_wan2_peer: "<your_own_value>"
igmp_snooping:
aging_time: "300"
flood_unknown_multicast: "enable"
local_override: "enable"
vlans:
-
proxy: "disable"
querier: "disable"
querier_addr: "<your_own_value>"
version: "2"
vlan_name: "<your_own_value> (source system.interface.name)"
ip_source_guard:
-
binding_entry:
-
entry_name: "<your_own_value>"
ip: "<your_own_value>"
mac: "<your_own_value>"
description: "<your_own_value>"
port: "<your_own_value>"
l3_discovered: "0"
max_allowed_trunk_members: "0"
mclag_igmp_snooping_aware: "enable"
mgmt_mode: "0"
mirror:
-
dst: "<your_own_value>"
name: "default_name_62"
src_egress:
-
name: "default_name_64"
src_ingress:
-
name: "default_name_66"
status: "active"
switching_packet: "enable"
name: "default_name_69"
override_snmp_community: "enable"
override_snmp_sysinfo: "disable"
override_snmp_trap_threshold: "enable"
override_snmp_user: "enable"
owner_vdom: "<your_own_value>"
poe_detection_type: "0"
poe_lldp_detection: "enable"
poe_pre_standard_detection: "enable"
ports:
-
access_mode: "dynamic"
acl_group:
-
name: "default_name_81 (source switch-controller.acl.group.name)"
aggregator_mode: "bandwidth"
allowed_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
allowed_vlans_all: "enable"
arp_inspection_trust: "untrusted"
bundle: "enable"
description: "<your_own_value>"
dhcp_snoop_option82_override:
-
circuit_id: "<your_own_value>"
remote_id: "<your_own_value>"
vlan_name: "<your_own_value> (source system.interface.name)"
dhcp_snoop_option82_trust: "enable"
dhcp_snooping: "untrusted"
discard_mode: "none"
edge_port: "enable"
export_tags:
-
tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
export_to: "<your_own_value> (source system.vdom.name)"
export_to_pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)"
export_to_pool_flag: "0"
fec_capable: "0"
fec_state: "disabled"
fgt_peer_device_name: "<your_own_value>"
fgt_peer_port_name: "<your_own_value>"
fiber_port: "0"
flags: "0"
flap_duration: "30"
flap_rate: "5"
flap_timeout: "0"
flapguard: "enable"
flow_control: "disable"
fortilink_port: "0"
fortiswitch_acls:
-
id: "115"
igmp_snooping: "enable"
igmp_snooping_flood_reports: "enable"
igmps_flood_reports: "enable"
igmps_flood_traffic: "enable"
interface_tags:
-
tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
ip_source_guard: "disable"
isl_local_trunk_name: "<your_own_value>"
isl_peer_device_name: "<your_own_value>"
isl_peer_port_name: "<your_own_value>"
lacp_speed: "slow"
learning_limit: "0"
lldp_profile: "<your_own_value> (source switch-controller.lldp-profile.name)"
lldp_status: "disable"
loop_guard: "enabled"
loop_guard_timeout: "45"
mac_addr: "<your_own_value>"
matched_dpp_intf_tags: "<your_own_value>"
matched_dpp_policy: "<your_own_value>"
max_bundle: "24"
mcast_snooping_flood_traffic: "enable"
mclag: "enable"
mclag_icl_port: "0"
media_type: "<your_own_value>"
member_withdrawal_behavior: "forward"
members:
-
member_name: "<your_own_value>"
min_bundle: "1"
mode: "static"
p2p_port: "0"
packet_sample_rate: "512"
packet_sampler: "enabled"
pause_meter: "0"
pause_meter_resume: "75%"
poe_capable: "0"
poe_max_power: "<your_own_value>"
poe_mode_bt_cabable: "0"
poe_port_mode: "ieee802-3af"
poe_port_power: "normal"
poe_port_priority: "critical-priority"
poe_pre_standard_detection: "enable"
poe_standard: "<your_own_value>"
poe_status: "enable"
port_name: "<your_own_value>"
port_number: "0"
port_owner: "<your_own_value>"
port_policy: "<your_own_value> (source switch-controller.dynamic-port-policy.name)"
port_prefix_type: "0"
port_security_policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name)"
port_selection_criteria: "src-mac"
ptp_policy: "<your_own_value> (source switch-controller.ptp.interface-policy.name)"
ptp_status: "disable"
qos_policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)"
rpvst_port: "disabled"
sample_direction: "tx"
sflow_counter_interval: "0"
sflow_sample_rate: "49999"
sflow_sampler: "enabled"
speed: "10half"
speed_mask: "2147483647"
stacking_port: "0"
status: "up"
sticky_mac: "enable"
storm_control_policy: "<your_own_value> (source switch-controller.storm-control-policy.name)"
stp_bpdu_guard: "enabled"
stp_bpdu_guard_timeout: "5"
stp_root_guard: "enabled"
stp_state: "enabled"
switch_id: "<your_own_value>"
type: "physical"
untagged_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
virtual_port: "0"
vlan: "<your_own_value> (source system.interface.name)"
pre_provisioned: "0"
ptp_profile: "<your_own_value> (source switch-controller.ptp.profile.name)"
ptp_status: "disable"
purdue_level: "1"
qos_drop_policy: "taildrop"
qos_red_probability: "12"
radius_nas_ip: "<your_own_value>"
radius_nas_ip_override: "disable"
remote_log:
-
csv: "enable"
facility: "kernel"
name: "default_name_201"
port: "514"
server: "192.168.100.40"
severity: "emergency"
status: "enable"
route_offload: "disable"
route_offload_mclag: "disable"
route_offload_router:
-
router_ip: "<your_own_value>"
vlan_name: "<your_own_value> (source system.interface.name)"
sn: "<your_own_value>"
snmp_community:
-
events: "cpu-high"
hosts:
-
id: "215"
ip: "<your_own_value>"
id: "217"
name: "default_name_218"
query_v1_port: "161"
query_v1_status: "disable"
query_v2c_port: "161"
query_v2c_status: "disable"
status: "disable"
trap_v1_lport: "162"
trap_v1_rport: "162"
trap_v1_status: "disable"
trap_v2c_lport: "162"
trap_v2c_rport: "162"
trap_v2c_status: "disable"
snmp_sysinfo:
contact_info: "<your_own_value>"
description: "<your_own_value>"
engine_id: "<your_own_value>"
location: "<your_own_value>"
status: "disable"
snmp_trap_threshold:
trap_high_cpu_threshold: "80"
trap_log_full_threshold: "90"
trap_low_memory_threshold: "80"
snmp_user:
-
auth_proto: "md5"
auth_pwd: "<your_own_value>"
name: "default_name_243"
priv_proto: "aes128"
priv_pwd: "<your_own_value>"
queries: "disable"
query_port: "161"
security_level: "no-auth-no-priv"
staged_image_version: "<your_own_value>"
static_mac:
-
description: "<your_own_value>"
id: "252"
interface: "<your_own_value>"
mac: "<your_own_value>"
type: "static"
vlan: "<your_own_value> (source system.interface.name)"
storm_control:
broadcast: "enable"
local_override: "enable"
rate: "500"
unknown_multicast: "enable"
unknown_unicast: "enable"
stp_instance:
-
id: "264"
priority: "0"
stp_settings:
forward_time: "15"
hello_time: "2"
local_override: "enable"
max_age: "20"
max_hops: "20"
name: "default_name_272"
pending_timer: "4"
revision: "0"
status: "enable"
switch_device_tag: "<your_own_value>"
switch_dhcp_opt43_key: "<your_own_value>"
switch_id: "<your_own_value>"
switch_log:
local_override: "enable"
severity: "emergency"
status: "enable"
switch_profile: "<your_own_value> (source switch-controller.switch-profile.name)"
switch_stp_settings:
status: "enable"
tdr_supported: "<your_own_value>"
type: "virtual"
version: "0"
vlan:
-
assignment_priority: "128"
vlan_name: "<your_own_value> (source system.interface.name)"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
switch_controller_managed_switch:
default: null
description:
- Configure FortiSwitch devices that are managed by this FortiGate.
suboptions:
access_profile:
description:
- FortiSwitch access profile. Source switch-controller.security-policy.local-access.name.
type: str
custom_command:
description:
- Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch
device upon rebooting the FortiGate switch controller or the FortiSwitch.
elements: dict
suboptions:
command_entry:
description:
- List of FortiSwitch commands.
required: true
type: str
command_name:
description:
- Names of commands to be pushed to this FortiSwitch device, as configured
under config switch-controller custom-command. Source switch-controller.custom-command.command-name.
type: str
type: list
delayed_restart_trigger:
description:
- Delayed restart triggered for this FortiSwitch.
type: int
description:
description:
- Description.
type: str
dhcp_server_access_list:
choices:
- global
- enable
- disable
description:
- DHCP snooping server access list.
type: str
dhcp_snooping_static_client:
description:
- Configure FortiSwitch DHCP snooping static clients.
elements: dict
suboptions:
ip:
description:
- Client static IP address.
type: str
mac:
description:
- Client MAC address.
type: str
name:
description:
- Client name.
required: true
type: str
port:
description:
- Interface name.
type: str
vlan:
description:
- VLAN name. Source system.interface.name.
type: str
type: list
directly_connected:
description:
- Directly connected FortiSwitch.
type: int
dynamic_capability:
description:
- List of features this FortiSwitch supports (not configurable) that is sent to
the FortiGate device for subsequent configuration initiated by the FortiGate
device.
type: str
dynamically_discovered:
description:
- Dynamically discovered FortiSwitch.
type: int
firmware_provision:
choices:
- enable
- disable
description:
- Enable/disable provisioning of firmware to FortiSwitches on join connection.
type: str
firmware_provision_latest:
choices:
- disable
- once
description:
- Enable/disable one-time automatic provisioning of the latest firmware version.
type: str
firmware_provision_version:
description:
- Firmware version to provision to this FortiSwitch on bootup (major.minor.build,
i.e. 6.2.1234).
type: str
flow_identity:
description:
- Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF
).
type: str
fsw_wan1_admin:
choices:
- discovered
- disable
- enable
description:
- FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed
switch.
type: str
fsw_wan1_peer:
description:
- FortiSwitch WAN1 peer port. Source system.interface.name.
type: str
fsw_wan2_admin:
choices:
- discovered
- disable
- enable
description:
- FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed
switch.
type: str
fsw_wan2_peer:
description:
- FortiSwitch WAN2 peer port.
type: str
igmp_snooping:
description:
- Configure FortiSwitch IGMP snooping global settings.
suboptions:
aging_time:
description:
- Maximum time to retain a multicast snooping entry for which no packets have
been seen (15 - 3600 sec).
type: int
flood_unknown_multicast:
choices:
- enable
- disable
description:
- Enable/disable unknown multicast flooding.
type: str
local_override:
choices:
- enable
- disable
description:
- Enable/disable overriding the global IGMP snooping configuration.
type: str
vlans:
description:
- Configure IGMP snooping VLAN.
elements: dict
suboptions:
proxy:
choices:
- disable
- enable
- global
description:
- IGMP snooping proxy for the VLAN interface.
type: str
querier:
choices:
- disable
- enable
description:
- Enable/disable IGMP snooping querier for the VLAN interface.
type: str
querier_addr:
description:
- IGMP snooping querier address.
type: str
version:
description:
- IGMP snooping querying version.
type: int
vlan_name:
description:
- List of FortiSwitch VLANs. Source system.interface.name.
required: true
type: str
type: list
type: dict
ip_source_guard:
description:
- IP source guard.
elements: dict
suboptions:
binding_entry:
description:
- IP and MAC address configuration.
elements: dict
suboptions:
entry_name:
description:
- Configure binding pair.
required: true
type: str
ip:
description:
- Source IP for this rule.
type: str
mac:
description:
- MAC address for this rule.
type: str
type: list
description:
description:
- Description.
type: str
port:
description:
- Ingress interface to which source guard is bound.
required: true
type: str
type: list
l3_discovered:
description:
- Layer 3 management discovered.
type: int
max_allowed_trunk_members:
description:
- FortiSwitch maximum allowed trunk members.
type: int
mclag_igmp_snooping_aware:
choices:
- enable
- disable
description:
- Enable/disable MCLAG IGMP-snooping awareness.
type: str
mgmt_mode:
description:
- FortiLink management mode.
type: int
mirror:
description:
- Configuration method to edit FortiSwitch packet mirror.
elements: dict
suboptions:
dst:
description:
- Destination port.
type: str
name:
description:
- Mirror name.
required: true
type: str
src_egress:
description:
- Source egress interfaces.
elements: dict
suboptions:
name:
description:
- Interface name.
required: true
type: str
type: list
src_ingress:
description:
- Source ingress interfaces.
elements: dict
suboptions:
name:
description:
- Interface name.
required: true
type: str
type: list
status:
choices:
- active
- inactive
description:
- Active/inactive mirror configuration.
type: str
switching_packet:
choices:
- enable
- disable
description:
- Enable/disable switching functionality when mirroring.
type: str
type: list
name:
description:
- Managed-switch name.
type: str
override_snmp_community:
choices:
- enable
- disable
description:
- Enable/disable overriding the global SNMP communities.
type: str
override_snmp_sysinfo:
choices:
- disable
- enable
description:
- Enable/disable overriding the global SNMP system information.
type: str
override_snmp_trap_threshold:
choices:
- enable
- disable
description:
- Enable/disable overriding the global SNMP trap threshold values.
type: str
override_snmp_user:
choices:
- enable
- disable
description:
- Enable/disable overriding the global SNMP users.
type: str
owner_vdom:
description:
- VDOM which owner of port belongs to.
type: str
poe_detection_type:
description:
- PoE detection type for FortiSwitch.
type: int
poe_lldp_detection:
choices:
- enable
- disable
description:
- Enable/disable PoE LLDP detection.
type: str
poe_pre_standard_detection:
choices:
- enable
- disable
description:
- Enable/disable PoE pre-standard detection.
type: str
ports:
description:
- Managed-switch port list.
elements: dict
suboptions:
access_mode:
choices:
- dynamic
- nac
- static
- normal
description:
- Access mode of the port.
type: str
acl_group:
description:
- ACL groups on this port.
elements: dict
suboptions:
name:
description:
- ACL group name. Source switch-controller.acl.group.name.
required: true
type: str
type: list
aggregator_mode:
choices:
- bandwidth
- count
description:
- LACP member select mode.
type: str
allowed_vlans:
description:
- Configure switch port tagged VLANs.
elements: dict
suboptions:
vlan_name:
description:
- VLAN name. Source system.interface.name.
required: true
type: str
type: list
allowed_vlans_all:
choices:
- enable
- disable
description:
- Enable/disable all defined vlans on this port.
type: str
arp_inspection_trust:
choices:
- untrusted
- trusted
description:
- Trusted or untrusted dynamic ARP inspection.
type: str
bundle:
choices:
- enable
- disable
description:
- Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces.
type: str
description:
description:
- Description for port.
type: str
dhcp_snoop_option82_override:
description:
- Configure DHCP snooping option 82 override.
elements: dict
suboptions:
circuit_id:
description:
- Circuit ID string.
type: str
remote_id:
description:
- Remote ID string.
type: str
vlan_name:
description:
- DHCP snooping option 82 VLAN. Source system.interface.name.
required: true
type: str
type: list
dhcp_snoop_option82_trust:
choices:
- enable
- disable
description:
- Enable/disable allowance of DHCP with option-82 on untrusted interface.
type: str
dhcp_snooping:
choices:
- untrusted
- trusted
description:
- Trusted or untrusted DHCP-snooping interface.
type: str
discard_mode:
choices:
- none
- all-untagged
- all-tagged
description:
- Configure discard mode for port.
type: str
edge_port:
choices:
- enable
- disable
description:
- Enable/disable this interface as an edge port, bridging connections between
workstations and/or computers.
type: str
export_tags:
description:
- Configure export tag(s) for FortiSwitch port when exported to a virtual
port pool.
elements: dict
suboptions:
tag_name:
description:
- FortiSwitch port tag name when exported to a virtual port pool. Source
switch-controller.switch-interface-tag.name.
required: true
type: str
type: list
export_to:
description:
- Export managed-switch port to a tenant VDOM. Source system.vdom.name.
type: str
export_to_pool:
description:
- Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name.
type: str
export_to_pool_flag:
description:
- Switch controller export port to pool-list.
type: int
fec_capable:
description:
- FEC capable.
type: int
fec_state:
choices:
- disabled
- cl74
- cl91
- detect-by-module
description:
- State of forward error correction.
type: str
fgt_peer_device_name:
description:
- FGT peer device name.
type: str
fgt_peer_port_name:
description:
- FGT peer port name.
type: str
fiber_port:
description:
- Fiber-port.
type: int
flags:
description:
- Port properties flags.
type: int
flap_duration:
description:
- Period over which flap events are calculated (seconds).
type: int
flap_rate:
description:
- Number of stage change events needed within flap-duration.
type: int
flap_timeout:
description:
- Flap guard disabling protection (min).
type: int
flapguard:
choices:
- enable
- disable
description:
- Enable/disable flap guard.
type: str
flow_control:
choices:
- disable
- tx
- rx
- both
description:
- Flow control direction.
type: str
fortilink_port:
description:
- FortiLink uplink port.
type: int
fortiswitch_acls:
description:
- ACLs on this port.
elements: dict
suboptions:
id:
description:
- ACL ID. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
igmp_snooping:
choices:
- enable
- disable
description:
- Set IGMP snooping mode for the physical port interface.
type: str
igmp_snooping_flood_reports:
choices:
- enable
- disable
description:
- Enable/disable flooding of IGMP reports to this interface when igmp-snooping
enabled.
type: str
igmps_flood_reports:
choices:
- enable
- disable
description:
- Enable/disable flooding of IGMP reports to this interface when igmp-snooping
enabled.
type: str
igmps_flood_traffic:
choices:
- enable
- disable
description:
- Enable/disable flooding of IGMP snooping traffic to this interface.
type: str
interface_tags:
description:
- Tag(s) associated with the interface for various features including virtual
port pool, dynamic port policy.
elements: dict
suboptions:
tag_name:
description:
- FortiSwitch port tag name when exported to a virtual port pool or matched
to dynamic port policy. Source switch-controller.switch-interface-tag.name.
required: true
type: str
type: list
ip_source_guard:
choices:
- disable
- enable
description:
- Enable/disable IP source guard.
type: str
isl_local_trunk_name:
description:
- ISL local trunk name.
type: str
isl_peer_device_name:
description:
- ISL peer device name.
type: str
isl_peer_port_name:
description:
- ISL peer port name.
type: str
lacp_speed:
choices:
- slow
- fast
description:
- End Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow)
or every second (fast).
type: str
learning_limit:
description:
- Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no
limit, default).
type: int
lldp_profile:
description:
- LLDP port TLV profile. Source switch-controller.lldp-profile.name.
type: str
lldp_status:
choices:
- disable
- rx-only
- tx-only
- tx-rx
description:
- LLDP transmit and receive status.
type: str
loop_guard:
choices:
- enabled
- disabled
description:
- Enable/disable loop-guard on this interface, an STP optimization used to
prevent network loops.
type: str
loop_guard_timeout:
description:
- Loop-guard timeout (0 - 120 min).
type: int
mac_addr:
description:
- Port/Trunk MAC.
type: str
matched_dpp_intf_tags:
description:
- Matched interface tags in the dynamic port policy.
type: str
matched_dpp_policy:
description:
- Matched child policy in the dynamic port policy.
type: str
max_bundle:
description:
- Maximum size of LAG bundle (1 - 24).
type: int
mcast_snooping_flood_traffic:
choices:
- enable
- disable
description:
- Enable/disable flooding of IGMP snooping traffic to this interface.
type: str
mclag:
choices:
- enable
- disable
description:
- Enable/disable multi-chassis link aggregation (MCLAG).
type: str
mclag_icl_port:
description:
- MCLAG-ICL port.
type: int
media_type:
description:
- Media type.
type: str
member_withdrawal_behavior:
choices:
- forward
- block
description:
- Port behavior after it withdraws because of loss of control packets.
type: str
members:
description:
- Aggregated LAG bundle interfaces.
elements: dict
suboptions:
member_name:
description:
- Interface name from available options.
required: true
type: str
type: list
min_bundle:
description:
- Minimum size of LAG bundle (1 - 24).
type: int
mode:
choices:
- static
- lacp-passive
- lacp-active
description:
- 'LACP mode: ignore and do not send control messages, or negotiate 802.3ad
aggregation passively or actively.'
type: str
p2p_port:
description:
- General peer to peer tunnel port.
type: int
packet_sample_rate:
description:
- Packet sampling rate (0 - 99999 p/sec).
type: int
packet_sampler:
choices:
- enabled
- disabled
description:
- Enable/disable packet sampling on this interface.
type: str
pause_meter:
description:
- Configure ingress pause metering rate, in kbps .
type: int
pause_meter_resume:
choices:
- 75%
- 50%
- 25%
description:
- Resume threshold for resuming traffic on ingress port.
type: str
poe_capable:
description:
- PoE capable.
type: int
poe_max_power:
description:
- PoE maximum power.
type: str
poe_mode_bt_cabable:
description:
- PoE mode IEEE 802.3BT capable.
type: int
poe_port_mode:
choices:
- ieee802-3af
- ieee802-3at
- ieee802-3bt
description:
- Configure PoE port mode.
type: str
poe_port_power:
choices:
- normal
- perpetual
- perpetual-fast
description:
- Configure PoE port power.
type: str
poe_port_priority:
choices:
- critical-priority
- high-priority
- low-priority
- medium-priority
description:
- Configure PoE port priority.
type: str
poe_pre_standard_detection:
choices:
- enable
- disable
description:
- Enable/disable PoE pre-standard detection.
type: str
poe_standard:
description:
- PoE standard supported.
type: str
poe_status:
choices:
- enable
- disable
description:
- Enable/disable PoE status.
type: str
port_name:
description:
- Switch port name.
required: true
type: str
port_number:
description:
- Port number.
type: int
port_owner:
description:
- Switch port name.
type: str
port_policy:
description:
- Switch controller dynamic port policy from available options. Source switch-controller.dynamic-port-policy.name.
type: str
port_prefix_type:
description:
- Port prefix type.
type: int
port_security_policy:
description:
- Switch controller authentication policy to apply to this managed switch
from available options. Source switch-controller .security-policy.802-1X.name.
type: str
port_selection_criteria:
choices:
- src-mac
- dst-mac
- src-dst-mac
- src-ip
- dst-ip
- src-dst-ip
description:
- Algorithm for aggregate port selection.
type: str
ptp_policy:
description:
- PTP policy configuration. Source switch-controller.ptp.interface-policy.name.
type: str
ptp_status:
choices:
- disable
- enable
description:
- Enable/disable PTP policy on this FortiSwitch port.
type: str
qos_policy:
description:
- Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name.
type: str
rpvst_port:
choices:
- disabled
- enabled
description:
- Enable/disable inter-operability with rapid PVST on this interface.
type: str
sample_direction:
choices:
- tx
- rx
- both
description:
- Packet sampling direction.
type: str
sflow_counter_interval:
description:
- sFlow sampling counter polling interval in seconds (0 - 255).
type: int
sflow_sample_rate:
description:
- sFlow sampler sample rate (0 - 99999 p/sec).
type: int
sflow_sampler:
choices:
- enabled
- disabled
description:
- Enable/disable sFlow protocol on this interface.
type: str
speed:
choices:
- 10half
- 10full
- 100half
- 100full
- 1000full
- 10000full
- auto
- 1000auto
- 1000full-fiber
- 40000full
- auto-module
- 100FX-half
- 100FX-full
- 100000full
- 2500auto
- 25000full
- 50000full
- 10000cr
- 10000sr
- 100000sr4
- 100000cr4
- 40000sr4
- 40000cr4
- 25000cr
- 25000sr
- 50000cr
- 50000sr
- 5000auto
- 1000fiber
- '10000'
- '40000'
- 25000cr4
- 25000sr4
- 5000full
- 2500full
description:
- Switch port speed; default and available settings depend on hardware.
type: str
speed_mask:
description:
- Switch port speed mask.
type: int
stacking_port:
description:
- Stacking port.
type: int
status:
choices:
- up
- down
description:
- 'Switch port admin status: up or down.'
type: str
sticky_mac:
choices:
- enable
- disable
description:
- Enable or disable sticky-mac on the interface.
type: str
storm_control_policy:
description:
- Switch controller storm control policy from available options. Source switch-controller.storm-control-policy.name.
type: str
stp_bpdu_guard:
choices:
- enabled
- disabled
description:
- Enable/disable STP BPDU guard on this interface.
type: str
stp_bpdu_guard_timeout:
description:
- BPDU Guard disabling protection (0 - 120 min).
type: int
stp_root_guard:
choices:
- enabled
- disabled
description:
- Enable/disable STP root guard on this interface.
type: str
stp_state:
choices:
- enabled
- disabled
description:
- Enable/disable Spanning Tree Protocol (STP) on this interface.
type: str
switch_id:
description:
- Switch id.
type: str
type:
choices:
- physical
- trunk
description:
- 'Interface type: physical or trunk port.'
type: str
untagged_vlans:
description:
- Configure switch port untagged VLANs.
elements: dict
suboptions:
vlan_name:
description:
- VLAN name. Source system.interface.name.
required: true
type: str
type: list
virtual_port:
description:
- Virtualized switch port.
type: int
vlan:
description:
- Assign switch ports to a VLAN. Source system.interface.name.
type: str
type: list
pre_provisioned:
description:
- Pre-provisioned managed switch.
type: int
ptp_profile:
description:
- PTP profile configuration. Source switch-controller.ptp.profile.name.
type: str
ptp_status:
choices:
- disable
- enable
description:
- Enable/disable PTP profile on this FortiSwitch.
type: str
purdue_level:
choices:
- '1'
- '1.5'
- '2'
- '2.5'
- '3'
- '3.5'
- '4'
- '5'
- '5.5'
description:
- Purdue Level of this FortiSwitch.
type: str
qos_drop_policy:
choices:
- taildrop
- random-early-detection
description:
- Set QoS drop-policy.
type: str
qos_red_probability:
description:
- Set QoS RED/WRED drop probability.
type: int
radius_nas_ip:
description:
- NAS-IP address.
type: str
radius_nas_ip_override:
choices:
- disable
- enable
description:
- Use locally defined NAS-IP.
type: str
remote_log:
description:
- Configure logging by FortiSwitch device to a remote syslog server.
elements: dict
suboptions:
csv:
choices:
- enable
- disable
description:
- Enable/disable comma-separated value (CSV) strings.
type: str
facility:
choices:
- kernel
- user
- mail
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron
- authpriv
- ftp
- ntp
- audit
- alert
- clock
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
description:
- Facility to log to remote syslog server.
type: str
name:
description:
- Remote log name.
required: true
type: str
port:
description:
- Remote syslog server listening port.
type: int
server:
description:
- IPv4 address of the remote syslog server.
type: str
severity:
choices:
- emergency
- alert
- critical
- error
- warning
- notification
- information
- debug
description:
- Severity of logs to be transferred to remote log server.
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable logging by FortiSwitch device to a remote syslog server.
type: str
type: list
route_offload:
choices:
- disable
- enable
description:
- Enable/disable route offload on this FortiSwitch.
type: str
route_offload_mclag:
choices:
- disable
- enable
description:
- Enable/disable route offload MCLAG on this FortiSwitch.
type: str
route_offload_router:
description:
- Configure route offload MCLAG IP address.
elements: dict
suboptions:
router_ip:
description:
- Router IP address.
type: str
vlan_name:
description:
- VLAN name. Source system.interface.name.
required: true
type: str
type: list
settings_802_1X:
description:
- Configuration method to edit FortiSwitch 802.1X global settings.
suboptions:
link_down_auth:
choices:
- set-unauth
- no-action
description:
- Authentication state to set if a link is down.
type: str
local_override:
choices:
- enable
- disable
description:
- Enable to override global 802.1X settings on individual FortiSwitches.
type: str
mab_reauth:
choices:
- disable
- enable
description:
- Enable or disable MAB reauthentication settings.
type: str
mac_called_station_delimiter:
choices:
- colon
- hyphen
- none
- single-hyphen
description:
- MAC called station delimiter .
type: str
mac_calling_station_delimiter:
choices:
- colon
- hyphen
- none
- single-hyphen
description:
- MAC calling station delimiter .
type: str
mac_case:
choices:
- lowercase
- uppercase
description:
- MAC case .
type: str
mac_password_delimiter:
choices:
- colon
- hyphen
- none
- single-hyphen
description:
- MAC authentication password delimiter .
type: str
mac_username_delimiter:
choices:
- colon
- hyphen
- none
- single-hyphen
description:
- MAC authentication username delimiter .
type: str
max_reauth_attempt:
description:
- Maximum number of authentication attempts (0 - 15).
type: int
reauth_period:
description:
- Reauthentication time interval (1 - 1440 min).
type: int
tx_period:
description:
- 802.1X Tx period (seconds).
type: int
type: dict
sn:
description:
- Managed-switch serial number.
type: str
snmp_community:
description:
- Configuration method to edit Simple Network Management Protocol (SNMP) communities.
elements: dict
suboptions:
events:
choices:
- cpu-high
- mem-low
- log-full
- intf-ip
- ent-conf-change
description:
- SNMP notifications (traps) to send.
elements: str
type: list
hosts:
description:
- Configure IPv4 SNMP managers (hosts).
elements: dict
suboptions:
id:
description:
- Host entry ID. see <a href='#notes'>Notes</a>.
required: true
type: int
ip:
description:
- IPv4 address of the SNMP manager (host).
type: str
type: list
id:
description:
- SNMP community ID. see <a href='#notes'>Notes</a>.
required: true
type: int
name:
description:
- SNMP community name.
type: str
query_v1_port:
description:
- SNMP v1 query port .
type: int
query_v1_status:
choices:
- disable
- enable
description:
- Enable/disable SNMP v1 queries.
type: str
query_v2c_port:
description:
- SNMP v2c query port .
type: int
query_v2c_status:
choices:
- disable
- enable
description:
- Enable/disable SNMP v2c queries.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable this SNMP community.
type: str
trap_v1_lport:
description:
- SNMP v2c trap local port .
type: int
trap_v1_rport:
description:
- SNMP v2c trap remote port .
type: int
trap_v1_status:
choices:
- disable
- enable
description:
- Enable/disable SNMP v1 traps.
type: str
trap_v2c_lport:
description:
- SNMP v2c trap local port .
type: int
trap_v2c_rport:
description:
- SNMP v2c trap remote port .
type: int
trap_v2c_status:
choices:
- disable
- enable
description:
- Enable/disable SNMP v2c traps.
type: str
type: list
snmp_sysinfo:
description:
- Configuration method to edit Simple Network Management Protocol (SNMP) system
info.
suboptions:
contact_info:
description:
- Contact information.
type: str
description:
description:
- System description.
type: str
engine_id:
description:
- Local SNMP engine ID string (max 24 char).
type: str
location:
description:
- System location.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable SNMP.
type: str
type: dict
snmp_trap_threshold:
description:
- Configuration method to edit Simple Network Management Protocol (SNMP) trap
threshold values.
suboptions:
trap_high_cpu_threshold:
description:
- CPU usage when trap is sent.
type: int
trap_log_full_threshold:
description:
- Log disk usage when trap is sent.
type: int
trap_low_memory_threshold:
description:
- Memory usage when trap is sent.
type: int
type: dict
snmp_user:
description:
- Configuration method to edit Simple Network Management Protocol (SNMP) users.
elements: dict
suboptions:
auth_proto:
choices:
- md5
- sha1
- sha224
- sha256
- sha384
- sha512
- sha
description:
- Authentication protocol.
type: str
auth_pwd:
description:
- Password for authentication protocol.
type: str
name:
description:
- SNMP user name.
required: true
type: str
priv_proto:
choices:
- aes128
- aes192
- aes192c
- aes256
- aes256c
- des
- aes
description:
- Privacy (encryption) protocol.
type: str
priv_pwd:
description:
- Password for privacy (encryption) protocol.
type: str
queries:
choices:
- disable
- enable
description:
- Enable/disable SNMP queries for this user.
type: str
query_port:
description:
- SNMPv3 query port .
type: int
security_level:
choices:
- no-auth-no-priv
- auth-no-priv
- auth-priv
description:
- Security level for message authentication and encryption.
type: str
type: list
staged_image_version:
description:
- Staged image version for FortiSwitch.
type: str
static_mac:
description:
- Configuration method to edit FortiSwitch Static and Sticky MAC.
elements: dict
suboptions:
description:
description:
- Description.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
interface:
description:
- Interface name.
type: str
mac:
description:
- MAC address.
type: str
type:
choices:
- static
- sticky
description:
- Type.
type: str
vlan:
description:
- Vlan. Source system.interface.name.
type: str
type: list
storm_control:
description:
- Configuration method to edit FortiSwitch storm control for measuring traffic
activity using data rates to prevent traffic disruption.
suboptions:
broadcast:
choices:
- enable
- disable
description:
- Enable/disable storm control to drop broadcast traffic.
type: str
local_override:
choices:
- enable
- disable
description:
- Enable to override global FortiSwitch storm control settings for this FortiSwitch.
type: str
rate:
description:
- Rate in packets per second at which storm control drops excess traffic(0-10000000).
type: int
unknown_multicast:
choices:
- enable
- disable
description:
- Enable/disable storm control to drop unknown multicast traffic.
type: str
unknown_unicast:
choices:
- enable
- disable
description:
- Enable/disable storm control to drop unknown unicast traffic.
type: str
type: dict
stp_instance:
description:
- Configuration method to edit Spanning Tree Protocol (STP) instances.
elements: dict
suboptions:
id:
description:
- Instance ID.
required: true
type: str
priority:
choices:
- '0'
- '4096'
- '8192'
- '12288'
- '16384'
- '20480'
- '24576'
- '28672'
- '32768'
- '36864'
- '40960'
- '45056'
- '49152'
- '53248'
- '57344'
- '61440'
description:
- Priority.
type: str
type: list
stp_settings:
description:
- Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent
bridge loops.
suboptions:
forward_time:
description:
- Period of time a port is in listening and learning state (4 - 30 sec).
type: int
hello_time:
description:
- Period of time between successive STP frame Bridge Protocol Data Units (BPDUs)
sent on a port (1 - 10 sec).
type: int
local_override:
choices:
- enable
- disable
description:
- Enable to configure local STP settings that override global STP settings.
type: str
max_age:
description:
- Maximum time before a bridge port saves its configuration BPDU information
(6 - 40 sec).
type: int
max_hops:
description:
- Maximum number of hops between the root bridge and the furthest bridge (1-
40).
type: int
name:
description:
- Name of local STP settings configuration.
type: str
pending_timer:
description:
- Pending time (1 - 15 sec).
type: int
revision:
description:
- STP revision number (0 - 65535).
type: int
status:
choices:
- enable
- disable
description:
- Enable/disable STP.
type: str
type: dict
switch_device_tag:
description:
- User definable label/tag.
type: str
switch_dhcp_opt43_key:
description:
- DHCP option43 key.
type: str
switch_id:
description:
- Managed-switch name.
required: true
type: str
switch_log:
description:
- Configuration method to edit FortiSwitch logging settings (logs are transferred
to and inserted into the FortiGate event log).
suboptions:
local_override:
choices:
- enable
- disable
description:
- Enable to configure local logging settings that override global logging
settings.
type: str
severity:
choices:
- emergency
- alert
- critical
- error
- warning
- notification
- information
- debug
description:
- Severity of FortiSwitch logs that are added to the FortiGate event log.
type: str
status:
choices:
- enable
- disable
description:
- Enable/disable adding FortiSwitch logs to the FortiGate event log.
type: str
type: dict
switch_profile:
description:
- FortiSwitch profile. Source switch-controller.switch-profile.name.
type: str
switch_stp_settings:
description:
- Configure spanning tree protocol (STP).
suboptions:
status:
choices:
- enable
- disable
description:
- Enable/disable STP.
type: str
type: dict
tdr_supported:
description:
- TDR supported.
type: str
type:
choices:
- virtual
- physical
description:
- Indication of switch type, physical or virtual.
type: str
version:
description:
- FortiSwitch version.
type: int
vlan:
description:
- Configure VLAN assignment priority.
elements: dict
suboptions:
assignment_priority:
description:
- 802.1x Radius (Tunnel-Private-Group-Id) VLANID assign-by-name priority.
A smaller value has a higher priority.
type: int
vlan_name:
description:
- VLAN name. Source system.interface.name.
required: true
type: str
type: list
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str