Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiExtender 7.6.5 CLI Reference
    7.6.5
    7.6.5
    7.6.4
    7.6.2
    7.6.1
    7.6.0
    7.4.4
    7.4.1
    7.4.0
    7.2.3

    config system switch-interface

    config system switch-interface

    Description: When the FortiExtender is in standalone mode, you can configure your switch interface settings.

    When the FortiExtender is being managed from the FortiGate, you can view LAN extension settings synced from the FortiGate. You cannot configure these settings directly on the FortiExtender; you must make them through the FortiGate LAN extension profile first.

    config system switch-interface
  edit <name>
    set vlan-support [enable | disable]
    config member 
      edit <name1> 
        set type [ aggregate | physical | vap]
        set port
        set vids {1-4089}
        set pvid {1-4089} 
        set security-8021x-member-mode [enable | disable]
      next
    end
    set stp [enable | disable]
    set td-mode [disable | include]
    set wired-security-mode [802.1X]
    set wired-security-group <security group ID>
  next
end

    Sample syntax:

    config system switch-interface
  edit lan
    set vlan-support disable
    config member
      edit port4
        set type physical
        set port port4
        set vids
        set pvid 1
        set security-8021x-member-mode enable
      next
    end
    set stp disable
    set ts-mode disable
    set wired-security-mode 802.1X
    set wired-security-group test
  next
end
    Parametrer Description Type Size Default

    vlan-support

    Enable/disable VLAN support.

    option

    -

    stp Spanning Tree Protocol. option - disable
    Option Description
    enable Enable Spanning Tree Protocol.
    disable Disable Spanning Tree Protocol.

    ts-mode

    Read-only: Split tunnel mode.

    option

    -

    disable

    Option Description
    include Enable Split tunnel mode
    disable Disable Split tunnel mode.

    wired-security-mode

    Turn on 802.1x authentication for this interface.

    Only available on FortiExtender Branch platforms.

    option

    -

    wired-security-group

    Names of user groups that can authenticate with the 802.1X.

    option

    -

    dst-mac

    Read-only: MAC address of the remote gateway pushed from FortiOS.

    string

    		 - none

    dst-addr

    Read-only: Destination IP addresses

    string

    		 - none

    services

    Read-only: Internet services.

    options

    		 - none
    config members
    Parameter Description

    Type

    Size

    Default

    config member

    		 Interfaces within the virtual switch.

    option

    -

    none

    name

    		 The LAN port ID.

    string

    -

    none

    type

    Interface type.

    option

    -

    port

    Interface within the virtual switch.

    option

    -

    vap

    Virtual Access Point, which must NOT be configured as a WLAN bridge, will be added as a member of the switch-interface.

    option

    -

    vids

    VLAN ID list.

    integer

    1 to 4089

    pvid

    Port VLAN ID.

    integer

    1 to 4089

    security-8021x-member-mode

    Enable/disable 802.1x authentication on a port.

    Only available on FortiExtender Branch platforms.

    option

    -

    Previous
    Next

    config system switch-interface

    config system switch-interface

    Description: When the FortiExtender is in standalone mode, you can configure your switch interface settings.

    When the FortiExtender is being managed from the FortiGate, you can view LAN extension settings synced from the FortiGate. You cannot configure these settings directly on the FortiExtender; you must make them through the FortiGate LAN extension profile first.

    config system switch-interface
  edit <name>
    set vlan-support [enable | disable]
    config member 
      edit <name1> 
        set type [ aggregate | physical | vap]
        set port
        set vids {1-4089}
        set pvid {1-4089} 
        set security-8021x-member-mode [enable | disable]
      next
    end
    set stp [enable | disable]
    set td-mode [disable | include]
    set wired-security-mode [802.1X]
    set wired-security-group <security group ID>
  next
end

    Sample syntax:

    config system switch-interface
  edit lan
    set vlan-support disable
    config member
      edit port4
        set type physical
        set port port4
        set vids
        set pvid 1
        set security-8021x-member-mode enable
      next
    end
    set stp disable
    set ts-mode disable
    set wired-security-mode 802.1X
    set wired-security-group test
  next
end
    Parametrer Description Type Size Default

    vlan-support

    Enable/disable VLAN support.

    option

    -

    stp Spanning Tree Protocol. option - disable
    Option Description
    enable Enable Spanning Tree Protocol.
    disable Disable Spanning Tree Protocol.

    ts-mode

    Read-only: Split tunnel mode.

    option

    -

    disable

    Option Description
    include Enable Split tunnel mode
    disable Disable Split tunnel mode.

    wired-security-mode

    Turn on 802.1x authentication for this interface.

    Only available on FortiExtender Branch platforms.

    option

    -

    wired-security-group

    Names of user groups that can authenticate with the 802.1X.

    option

    -

    dst-mac

    Read-only: MAC address of the remote gateway pushed from FortiOS.

    string

    		 - none

    dst-addr

    Read-only: Destination IP addresses

    string

    		 - none

    services

    Read-only: Internet services.

    options

    		 - none
    config members
    Parameter Description

    Type

    Size

    Default

    config member

    		 Interfaces within the virtual switch.

    option

    -

    none

    name

    		 The LAN port ID.

    string

    -

    none

    type

    Interface type.

    option

    -

    port

    Interface within the virtual switch.

    option

    -

    vap

    Virtual Access Point, which must NOT be configured as a WLAN bridge, will be added as a member of the switch-interface.

    option

    -

    vids

    VLAN ID list.

    integer

    1 to 4089

    pvid

    Port VLAN ID.

    integer

    1 to 4089

    security-8021x-member-mode

    Enable/disable 802.1x authentication on a port.

    Only available on FortiExtender Branch platforms.

    option

    -

    Previous
    Next