Fortinet black logo

Handbook

Optional setup tasks

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:64268
Download PDF

Optional setup tasks

This section describes the following tasks:

Configuring the FortiSwitch management port

If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.

Using the Web administration GUI

  1. Go to Network > Static Routes > Create New > Route.
  2. Set Destination to Subnet and enter a subnetwork and mask.
  3. Set Device to the management interface.
  4. Add a Gateway IP address.

Using the FortiSwitch CLI

Enter the following commands:

config router static

edit 1

set device mgmt

set gateway <router IP address>

set dst <router subnet> <subnet mask>

end

end

In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:

config router static

edit 1

set device mgmt

set gateway 192.168.0.10

set dst 192.168.0.0 255.255.0.0

end

end

Converting to FortiSwitch standalone mode

Use one of the following commands to convert a FortiSwitch from FortiLink mode to standalone mode so that it will no longer be managed by a FortiGate:

  • execute switch-controller factory-reset <switch-id> This command returns the FortiSwitch to the factory defaults and then reboots the FortiSwitch. If the FortiSwitch is configured for FortiLink auto-discovery, FortiGate can detect and automatically authorize the FortiSwitch. For example:execute switch-controller factory-reset S1234567890
  • execute switch-controller set-standalone <switch-id> This command returns the FortiSwitch to the factory defaults, reboots the FortiSwitch, and prevents the FortiGate from automatically detecting and authorizing the FortiSwitch. For example:execute switch-controller set-standalone S1234567890

You can disable FortiLink auto-discovery on multiple FortiSwitch units using the following commands:

config switch-controller global

set disable-discovery <switch-id>

end

For example:

config switch-controller global

set disable-discovery S1234567890

end

You can also add or remove entries from the list of FortiSwitch units that have FortiLink auto-discovery disabled using the following commands:

config switch-controller global

append disable-discovery <switch-id>

unselect disable-discovery <switch-id>

end

For example:

config switch-controller global

append disable-discovery S012345678

unselect disable-discovery S1234567890

end

Changing the admin password on the FortiGate for all managed FortiSwitch units

By default, each FortiSwitch has an admin account without a password. To replace the admin passwords for all FortiSwitch units managed by a FortiGate, use the following commands from the FortiGate CLI:

config switch-controller switch-profile

edit default

set login-passwd-override {enable | disable}

set login-passwd <password>

next

end

If you had already applied a profile with the override enabled and the password set and then decide to remove the admin password, you need to apply a profile with the override enabled and no password set; otherwise, your previously set password will remain in the FortiSwitch. For example:

config switch-controller switch-profile

edit default

set login-passwd-override enable

unset login-passwd

next

end

Enabling network-assisted device detection

Network-assisted device detection allows the FortiGate unit to use the information about connected devices detected by the managed FortiSwitch unit.

To enable network-assisted device detection on a VDOM:

config switch-controller network-monitor-settings

set network-monitoring enable

end

You can display a list of detected devices from the Device Inventory menu in the GUI. To list the detected devices in the CLI, enter the following command:

diagnose user device list

Limiting the number of parallel process for FortiSwitch configuration

Use the following CLI commands to reduce the number of parallel process that the switch controller uses for configuring FortiSwitch units:

config global

config switch-controller system

set parallel-process-override enable

set parallel-process <1-300>

end

end

Optional setup tasks

This section describes the following tasks:

Configuring the FortiSwitch management port

If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.

Using the Web administration GUI

  1. Go to Network > Static Routes > Create New > Route.
  2. Set Destination to Subnet and enter a subnetwork and mask.
  3. Set Device to the management interface.
  4. Add a Gateway IP address.

Using the FortiSwitch CLI

Enter the following commands:

config router static

edit 1

set device mgmt

set gateway <router IP address>

set dst <router subnet> <subnet mask>

end

end

In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:

config router static

edit 1

set device mgmt

set gateway 192.168.0.10

set dst 192.168.0.0 255.255.0.0

end

end

Converting to FortiSwitch standalone mode

Use one of the following commands to convert a FortiSwitch from FortiLink mode to standalone mode so that it will no longer be managed by a FortiGate:

  • execute switch-controller factory-reset <switch-id> This command returns the FortiSwitch to the factory defaults and then reboots the FortiSwitch. If the FortiSwitch is configured for FortiLink auto-discovery, FortiGate can detect and automatically authorize the FortiSwitch. For example:execute switch-controller factory-reset S1234567890
  • execute switch-controller set-standalone <switch-id> This command returns the FortiSwitch to the factory defaults, reboots the FortiSwitch, and prevents the FortiGate from automatically detecting and authorizing the FortiSwitch. For example:execute switch-controller set-standalone S1234567890

You can disable FortiLink auto-discovery on multiple FortiSwitch units using the following commands:

config switch-controller global

set disable-discovery <switch-id>

end

For example:

config switch-controller global

set disable-discovery S1234567890

end

You can also add or remove entries from the list of FortiSwitch units that have FortiLink auto-discovery disabled using the following commands:

config switch-controller global

append disable-discovery <switch-id>

unselect disable-discovery <switch-id>

end

For example:

config switch-controller global

append disable-discovery S012345678

unselect disable-discovery S1234567890

end

Changing the admin password on the FortiGate for all managed FortiSwitch units

By default, each FortiSwitch has an admin account without a password. To replace the admin passwords for all FortiSwitch units managed by a FortiGate, use the following commands from the FortiGate CLI:

config switch-controller switch-profile

edit default

set login-passwd-override {enable | disable}

set login-passwd <password>

next

end

If you had already applied a profile with the override enabled and the password set and then decide to remove the admin password, you need to apply a profile with the override enabled and no password set; otherwise, your previously set password will remain in the FortiSwitch. For example:

config switch-controller switch-profile

edit default

set login-passwd-override enable

unset login-passwd

next

end

Enabling network-assisted device detection

Network-assisted device detection allows the FortiGate unit to use the information about connected devices detected by the managed FortiSwitch unit.

To enable network-assisted device detection on a VDOM:

config switch-controller network-monitor-settings

set network-monitoring enable

end

You can display a list of detected devices from the Device Inventory menu in the GUI. To list the detected devices in the CLI, enter the following command:

diagnose user device list

Limiting the number of parallel process for FortiSwitch configuration

Use the following CLI commands to reduce the number of parallel process that the switch controller uses for configuring FortiSwitch units:

config global

config switch-controller system

set parallel-process-override enable

set parallel-process <1-300>

end

end