config switch-controller managed-switch

Configure FortiSwitch devices that are managed by this FortiGate.

config switch-controller managed-switch

Description: Configure FortiSwitch devices that are managed by this FortiGate.

edit <switch-id>

set name {string}

set description {string}

set switch-profile {string}

set access-profile {string}

set fsw-wan1-peer {string}

set fsw-wan1-admin [discovered|disable|...]

set poe-pre-standard-detection [enable|disable]

set poe-detection-type {integer}

set poe-lldp-detection [enable|disable]

set directly-connected {integer}

set version {integer}

set pre-provisioned {integer}

set dynamic-capability {integer}

set switch-device-tag {string}

set mclag-igmp-snooping-aware [enable|disable]

set dynamically-discovered {integer}

set type [virtual|physical]

set owner-vdom {string}

set flow-identity {user}

set staged-image-version {string}

set delayed-restart-trigger {integer}

config ports

Description: Managed-switch port list.

edit <port-name>

set port-owner {string}

set switch-id {string}

set speed [10half|10full|...]

set status [up|down]

set poe-status [enable|disable]

set poe-pre-standard-detection [enable|disable]

set port-number {integer}

set port-prefix-type {integer}

set fortilink-port {integer}

set poe-capable {integer}

set stacking-port {integer}

set fiber-port {integer}

set flags {integer}

set isl-local-trunk-name {string}

set isl-peer-port-name {string}

set isl-peer-device-name {string}

set fgt-peer-port-name {string}

set fgt-peer-device-name {string}

set vlan {string}

set allowed-vlans-all [enable|disable]

set allowed-vlans <vlan-name1>, <vlan-name2>, ...

set untagged-vlans <vlan-name1>, <vlan-name2>, ...

set type [physical|trunk]

set dhcp-snooping [untrusted|trusted]

set dhcp-snoop-option82-trust [enable|disable]

set arp-inspection-trust [untrusted|trusted]

set igmp-snooping [enable|disable]

set igmps-flood-reports [enable|disable]

set igmps-flood-traffic [enable|disable]

set stp-state [enabled|disabled]

set stp-root-guard [enabled|disabled]

set stp-bpdu-guard [enabled|disabled]

set stp-bpdu-guard-timeout {integer}

set edge-port [enable|disable]

set discard-mode [none|all-untagged|...]

set packet-sampler [enabled|disabled]

set packet-sample-rate {integer}

set sflow-counter-interval {integer}

set sample-direction [tx|rx|...]

set loop-guard [enabled|disabled]

set loop-guard-timeout {integer}

set qos-policy {string}

set storm-control-policy {string}

set port-security-policy {string}

set export-to-pool {string}

set export-tags <tag-name1>, <tag-name2>, ...

set learning-limit {integer}

set sticky-mac [enable|disable]

set lldp-status [disable|rx-only|...]

set lldp-profile {string}

set export-to {string}

set mac-addr {mac-address}

set port-selection-criteria [src-mac|dst-mac|...]

set description {string}

set lacp-speed [slow|fast]

set mode [static|lacp-passive|...]

set bundle [enable|disable]

set member-withdrawal-behavior [forward|block]

set mclag [enable|disable]

set min-bundle {integer}

set max-bundle {integer}

set members <member-name1>, <member-name2>, ...

next

end

config stp-settings

Description: Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.

set local-override [enable|disable]

set name {string}

set revision {integer}

set hello-time {integer}

set forward-time {integer}

set max-age {integer}

set max-hops {integer}

set pending-timer {integer}

end

config stp-instance

Description: Configuration method to edit Spanning Tree Protocol (STP) instances.

edit <id>

set priority [0|4096|...]

next

end

set override-snmp-sysinfo [disable|enable]

config snmp-sysinfo

Description: Configuration method to edit Simple Network Management Protocol (SNMP) system info.

set status [disable|enable]

set engine-id {string}

set description {string}

set contact-info {string}

set location {string}

end

set override-snmp-trap-threshold [enable|disable]

config snmp-trap-threshold

Description: Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.

set trap-high-cpu-threshold {integer}

set trap-low-memory-threshold {integer}

set trap-log-full-threshold {integer}

end

set override-snmp-community [enable|disable]

config snmp-community

Description: Configuration method to edit Simple Network Management Protocol (SNMP) communities.

edit <id>

set name {string}

set status [disable|enable]

config hosts

Description: Configure IPv4 SNMP managers (hosts).

edit <id>

set ip {user}

next

end

set query-v1-status [disable|enable]

set query-v1-port {integer}

set query-v2c-status [disable|enable]

set query-v2c-port {integer}

set trap-v1-status [disable|enable]

set trap-v1-lport {integer}

set trap-v1-rport {integer}

set trap-v2c-status [disable|enable]

set trap-v2c-lport {integer}

set trap-v2c-rport {integer}

set events {option1}, {option2}, ...

next

end

set override-snmp-user [enable|disable]

config snmp-user

Description: Configuration method to edit Simple Network Management Protocol (SNMP) users.

edit <name>

set queries [disable|enable]

set query-port {integer}

set security-level [no-auth-no-priv|auth-no-priv|...]

set auth-proto [md5|sha]

set auth-pwd {password}

set priv-proto [aes|des]

set priv-pwd {password}

next

end

config switch-log

Description: Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).

set local-override [enable|disable]

set status [enable|disable]

set severity [emergency|alert|...]

end

config remote-log

Description: Configure logging by FortiSwitch device to a remote syslog server.

edit <name>

set status [enable|disable]

set server {string}

set port {integer}

set severity [emergency|alert|...]

set csv [enable|disable]

set facility [kernel|user|...]

next

end

config storm-control

Description: Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.

set local-override [enable|disable]

set rate {integer}

set unknown-unicast [enable|disable]

set unknown-multicast [enable|disable]

set broadcast [enable|disable]

end

config mirror

Description: Configuration method to edit FortiSwitch packet mirror.

edit <name>

set status [active|inactive]

set switching-packet [enable|disable]

set dst {string}

set src-ingress <name1>, <name2>, ...

set src-egress <name1>, <name2>, ...

next

end

config static-mac

Description: Configuration method to edit FortiSwitch Static and Sticky MAC.

edit <id>

set type [static|sticky]

set vlan {string}

set mac {mac-address}

set interface {string}

set description {string}

next

end

config custom-command

Description: Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.

edit <command-entry>

set command-name {string}

next

end

config igmp-snooping

Description: Configure FortiSwitch IGMP snooping global settings.

set local-override [enable|disable]

set aging-time {integer}

set flood-unknown-multicast [enable|disable]

end

config 802-1X-settings

Description: Configuration method to edit FortiSwitch 802.1X global settings.

set local-override [enable|disable]

set link-down-auth [set-unauth|no-action]

set reauth-period {integer}

set max-reauth-attempt {integer}

end

next

end

config switch-controller managed-switch

Parameter name	Description	Type	Size
name	Managed-switch name.	string	Maximum length: 35
description	Description.	string	Maximum length: 63
switch-profile	FortiSwitch profile.	string	Maximum length: 35
access-profile	FortiSwitch access profile.	string	Maximum length: 31
fsw-wan1-peer	Fortiswitch WAN1 peer port.	string	Maximum length: 35
fsw-wan1-admin	FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch.	option	-
	Option Description discovered Link waiting to be authorized. disable Link unauthorized. enable Link authorized.
poe-pre-standard-detection	Enable/disable PoE pre-standard detection.	option	-
	Option Description enable Enable PoE pre-standard detection. disable Disable PoE pre-standard detection.
poe-detection-type	PoE detection type for FortiSwitch.	integer	Minimum value: 0 Maximum value: 255
poe-lldp-detection	Enable/disable PoE LLDP detection.	option	-
	Option Description enable Enable PoE LLDP detection. disable Disable PoE LLDP detection.
directly-connected	Directly connected FortiSwitch.	integer	Minimum value: 0 Maximum value: 1
version	FortiSwitch version.	integer	Minimum value: 0 Maximum value: 255
pre-provisioned	Pre-provisioned managed switch.	integer	Minimum value: 0 Maximum value: 255
dynamic-capability	List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device.	integer	Minimum value: 0 Maximum value: 4294967295
switch-device-tag	User definable label/tag.	string	Maximum length: 32
mclag-igmp-snooping-aware	Enable/disable MCLAG IGMP-snooping awareness.	option	-
	Option Description enable Enable MCLAG IGMP-snooping awareness. disable Disable MCLAG IGMP-snooping awareness.
dynamically-discovered	Dynamically discovered FortiSwitch.	integer	Minimum value: 0 Maximum value: 1
type	Indication of switch type, physical or virtual.	option	-
	Option Description virtual Switch is of type virtual. physical Switch is of type physical.
owner-vdom	VDOM which owner of port belongs to.	string	Maximum length: 31
flow-identity	Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF default=0).	user	Not Specified
staged-image-version	Staged image version for FortiSwitch.	string	Maximum length: 127
delayed-restart-trigger	Delayed restart triggered for this FortiSwitch.	integer	Minimum value: 0 Maximum value: 255
override-snmp-sysinfo	Enable/disable overriding the global SNMP system information.	option	-
	Option Description disable Use the global SNMP system information. enable Override the global SNMP system information.
override-snmp-trap-threshold	Enable/disable overriding the global SNMP trap threshold values.	option	-
	Option Description enable Override the global SNMP trap threshold values. disable Use the global SNMP trap threshold values.
override-snmp-community	Enable/disable overriding the global SNMP communities.	option	-
	Option Description enable Override the global SNMP communities. disable Use the global SNMP communities.
override-snmp-user	Enable/disable overriding the global SNMP users.	option	-
	Option Description enable Override the global SNMPv3 users. disable Use the global SNMPv3 users.

config ports

Parameter name	Description	Type	Size
port-owner	Switch port name.	string	Maximum length: 15
switch-id	Switch id.	string	Maximum length: 16
speed	Switch port speed; default and available settings depend on hardware.	option	-
	Option Description 10half 10M half-duplex. 10full 10M full-duplex. 100half 100M half-duplex. 100full 100M full-duplex. 1000auto Auto-negotiation (1G full-duplex only). 1000fiber 1G full-duplex (fiber SFPs only) 1000full 1G full-duplex 10000 10G full-duplex 40000 40G full-duplex auto Auto-negotiation. auto-module Auto Module. 100FX-half 100Mbps half-duplex.100Base-FX. 100FX-full 100Mbps full-duplex.100Base-FX. 100000full 100Gbps full-duplex. 2500auto Auto-Negotiation (2.5Gbps Only). 25000full 25Gbps full-duplex. 50000full 50Gbps full-duplex. 10000cr 10Gbps copper interface. 10000sr 10Gbps SFI interface. 100000sr4 100Gbps SFI interface. 100000cr4 100Gbps copper interface. 25000cr4 25Gbps copper interface. 25000sr4 25Gbps SFI interface. 5000full 5Gbps full-duplex.
status	Switch port admin status: up or down.	option	-
	Option Description up Set admin status up. down Set admin status down.
poe-status	Enable/disable PoE status.	option	-
	Option Description enable Enable PoE status. disable Disable PoE status.
poe-pre-standard-detection	Enable/disable PoE pre-standard detection.	option	-
	Option Description enable Enable PoE pre-standard detection. disable Disable PoE pre-standard detection.
port-number	Port number.	integer	Minimum value: 1 Maximum value: 64
port-prefix-type	Port prefix type.	integer	Minimum value: 0 Maximum value: 1
fortilink-port	FortiLink uplink port.	integer	Minimum value: 0 Maximum value: 1
poe-capable	PoE capable.	integer	Minimum value: 0 Maximum value: 1
stacking-port	Stacking port.	integer	Minimum value: 0 Maximum value: 1
fiber-port	Fiber-port.	integer	Minimum value: 0 Maximum value: 1
flags	Port properties flags.	integer	Minimum value: 0 Maximum value: 4294967295
isl-local-trunk-name	ISL local trunk name.	string	Maximum length: 15
isl-peer-port-name	ISL peer port name.	string	Maximum length: 15
isl-peer-device-name	ISL peer device name.	string	Maximum length: 16
fgt-peer-port-name	FGT peer port name.	string	Maximum length: 15
fgt-peer-device-name	FGT peer device name.	string	Maximum length: 16
vlan	Assign switch ports to a VLAN.	string	Maximum length: 15
allowed-vlans-all	Enable/disable all defined vlans on this port.	option	-
	Option Description enable Enable all defined VLANs on this port. disable Disable all defined VLANs on this port.
allowed-vlans <vlan-name>	Configure switch port tagged vlans VLAN name.	string	Maximum length: 79
untagged-vlans <vlan-name>	Configure switch port untagged vlans VLAN name.	string	Maximum length: 79
type	Interface type: physical or trunk port.	option	-
	Option Description physical Physical port. trunk Trunk port.
dhcp-snooping	Trusted or untrusted DHCP-snooping interface.	option	-
	Option Description untrusted Untrusted DHCP snooping interface. trusted Trusted DHCP snooping interface.
dhcp-snoop-option82-trust	Enable/disable allowance of DHCP with option-82 on untrusted interface.	option	-
	Option Description enable Enable allowance of DHCP with option-82 on untrusted interface. disable Disable allowance of DHCP with option-82 on untrusted interface.
arp-inspection-trust	Trusted or untrusted dynamic ARP inspection.	option	-
	Option Description untrusted Untrusted dynamic ARP inspection. trusted Trusted dynamic ARP inspection.
igmp-snooping	Set IGMP snooping mode for the physical port interface.	option	-
	Option Description enable Interface takes part in IGMP snooping. disable Interface does not take part in IGMP snooping.
igmps-flood-reports	Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.	option	-
	Option Description enable Enable flooding of IGMP snooping reports to this interface. disable Disable flooding of IGMP snooping reports to this interface.
igmps-flood-traffic	Enable/disable flooding of IGMP snooping traffic to this interface.	option	-
	Option Description enable Enable flooding of IGMP snooping traffic to this interface. disable Disable flooding of IGMP snooping traffic to this interface.
stp-state	Enable/disable Spanning Tree Protocol (STP) on this interface.	option	-
	Option Description enabled Enable STP on this interface. disabled Disable STP on this interface.
stp-root-guard	Enable/disable STP root guard on this interface.	option	-
	Option Description enabled Enable STP root-guard on this interface. disabled Disable STP root-guard on this interface.
stp-bpdu-guard	Enable/disable STP BPDU guard on this interface.	option	-
	Option Description enabled Enable STP BPDU guard on this interface. disabled Disable STP BPDU guard on this interface.
stp-bpdu-guard-timeout	BPDU Guard disabling protection (0 - 120 min).	integer	Minimum value: 0 Maximum value: 120
edge-port	Enable/disable this interface as an edge port, bridging connections between workstations and/or computers.	option	-
	Option Description enable Enable this interface as an edge port. disable Disable this interface as an edge port.
discard-mode	Configure discard mode for port.	option	-
	Option Description none Discard disabled. all-untagged Discard all frames that are untagged. all-tagged Discard all frames that are tagged.
packet-sampler	Enable/disable packet sampling on this interface.	option	-
	Option Description enabled Enable packet sampling on this interface. disabled Disable packet sampling on this interface.
packet-sample-rate	Packet sampling rate (0 - 99999 p/sec).	integer	Minimum value: 0 Maximum value: 99999
sflow-counter-interval	sFlow sampling counter polling interval (0 - 255 sec).	integer	Minimum value: 0 Maximum value: 255
sample-direction	Packet sampling direction.	option	-
	Option Description tx Monitor transmitted traffic. rx Monitor received traffic. both Monitor transmitted and received traffic.
loop-guard	Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops.	option	-
	Option Description enabled Enable loop-guard on this interface. disabled Disable loop-guard on this interface.
loop-guard-timeout	Loop-guard timeout (0 - 120 min, default = 45).	integer	Minimum value: 0 Maximum value: 120
qos-policy	Switch controller QoS policy from available options.	string	Maximum length: 63
storm-control-policy	Switch controller storm control policy from available options.	string	Maximum length: 63
port-security-policy	Switch controller authentication policy to apply to this managed switch from available options.	string	Maximum length: 31
export-to-pool	Switch controller export port to pool-list.	string	Maximum length: 35
export-tags <tag-name>	Configure export tag(s) for FortiSwitch port when exported to a virtual pool. FortiSwitch port tag name when exported to a virtual pool.	string	Maximum length: 63
learning-limit	Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).	integer	Minimum value: 0 Maximum value: 128
sticky-mac	Enable or disable sticky-mac on the interface.	option	-
	Option Description enable Enable sticky mac on the interface. disable Disable sticky mac on the interface.
lldp-status	LLDP transmit and receive status.	option	-
	Option Description disable Disable LLDP TX and RX. rx-only Enable LLDP as RX only. tx-only Enable LLDP as TX only. tx-rx Enable LLDP TX and RX.
lldp-profile	LLDP port TLV profile.	string	Maximum length: 63
export-to	Export managed-switch port to a tenant VDOM.	string	Maximum length: 31
mac-addr	Port/Trunk MAC.	mac-address	Not Specified
port-selection-criteria	Algorithm for aggregate port selection.	option	-
	Option Description src-mac Source MAC address. dst-mac Destination MAC address. src-dst-mac Source and destination MAC address. src-ip Source IP address. dst-ip Destination IP address. src-dst-ip Source and destination IP address.
description	Description for port.	string	Maximum length: 63
lacp-speed	end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast).	option	-
	Option Description slow Send LACP message every 30 seconds. fast Send LACP message every second.
mode	LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively.	option	-
	Option Description static Static aggregation, do not send and ignore any control messages. lacp-passive Passively use LACP to negotiate 802.3ad aggregation. lacp-active Actively use LACP to negotiate 802.3ad aggregation.
bundle	Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces.	option	-
	Option Description enable Enable bundling. disable Disable bundling.
member-withdrawal-behavior	Port behavior after it withdraws because of loss of control packets.	option	-
	Option Description forward Forward traffic. block Block traffic.
mclag	Enable/disable multi-chassis link aggregation (MCLAG).	option	-
	Option Description enable Enable MCLAG. disable Disable MCLAG.
min-bundle	Minimum size of LAG bundle (1 - 24, default = 1)	integer	Minimum value: 1 Maximum value: 24
max-bundle	Maximum size of LAG bundle (1 - 24, default = 24)	integer	Minimum value: 1 Maximum value: 24
members <member-name>	Aggregated LAG bundle interfaces. Interface name from available options.	string	Maximum length: 79

config stp-settings

Parameter name	Description	Type	Size
local-override	Enable to configure local STP settings that override global STP settings.	option	-
	Option Description enable Override global STP settings. disable Use global STP settings.
name	Name of local STP settings configuration.	string	Maximum length: 31
revision	STP revision number (0 - 65535).	integer	Minimum value: 0 Maximum value: 65535
hello-time	Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2).	integer	Minimum value: 1 Maximum value: 10
forward-time	Period of time a port is in listening and learning state (4 - 30 sec, default = 15).	integer	Minimum value: 4 Maximum value: 30
max-age	Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20).	integer	Minimum value: 6 Maximum value: 40
max-hops	Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20).	integer	Minimum value: 1 Maximum value: 40
pending-timer	Pending time (1 - 15 sec, default = 4).	integer	Minimum value: 1 Maximum value: 15

config stp-instance

Parameter name	Description	Type	Size
priority	Priority.	option	-
	Option Description 0 0. 4096 4096. 8192 8192. 12288 12288. 16384 16384. 20480 20480. 24576 24576. 28672 28672. 32768 32768. 36864 36864. 40960 40960. 45056 45056. 49152 49152. 53248 53248. 57344 57344. 61440 61440.

config snmp-sysinfo

Parameter name	Description	Type	Size
status	Enable/disable SNMP.	option	-
	Option Description disable Disable SNMP. enable Enable SNMP.
engine-id	Local SNMP engine ID string (max 24 char).	string	Maximum length: 24
description	System description.	string	Maximum length: 35
contact-info	Contact information.	string	Maximum length: 35
location	System location.	string	Maximum length: 35

config snmp-trap-threshold

Parameter name	Description	Type	Size
trap-high-cpu-threshold	CPU usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295
trap-low-memory-threshold	Memory usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295
trap-log-full-threshold	Log disk usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295

config snmp-community

Parameter name	Description	Type	Size
name	SNMP community name.	string	Maximum length: 35
status	Enable/disable this SNMP community.	option	-
	Option Description disable Disable SNMP community. enable Enable SNMP community.
query-v1-status	Enable/disable SNMP v1 queries.	option	-
	Option Description disable Disable SNMP v1 queries. enable Enable SNMP v1 queries.
query-v1-port	SNMP v1 query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
query-v2c-status	Enable/disable SNMP v2c queries.	option	-
	Option Description disable Disable SNMP v2c queries. enable Enable SNMP v2c queries.
query-v2c-port	SNMP v2c query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
trap-v1-status	Enable/disable SNMP v1 traps.	option	-
	Option Description disable Disable SNMP v1 traps. enable Enable SNMP v1 traps.
trap-v1-lport	SNMP v2c trap local port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v1-rport	SNMP v2c trap remote port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v2c-status	Enable/disable SNMP v2c traps.	option	-
	Option Description disable Disable SNMP v2c traps. enable Enable SNMP v2c traps.
trap-v2c-lport	SNMP v2c trap local port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v2c-rport	SNMP v2c trap remote port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
events	SNMP notifications (traps) to send.	option	-
	Option Description cpu-high Send a trap when CPU usage too high. mem-low Send a trap when available memory is low. log-full Send a trap when log disk space becomes low. intf-ip Send a trap when an interface IP address is changed. ent-conf-change Send a trap when an entity MIB change occurs (RFC4133).

config hosts

Parameter name	Description	Type	Size
ip	IPv4 address of the SNMP manager (host).	user	Not Specified

config snmp-user

Parameter name	Description	Type	Size
queries	Enable/disable SNMP queries for this user.	option	-
	Option Description disable Disable SNMP queries for this user. enable Enable SNMP queries for this user.
query-port	SNMPv3 query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
security-level	Security level for message authentication and encryption.	option	-
	Option Description no-auth-no-priv Message with no authentication and no privacy (encryption). auth-no-priv Message with authentication but no privacy (encryption). auth-priv Message with authentication and privacy (encryption).
auth-proto	Authentication protocol.	option	-
	Option Description md5 HMAC-MD5-96 authentication protocol. sha HMAC-SHA-96 authentication protocol.
auth-pwd	Password for authentication protocol.	password	Not Specified
priv-proto	Privacy (encryption) protocol.	option	-
	Option Description aes CFB128-AES-128 symmetric encryption protocol. des CBC-DES symmetric encryption protocol.
priv-pwd	Password for privacy (encryption) protocol.	password	Not Specified

config switch-log

Parameter name	Description	Type	Size
local-override	Enable to configure local logging settings that override global logging settings.	option	-
	Option Description enable Override global logging settings. disable Use global logging settings.
status	Enable/disable adding FortiSwitch logs to the FortiGate event log.	option	-
	Option Description enable Add FortiSwitch logs to the FortiGate event log. disable Do not add FortiSwitch logs to the FortiGate event log.
severity	Severity of FortiSwitch logs that are added to the FortiGate event log.	option	-
	Option Description emergency Emergency level. alert Alert level. critical Critical level. error Error level. warning Warning level. notification Notification level. information Information level. debug Debug level.

config remote-log

Parameter name	Description	Type	Size
status	Enable/disable logging by FortiSwitch device to a remote syslog server.	option	-
	Option Description enable Enable logging by FortiSwitch device to a remote syslog server. disable Disable logging by FortiSwitch device to a remote syslog server.
server	IPv4 address of the remote syslog server.	string	Maximum length: 63
port	Remote syslog server listening port.	integer	Minimum value: 0 Maximum value: 65535
severity	Severity of logs to be transferred to remote log server.	option	-
	Option Description emergency Emergency level. alert Alert level. critical Critical level. error Error level. warning Warning level. notification Notification level. information Information level. debug Debug level.
csv	Enable/disable comma-separated value (CSV) strings.	option	-
	Option Description enable Enable comma-separated value (CSV) strings. disable Disable comma-separated value (CSV) strings.
facility	Facility to log to remote syslog server.	option	-
	Option Description kernel Kernel messages. user Random user-level messages. mail Mail system. daemon System daemons. auth Security/authorization messages. syslog Messages generated internally by syslogd. lpr Line printer subsystem. news Network news subsystem. uucp UUCP server messages. cron Clock daemon. authpriv Security/authorization messages (private). ftp FTP daemon. ntp NTP daemon. audit Log audit. alert Log alert. clock Clock daemon. local0 Reserved for local use. local1 Reserved for local use. local2 Reserved for local use. local3 Reserved for local use. local4 Reserved for local use. local5 Reserved for local use. local6 Reserved for local use. local7 Reserved for local use.

config storm-control

Parameter name	Description	Type	Size
local-override	Enable to override global FortiSwitch storm control settings for this FortiSwitch.	option	-
	Option Description enable Override global storm control settings. disable Use global storm control settings.
rate	Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold.	integer	Minimum value: 1 Maximum value: 10000000
unknown-unicast	Enable/disable storm control to drop unknown unicast traffic.	option	-
	Option Description enable Drop unknown unicast traffic. disable Allow unknown unicast traffic.
unknown-multicast	Enable/disable storm control to drop unknown multicast traffic.	option	-
	Option Description enable Drop unknown multicast traffic. disable Allow unknown multicast traffic.
broadcast	Enable/disable storm control to drop broadcast traffic.	option	-
	Option Description enable Drop broadcast traffic. disable Allow broadcast traffic.

config mirror

Parameter name	Description	Type	Size
status	Active/inactive mirror configuration.	option	-
	Option Description active Activate mirror configuration. inactive Deactivate mirror configuration.
switching-packet	Enable/disable switching functionality when mirroring.	option	-
	Option Description enable Enable switching functionality when mirroring. disable Disable switching functionality when mirroring.
dst	Destination port.	string	Maximum length: 63
src-ingress <name>	Source ingress interfaces. Interface name.	string	Maximum length: 79
src-egress <name>	Source egress interfaces. Interface name.	string	Maximum length: 79

config static-mac

Parameter name	Description	Type	Size
type	Type.	option	-
	Option Description static Static MAC. sticky Sticky MAC.
vlan	Vlan.	string	Maximum length: 15
mac	MAC address.	mac-address	Not Specified
interface	Interface name.	string	Maximum length: 35
description	Description.	string	Maximum length: 63

config custom-command

Parameter name	Description	Type	Size
command-name	Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command.	string	Maximum length: 35

config igmp-snooping

Parameter name	Description	Type	Size
local-override	Enable/disable overriding the global IGMP snooping configuration.	option	-
	Option Description enable Override the global IGMP snooping configuration. disable Use the global IGMP snooping configuration.
aging-time	Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300).	integer	Minimum value: 15 Maximum value: 3600
flood-unknown-multicast	Enable/disable unknown multicast flooding.	option	-
	Option Description enable Enable unknown multicast flooding. disable Disable unknown multicast flooding.

config 802-1X-settings

Parameter name	Description	Type	Size
local-override	Enable to override global 802.1X settings on individual FortiSwitches.	option	-
	Option Description enable Override global 802.1X settings. disable Use global 802.1X settings.
link-down-auth	Authentication state to set if a link is down.	option	-
	Option Description set-unauth Interface set to unauth when down. Reauthentication is needed. no-action Interface reauthentication is not needed.
reauth-period	Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable).	integer	Minimum value: 0 Maximum value: 1440
max-reauth-attempt	Maximum number of authentication attempts (0 - 15, default = 3).	integer	Minimum value: 0 Maximum value: 15