FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 19 - Managing a FortiSwitch with a FortiGate > Additional Capabilities

Additional Capabilities

FortiOS 5.4.1 introduces additional capabilities related to managed FortiSwitch.

FortiSwitch LOG export

You can enable/disable the managed FortiSwitches to export their syslogs to the FortiGate. The setting is global, and the default setting is disabled.

The FortiGate sets the user field to "fortiswitch-syslog” for each entry, to allow a level of filtering.

CLI Command Syntax:

config switch-controller switch-log

status (enable | disable)

severity [ emergency | alert | critical | error | warning | notification | *information | debug ]

end

 

You can override the global log settings for a FortiSwitch, using the following commands:

config switch-controller managed-switch

edit <switch-id>

config switch-log

set local-override enable

 

At this point, you can configure the log settings that apply to this specific switch.

FortiSwitch Per-Port Device Visibility

In the FGT GUI, User & DeviceDevice LIst displays a list of devices attached to the FortiSwitch ports. For each device, the table displays the IP address of the device, and the interface (FortiSwitch name and port).

From the CLI, the following command displays information about the host devices:

diagnose switch-controller dump mac-hosts_switch-ports

 

FortiGate CLI support for FortiSwitch features (on non-FortiLink ports)

You can configure the following FortiSwitch features from the FortiGate CLI.

Configuring LAG

You can configure a link aggregation group for non-fortilink ports on a FortiSwitch. You cannot configure ports from different FortiSwitches in one LAG.

config switch-controller managed-switch

edit <switch-id>

config ports

edit <trunk name>

set type trunk

set mode < static | lacp > Link Aggreation mode

set bundle (enable | disable)

set min-bundle <int>

set max-bundle <int>

set members < port1 port2 ...>

next

end

end

end

 

Configuring Storm Control

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port. Storm control uses the data rate of the link to measure traffic activity.

When the data rate exceeds the configured threshold, storm control drops excess traffic. You can configure the types of traffic to drop: broadcast, unknown unicast, or multicast.

The Rate units is packets per second. The default value is 500.

The Storm Control settings are global to all of the non-FortiLink ports on the managed switches. Use the following CLI commands to configure storm control:

config switch-controller storm-control

set rate <rate>

set unknown-unicast (enable | disable)

set unknown-multicast (enable | disable)

set broadcast (enable | disable)

end

 

You can override the global Storm Control settings for a FortiSwitch, using the following commands:

config switch-controller managed-switch

edit <switch-id>

config storm-control

set local-override enable

 

At this point, you can configure the Storm Control settings that apply to this specific switch.

Display Port Statistics

Port stats will be accessed via FSW REST Monitor API.

Execute Custom FortiSwitch Commands

From the FortiGate, you can execute FortiSwitch commands on the managed FortiSwitch.

This feature adds a simple scripting mechanism for users to configure generic commands to be executed on the switch.

Create a command

Use the following syntax to create a command file:

config switch-controller custom-command

edit <cmd-name>

set command " <FortiSwitch commands>"

 

The following example creates a command file to set the STP max-age parameter:

config switch-controller custom-command

edit "stp-age-10"

set command "config switch stp setting

set max-age 10

end

"

next

end

 

Execute a command

After you have created a command file, use the following command on the FortiGate to execute the command file on the target switch:

exec switch-controller custom-command <cmd-name> <target-switch>

 

 

The following example runs command stp-age-10 on the specified target FortiSwitch:

 

FGT30E3U15003273 # exec switch-controller custom-command stp-age-10 S124DP3X15000118