system : switch-interface
 
switch-interface
Use this command to group physical and wifi interfaces into a software switch interface (also called a softswitch, soft-switch or soft switch). A software switch is a virtual switch that is implemented in software instead of hardware. When you add interfaces to a software switch the interfaces all share one IP address and become a single entry on the interface list. As a result, all of the interfaces are on the same subnet and traffic between devices connected to each interface of the software switch cannot be filtered by firewall policies.
Adding a software switch can be used to simplify communication between devices connected to different FortiGate interfaces. For example, using a software switch you can place the FortiGate interface connected to an internal network on the same subnet as your wireless interfaces. Then devices on the internal network can communicate with devices on the wireless network without any additional configuration on the FortiGate unit.
The physical and WiFi interfaces added to a software switch interface cannot be used in any other configurations. The wifi interfaces can be implemented on the FortiWiFi unit or on remote FortiWiFi units of FortiAP units controlled by the wireless controller feature. Interfaces in a software switch cannot be monitored by HA or used as heart beat devices.
This command can be used at the Global or VDOM level.
Syntax
config system switch-interface
edit <group_name>
set member <iflist>
set span {enable | disable}
set span-dest-port <portnum>
set span-direction {rx | tx | both}
set span-source-port <portlist>
set type {hub | switch | hardware-switch}
set vdom <vdom_name>
end
Variable
Description
Default
<group_name>
The name for this software switch.
Cannot be in use by any other interfaces, vlans, or inter-VDOM links.
No default.
member <iflist>
Enter a list of the interfaces that will be part of this software switch. Separate interface names with a space.
Use <tab> to advance through the list of available interfaces.
No default.
span {enable | disable}
Enable or disable port spanning. This is available only when type is switch. Port spanning echoes traffic received by the software switch to the span destination port. Port spanning can be used to monitor all traffic passing through the soft switch. You can also configure the span destination port and the span source ports., which are the switch ports for which traffic is echoed.
disable
span-dest-port <portnum>
Enter the span port destination port name. All traffic on the span source ports is echoed to the span destination port.
Use <tab> to advance through the list of available interfaces. Available when span is enabled.
No default.
span-direction {rx | tx | both}
Select the direction in which the span port operates:
rx — Copy only received packets from source SPAN ports to the destination SPAN port.
tx — Copy only transmitted packets from source SPAN ports to the destination SPAN port.
both — Copy both transmitted and received packets from source SPAN ports to the destination SPAN port.
span-direction is available only when span is enabled.
both
span-source-port <portlist>
Enter a list of the interfaces that are span source ports. Separate interface names with a space. Port spanning echoes all traffic on the span source ports to the span destination port.
Use <tab> to advance through the list of available interfaces.
Available when span is enabled.
No default.
type {hub | switch | hardware-switch}
Select the type of switch functionality:
hub — duplicates packets to all member ports
switch — normal switch functionality (available in NAT mode only)
switch
vdom <vdom_name>
Enter the VDOM to which the software switch belongs.
No default.