Optional setup tasks
This section describes the following tasks:
- Configuring the FortiSwitch management port
- Converting to the FortiSwitch standalone mode
- Changing the admin password on the FortiGate for all managed FortiSwitches
Configuring the FortiSwitch management port
If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.
Using the Web administration GUI
- Go to Network > Static Routes > Create New > Route.
- Set Destination to Subnet and enter a subnetwork and mask.
- Set Device to the management interface.
- Add a Gateway IP address.
Using the FortiSwitch CLI
Enter the following commands:
config router static
edit 1
set device mgmt
set gateway <router IP address>
set dst <router subnet> <subnet mask>
end
end
In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:
config router static
edit 1
set device mgmt
set gateway 192.168.0.10
set dst 192.168.0.0 255.255.0.0
end
end
Converting to FortiSwitch standalone mode
Use one of the following commands to convert a FortiSwitch from FortiLink mode to standalone mode so that it will no longer be managed by a FortiGate:
execute switch-controller factory-reset <switch-id>
This command returns the FortiSwitch to the factory defaults and then reboots the FortiSwitch. If the FortiSwitch is configured for FortiLink auto-discovery, FortiGate can detect and automatically authorize the FortiSwitch. For example:execute switch-controller factory-reset S1234567890
execute switch-controller set-standalone <switch-id>
This command returns the FortiSwitch to the factory defaults, reboots the FortiSwitch, and prevents the FortiGate from automatically detecting and authorizing the FortiSwitch. For example:execute switch-controller set-standalone S1234567890
You can disable FortiLink auto-discovery on multiple FortiSwitches using the following commands:
config switch-controller global
set disable-discovery <switch-id>
end
For example:
config switch-controller global
set disable-discovery S1234567890
end
You can also add or remove entries from the list of FortiSwitches that have FortiLink auto-discovery disabled using the following commands:
config switch-controller global
append disable-discovery <switch-id>
unselect disable-discovery <switch-id>
end
For example:
config switch-controller global
append disable-discovery S012345678
unselect disable-discovery S1234567890
end
Changing the admin password on the FortiGate for all managed FortiSwitches
By default, each FortiSwitch has an admin account without a password. To replace the admin passwords for all FortiSwitches managed by a FortiGate, use the following commands from the FortiGate CLI:
config switch-controller switch-profile
edit default
set login-passwd-override {enable | disable}
set login-passwd <password>
next
end
If you had already applied a profile with the override enabled and the password set and then decide to remove the admin password, you need to apply a profile with the override enabled and no password set; otherwise, your previously set password will remain in the FortiSwitch. For example:
config switch-controller switch-profile
edit default
set login-passwd-override enable
unset login-passwd
next
end