Optional setup tasks

This section describes the following tasks:

  • Configuring the FortiSwitch management port
  • Converting to the FortiSwitch standalone mode
  • Changing the admin password on the FortiGate for all managed FortiSwitches

Configuring the FortiSwitch management port

If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.

Using the Web administration GUI

  1. Go to Network > Static Routes > Create New > Route.
  2. Set Destination to Subnet and enter a subnetwork and mask.
  3. Set Device to the management interface.
  4. Add a Gateway IP address.

 

Using the FortiSwitch CLI

Enter the following commands:

config router static

edit 1

set device mgmt

set gateway <router IP address>

set dst <router subnet> <subnet mask>

end

end

 

In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:

config router static

edit 1

set device mgmt

set gateway 192.168.0.10

set dst 192.168.0.0 255.255.0.0

end

end

Converting to FortiSwitch standalone mode

Use one of the following commands to convert a FortiSwitch from FortiLink mode to standalone mode so that it will no longer be managed by a FortiGate:

  • execute switch-controller factory-reset <switch-id>
    This command returns the FortiSwitch to the factory defaults and then reboots the FortiSwitch. If the FortiSwitch is configured for FortiLink auto-discovery, FortiGate can detect and automatically authorize the FortiSwitch. For example:
    execute switch-controller factory-reset S1234567890
  • execute switch-controller set-standalone <switch-id>
    This command returns the FortiSwitch to the factory defaults, reboots the FortiSwitch, and prevents the FortiGate from automatically detecting and authorizing the FortiSwitch. For example:
    execute switch-controller set-standalone S1234567890

You can disable FortiLink auto-discovery on multiple FortiSwitches using the following commands:

config switch-controller global

set disable-discovery <switch-id>

end

 

For example:

config switch-controller global

set disable-discovery S1234567890

end

 

You can also add or remove entries from the list of FortiSwitches that have FortiLink auto-discovery disabled using the following commands:

config switch-controller global

append disable-discovery <switch-id>

unselect disable-discovery <switch-id>

end

 

For example:

config switch-controller global

append disable-discovery S012345678

unselect disable-discovery S1234567890

end

Changing the admin password on the FortiGate for all managed FortiSwitches

By default, each FortiSwitch has an admin account without a password. To replace the admin passwords for all FortiSwitches managed by a FortiGate, use the following commands from the FortiGate CLI:

config switch-controller switch-profile

edit default

set login-passwd-override {enable | disable}

set login-passwd <password>

next

end

 

If you had already applied a profile with the override enabled and the password set and then decide to remove the admin password, you need to apply a profile with the override enabled and no password set; otherwise, your previously set password will remain in the FortiSwitch. For example:

config switch-controller switch-profile

edit default

set login-passwd-override enable

unset login-passwd

next

end