fortios_switch_controller_managed_switch – Configure FortiSwitch devices that are managed by this FortiGate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_switch_controller_managed_switch | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- switch_controller_managed_switch - Configure FortiSwitch devices that are managed by this FortiGate. type: dict more...
- settings_802_1X - Configuration method to edit FortiSwitch 802.1X global settings. type: dict more...
- link_down_auth - Authentication state to set if a link is down. type: str choices: set-unauth, no-action more...
- local_override - Enable to override global 802.1X settings on individual FortiSwitches. type: str choices: enable, disable more...
- mab_reauth - Enable or disable MAB reauthentication settings. type: str choices: disable, enable more...
- max_reauth_attempt - Maximum number of authentication attempts (0 - 15). type: int more...
- reauth_period - Reauthentication time interval (1 - 1440 min). type: int more...
- tx_period - 802.1X Tx period (seconds). type: int more...
- access_profile - FortiSwitch access profile. Source switch-controller.security-policy.local-access.name. type: str more...
- custom_command - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch. type: list member_path: custom_command:command_entry more...
- command_entry - List of FortiSwitch commands. type: str required: true more...
- command_name - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name. type: str more...
- delayed_restart_trigger - Delayed restart triggered for this FortiSwitch. type: int more...
- description - Description. type: str more...
- dhcp_server_access_list - DHCP snooping server access list. type: str choices: global, enable, disable more...
- dhcp_snooping_static_client - Configure FortiSwitch DHCP snooping static clients. type: list member_path: dhcp_snooping_static_client:name more...
- ip - Client static IP address. type: str more...
- mac - Client MAC address. type: str more...
- name - Client name. type: str required: true more...
- port - Interface name. type: str more...
- vlan - VLAN name. Source system.interface.name. type: str more...
- directly_connected - Directly connected FortiSwitch. type: int more...
- dynamic_capability - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. type: str more...
- dynamically_discovered - Dynamically discovered FortiSwitch. type: int more...
- firmware_provision - Enable/disable provisioning of firmware to FortiSwitches on join connection. type: str choices: enable, disable more...
- firmware_provision_latest - Enable/disable one-time automatic provisioning of the latest firmware version. type: str choices: disable, once more...
- firmware_provision_version - Firmware version to provision to this FortiSwitch on bootup (major.minor.build, i.e. 6.2.1234). type: str more...
- flow_identity - Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF ). type: str more...
- fsw_wan1_admin - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. type: str choices: discovered, disable, enable more...
- fsw_wan1_peer - FortiSwitch WAN1 peer port. Source system.interface.name. type: str more...
- fsw_wan2_admin - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. type: str choices: discovered, disable, enable more...
- fsw_wan2_peer - FortiSwitch WAN2 peer port. type: str more...
- igmp_snooping - Configure FortiSwitch IGMP snooping global settings. type: dict more...
- aging_time - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). type: int more...
- flood_unknown_multicast - Enable/disable unknown multicast flooding. type: str choices: enable, disable more...
- local_override - Enable/disable overriding the global IGMP snooping configuration. type: str choices: enable, disable more...
- vlans - Configure IGMP snooping VLAN. type: list member_path: igmp_snooping/vlans:vlan_name more...
- proxy - IGMP snooping proxy for the VLAN interface. type: str choices: disable, enable, global more...
- querier - Enable/disable IGMP snooping querier for the VLAN interface. type: str choices: disable, enable more...
- querier_addr - IGMP snooping querier address. type: str more...
- version - IGMP snooping querying version. type: int more...
- vlan_name - List of FortiSwitch VLANs. Source system.interface.name. type: str required: true more...
- ip_source_guard - IP source guard. type: list member_path: ip_source_guard:port more...
- binding_entry - IP and MAC address configuration. type: list member_path: ip_source_guard:port/binding_entry:entry_name more...
- entry_name - Configure binding pair. type: str required: true more...
- ip - Source IP for this rule. type: str more...
- mac - MAC address for this rule. type: str more...
- description - Description. type: str more...
- port - Ingress interface to which source guard is bound. type: str required: true more...
- l3_discovered - Layer 3 management discovered. type: int more...
- max_allowed_trunk_members - FortiSwitch maximum allowed trunk members. type: int more...
- mclag_igmp_snooping_aware - Enable/disable MCLAG IGMP-snooping awareness. type: str choices: enable, disable more...
- mirror - Configuration method to edit FortiSwitch packet mirror. type: list member_path: mirror:name more...
- dst - Destination port. type: str more...
- name - Mirror name. type: str required: true more...
- src_egress - Source egress interfaces. type: list member_path: mirror:name/src_egress:name more...
- name - Interface name. type: str required: true more...
- src_ingress - Source ingress interfaces. type: list member_path: mirror:name/src_ingress:name more...
- name - Interface name. type: str required: true more...
- status - Active/inactive mirror configuration. type: str choices: active, inactive more...
- switching_packet - Enable/disable switching functionality when mirroring. type: str choices: enable, disable more...
- name - Managed-switch name. type: str more...
- override_snmp_community - Enable/disable overriding the global SNMP communities. type: str choices: enable, disable more...
- override_snmp_sysinfo - Enable/disable overriding the global SNMP system information. type: str choices: disable, enable more...
- override_snmp_trap_threshold - Enable/disable overriding the global SNMP trap threshold values. type: str choices: enable, disable more...
- override_snmp_user - Enable/disable overriding the global SNMP users. type: str choices: enable, disable more...
- owner_vdom - VDOM which owner of port belongs to. type: str more...
- poe_detection_type - PoE detection type for FortiSwitch. type: int more...
- poe_lldp_detection - Enable/disable PoE LLDP detection. type: str choices: enable, disable more...
- poe_pre_standard_detection - Enable/disable PoE pre-standard detection. type: str choices: enable, disable more...
- ports - Managed-switch port list. type: list member_path: ports:port_name more...
- access_mode - Access mode of the port. type: str choices: dynamic, nac, static, normal more...
- acl_group - ACL groups on this port. type: list member_path: ports:port_name/acl_group:name more...
- name - ACL group name. Source switch-controller.acl.group.name. type: str required: true more...
- aggregator_mode - LACP member select mode. type: str choices: bandwidth, count more...
- allowed_vlans - Configure switch port tagged VLANs. type: list member_path: ports:port_name/allowed_vlans:vlan_name more...
- vlan_name - VLAN name. Source system.interface.name. type: str required: true more...
- allowed_vlans_all - Enable/disable all defined vlans on this port. type: str choices: enable, disable more...
- arp_inspection_trust - Trusted or untrusted dynamic ARP inspection. type: str choices: untrusted, trusted more...
- bundle - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. type: str choices: enable, disable more...
- description - Description for port. type: str more...
- dhcp_snoop_option82_override - Configure DHCP snooping option 82 override. type: list member_path: ports:port_name/dhcp_snoop_option82_override:vlan_name more...
- circuit_id - Circuit ID string. type: str more...
- remote_id - Remote ID string. type: str more...
- vlan_name - DHCP snooping option 82 VLAN. Source system.interface.name. type: str required: true more...
- dhcp_snoop_option82_trust - Enable/disable allowance of DHCP with option-82 on untrusted interface. type: str choices: enable, disable more...
- dhcp_snooping - Trusted or untrusted DHCP-snooping interface. type: str choices: untrusted, trusted more...
- discard_mode - Configure discard mode for port. type: str choices: none, all-untagged, all-tagged more...
- edge_port - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. type: str choices: enable, disable more...
- export_tags - Configure export tag(s) for FortiSwitch port when exported to a virtual port pool. type: list member_path: ports:port_name/export_tags:tag_name more...
- tag_name - FortiSwitch port tag name when exported to a virtual port pool. Source switch-controller.switch-interface-tag.name. type: str required: true more...
- export_to - Export managed-switch port to a tenant VDOM. Source system.vdom.name. type: str more...
- export_to_pool - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. type: str more...
- export_to_pool_flag - Switch controller export port to pool-list. type: int more...
- fec_capable - FEC capable. type: int more...
- fec_state - State of forward error correction. type: str choices: disabled, cl74, cl91 more...
- fgt_peer_device_name - FGT peer device name. type: str more...
- fgt_peer_port_name - FGT peer port name. type: str more...
- fiber_port - Fiber-port. type: int more...
- flags - Port properties flags. type: int more...
- flap_duration - Period over which flap events are calculated (seconds). type: int more...
- flap_rate - Number of stage change events needed within flap-duration. type: int more...
- flap_timeout - Flap guard disabling protection (min). type: int more...
- flapguard - Enable/disable flap guard. type: str choices: enable, disable more...
- flow_control - Flow control direction. type: str choices: disable, tx, rx, both more...
- fortilink_port - FortiLink uplink port. type: int more...
- fortiswitch_acls - ACLs on this port. type: list member_path: ports:port_name/fortiswitch_acls:id more...
- id - ACL ID. type: int required: true more...
- igmp_snooping - Set IGMP snooping mode for the physical port interface. type: str choices: enable, disable more...
- igmp_snooping_flood_reports - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str choices: enable, disable more...
- igmps_flood_reports - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str choices: enable, disable more...
- igmps_flood_traffic - Enable/disable flooding of IGMP snooping traffic to this interface. type: str choices: enable, disable more...
- interface_tags - Tag(s) associated with the interface for various features including virtual port pool, dynamic port policy. type: list member_path: ports:port_name/interface_tags:tag_name more...
- tag_name - FortiSwitch port tag name when exported to a virtual port pool or matched to dynamic port policy. Source switch-controller.switch-interface-tag.name. type: str required: true more...
- ip_source_guard - Enable/disable IP source guard. type: str choices: disable, enable more...
- isl_local_trunk_name - ISL local trunk name. type: str more...
- isl_peer_device_name - ISL peer device name. type: str more...
- isl_peer_port_name - ISL peer port name. type: str more...
- lacp_speed - End Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). type: str choices: slow, fast more...
- learning_limit - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). type: int more...
- lldp_profile - LLDP port TLV profile. Source switch-controller.lldp-profile.name. type: str more...
- lldp_status - LLDP transmit and receive status. type: str choices: disable, rx-only, tx-only, tx-rx more...
- loop_guard - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. type: str choices: enabled, disabled more...
- loop_guard_timeout - Loop-guard timeout (0 - 120 min). type: int more...
- mac_addr - Port/Trunk MAC. type: str more...
- matched_dpp_intf_tags - Matched interface tags in the dynamic port policy. type: str more...
- matched_dpp_policy - Matched child policy in the dynamic port policy. type: str more...
- max_bundle - Maximum size of LAG bundle (1 - 24). type: int more...
- mcast_snooping_flood_traffic - Enable/disable flooding of IGMP snooping traffic to this interface. type: str choices: enable, disable more...
- mclag - Enable/disable multi-chassis link aggregation (MCLAG). type: str choices: enable, disable more...
- mclag_icl_port - MCLAG-ICL port. type: int more...
- media_type - Media type. type: str more...
- member_withdrawal_behavior - Port behavior after it withdraws because of loss of control packets. type: str choices: forward, block more...
- members - Aggregated LAG bundle interfaces. type: list member_path: ports:port_name/members:member_name more...
- member_name - Interface name from available options. type: str required: true more...
- min_bundle - Minimum size of LAG bundle (1 - 24). type: int more...
- mode - LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. type: str choices: static, lacp-passive, lacp-active more...
- p2p_port - General peer to peer tunnel port. type: int more...
- packet_sample_rate - Packet sampling rate (0 - 99999 p/sec). type: int more...
- packet_sampler - Enable/disable packet sampling on this interface. type: str choices: enabled, disabled more...
- pause_meter - Configure ingress pause metering rate, in kbps . type: int more...
- pause_meter_resume - Resume threshold for resuming traffic on ingress port. type: str choices: 75%, 50%, 25% more...
- poe_capable - PoE capable. type: int more...
- poe_max_power - PoE maximum power. type: str more...
- poe_mode_bt_cabable - PoE mode IEEE 802.3BT capable. type: int more...
- poe_port_mode - Configure PoE port mode. type: str choices: ieee802-3af, ieee802-3at, ieee802-3bt more...
- poe_port_power - Configure PoE port power. type: str choices: normal, perpetual, perpetual-fast more...
- poe_port_priority - Configure PoE port priority. type: str choices: critical-priority, high-priority, low-priority, medium-priority more...
- poe_pre_standard_detection - Enable/disable PoE pre-standard detection. type: str choices: enable, disable more...
- poe_standard - PoE standard supported. type: str more...
- poe_status - Enable/disable PoE status. type: str choices: enable, disable more...
- port_name - Switch port name. type: str required: true more...
- port_number - Port number. type: int more...
- port_owner - Switch port name. type: str more...
- port_policy - Switch controller dynamic port policy from available options. Source switch-controller.dynamic-port-policy.name. type: str more...
- port_prefix_type - Port prefix type. type: int more...
- port_security_policy - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name. type: str more...
- port_selection_criteria - Algorithm for aggregate port selection. type: str choices: src-mac, dst-mac, src-dst-mac, src-ip, dst-ip, src-dst-ip more...
- ptp_policy - PTP policy configuration. Source switch-controller.ptp.policy.name. type: str more...
- qos_policy - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. type: str more...
- rpvst_port - Enable/disable inter-operability with rapid PVST on this interface. type: str choices: disabled, enabled more...
- sample_direction - Packet sampling direction. type: str choices: tx, rx, both more...
- sflow_counter_interval - sFlow sampling counter polling interval in seconds (0 - 255). type: int more...
- sflow_sample_rate - sFlow sampler sample rate (0 - 99999 p/sec). type: int more...
- sflow_sampler - Enable/disable sFlow protocol on this interface. type: str choices: enabled, disabled more...
- speed - Switch port speed; default and available settings depend on hardware. type: str choices: 10half, 10full, 100half, 100full, 1000full, 10000full, auto, 1000auto, 1000full-fiber, 40000full, auto-module, 100FX-half, 100FX-full, 100000full, 2500auto, 25000full, 50000full, 10000cr, 10000sr, 100000sr4, 100000cr4, 40000sr4, 40000cr4, 25000cr, 25000sr, 50000cr, 50000sr, 5000auto, 1000fiber, 10000, 40000, 25000cr4, 25000sr4, 5000full, 2500full more...
- speed_mask - Switch port speed mask. type: int more...
- stacking_port - Stacking port. type: int more...
- status - Switch port admin status: up or down. type: str choices: up, down more...
- sticky_mac - Enable or disable sticky-mac on the interface. type: str choices: enable, disable more...
- storm_control_policy - Switch controller storm control policy from available options. Source switch-controller.storm-control-policy.name. type: str more...
- stp_bpdu_guard - Enable/disable STP BPDU guard on this interface. type: str choices: enabled, disabled more...
- stp_bpdu_guard_timeout - BPDU Guard disabling protection (0 - 120 min). type: int more...
- stp_root_guard - Enable/disable STP root guard on this interface. type: str choices: enabled, disabled more...
- stp_state - Enable/disable Spanning Tree Protocol (STP) on this interface. type: str choices: enabled, disabled more...
- switch_id - Switch id. type: str more...
- type - Interface type: physical or trunk port. type: str choices: physical, trunk more...
- untagged_vlans - Configure switch port untagged VLANs. type: list member_path: ports:port_name/untagged_vlans:vlan_name more...
- vlan_name - VLAN name. Source system.interface.name. type: str required: true more...
- virtual_port - Virtualized switch port. type: int more...
- vlan - Assign switch ports to a VLAN. Source system.interface.name. type: str more...
- pre_provisioned - Pre-provisioned managed switch. type: int more...
- qos_drop_policy - Set QoS drop-policy. type: str choices: taildrop, random-early-detection more...
- qos_red_probability - Set QoS RED/WRED drop probability. type: int more...
- remote_log - Configure logging by FortiSwitch device to a remote syslog server. type: list member_path: remote_log:name more...
- csv - Enable/disable comma-separated value (CSV) strings. type: str choices: enable, disable more...
- facility - Facility to log to remote syslog server. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 more...
- name - Remote log name. type: str required: true more...
- port - Remote syslog server listening port. type: int more...
- server - IPv4 address of the remote syslog server. type: str more...
- severity - Severity of logs to be transferred to remote log server. type: str choices: emergency, alert, critical, error, warning, notification, information, debug more...
- status - Enable/disable logging by FortiSwitch device to a remote syslog server. type: str choices: enable, disable more...
- sn - Managed-switch serial number. type: str more...
- snmp_community - Configuration method to edit Simple Network Management Protocol (SNMP) communities. type: list member_path: snmp_community:id more...
- events - SNMP notifications (traps) to send. type: list choices: cpu-high, mem-low, log-full, intf-ip, ent-conf-change more...
- hosts - Configure IPv4 SNMP managers (hosts). type: list member_path: snmp_community:id/hosts:id more...
- id - Host entry ID. type: int required: true more...
- ip - IPv4 address of the SNMP manager (host). type: str more...
- id - SNMP community ID. type: int required: true more...
- name - SNMP community name. type: str more...
- query_v1_port - SNMP v1 query port . type: int more...
- query_v1_status - Enable/disable SNMP v1 queries. type: str choices: disable, enable more...
- query_v2c_port - SNMP v2c query port . type: int more...
- query_v2c_status - Enable/disable SNMP v2c queries. type: str choices: disable, enable more...
- status - Enable/disable this SNMP community. type: str choices: disable, enable more...
- trap_v1_lport - SNMP v2c trap local port . type: int more...
- trap_v1_rport - SNMP v2c trap remote port . type: int more...
- trap_v1_status - Enable/disable SNMP v1 traps. type: str choices: disable, enable more...
- trap_v2c_lport - SNMP v2c trap local port . type: int more...
- trap_v2c_rport - SNMP v2c trap remote port . type: int more...
- trap_v2c_status - Enable/disable SNMP v2c traps. type: str choices: disable, enable more...
- snmp_sysinfo - Configuration method to edit Simple Network Management Protocol (SNMP) system info. type: dict more...
- contact_info - Contact information. type: str more...
- description - System description. type: str more...
- engine_id - Local SNMP engine ID string (max 24 char). type: str more...
- location - System location. type: str more...
- status - Enable/disable SNMP. type: str choices: disable, enable more...
- snmp_trap_threshold - Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values. type: dict more...
- trap_high_cpu_threshold - CPU usage when trap is sent. type: int more...
- trap_log_full_threshold - Log disk usage when trap is sent. type: int more...
- trap_low_memory_threshold - Memory usage when trap is sent. type: int more...
- snmp_user - Configuration method to edit Simple Network Management Protocol (SNMP) users. type: list member_path: snmp_user:name more...
- auth_proto - Authentication protocol. type: str choices: md5, sha1, sha224, sha256, sha384, sha512, sha more...
- auth_pwd - Password for authentication protocol. type: str more...
- name - SNMP user name. type: str required: true more...
- priv_proto - Privacy (encryption) protocol. type: str choices: aes128, aes192, aes192c, aes256, aes256c, des, aes more...
- priv_pwd - Password for privacy (encryption) protocol. type: str more...
- queries - Enable/disable SNMP queries for this user. type: str choices: disable, enable more...
- query_port - SNMPv3 query port . type: int more...
- security_level - Security level for message authentication and encryption. type: str choices: no-auth-no-priv, auth-no-priv, auth-priv more...
- staged_image_version - Staged image version for FortiSwitch. type: str more...
- static_mac - Configuration method to edit FortiSwitch Static and Sticky MAC. type: list member_path: static_mac:id more...
- description - Description. type: str more...
- id - ID. type: int required: true more...
- interface - Interface name. type: str more...
- mac - MAC address. type: str more...
- type - Type. type: str choices: static, sticky more...
- vlan - Vlan. Source system.interface.name. type: str more...
- storm_control - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. type: dict more...
- broadcast - Enable/disable storm control to drop broadcast traffic. type: str choices: enable, disable more...
- local_override - Enable to override global FortiSwitch storm control settings for this FortiSwitch. type: str choices: enable, disable more...
- rate - Rate in packets per second at which storm control drops excess traffic(0-10000000). type: int more...
- unknown_multicast - Enable/disable storm control to drop unknown multicast traffic. type: str choices: enable, disable more...
- unknown_unicast - Enable/disable storm control to drop unknown unicast traffic. type: str choices: enable, disable more...
- stp_instance - Configuration method to edit Spanning Tree Protocol (STP) instances. type: list member_path: stp_instance:id more...
- id - Instance ID. type: str required: true more...
- priority - Priority. type: str choices: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 more...
- stp_settings - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. type: dict more...
- forward_time - Period of time a port is in listening and learning state (4 - 30 sec). type: int more...
- hello_time - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). type: int more...
- local_override - Enable to configure local STP settings that override global STP settings. type: str choices: enable, disable more...
- max_age - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). type: int more...
- max_hops - Maximum number of hops between the root bridge and the furthest bridge (1- 40). type: int more...
- name - Name of local STP settings configuration. type: str more...
- pending_timer - Pending time (1 - 15 sec). type: int more...
- revision - STP revision number (0 - 65535). type: int more...
- status - Enable/disable STP. type: str choices: enable, disable more...
- switch_device_tag - User definable label/tag. type: str more...
- switch_dhcp_opt43_key - DHCP option43 key. type: str more...
- switch_id - Managed-switch name. type: str required: true more...
- switch_log - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). type: dict more...
- local_override - Enable to configure local logging settings that override global logging settings. type: str choices: enable, disable more...
- severity - Severity of FortiSwitch logs that are added to the FortiGate event log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug more...
- status - Enable/disable adding FortiSwitch logs to the FortiGate event log. type: str choices: enable, disable more...
- switch_profile - FortiSwitch profile. Source switch-controller.switch-profile.name. type: str more...
- switch_stp_settings - Configure spanning tree protocol (STP). type: dict more...
- status - Enable/disable STP. type: str choices: enable, disable more...
- tdr_supported - TDR supported. type: str more...
- type - Indication of switch type, physical or virtual. type: str choices: virtual, physical more...
- version - FortiSwitch version. type: int more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fortios_switch_controller_managed_switch:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
switch_controller_managed_switch:
settings_802_1X:
link_down_auth: "set-unauth"
local_override: "enable"
mab_reauth: "disable"
max_reauth_attempt: "3"
reauth_period: "60"
tx_period: "30"
access_profile: "<your_own_value> (source switch-controller.security-policy.local-access.name)"
custom_command:
-
command_entry: "<your_own_value>"
command_name: "<your_own_value> (source switch-controller.custom-command.command-name)"
delayed_restart_trigger: "0"
description: "<your_own_value>"
dhcp_server_access_list: "global"
dhcp_snooping_static_client:
-
ip: "<your_own_value>"
mac: "<your_own_value>"
name: "default_name_20"
port: "<your_own_value>"
vlan: "<your_own_value> (source system.interface.name)"
directly_connected: "0"
dynamic_capability: "<your_own_value>"
dynamically_discovered: "0"
firmware_provision: "enable"
firmware_provision_latest: "disable"
firmware_provision_version: "<your_own_value>"
flow_identity: "<your_own_value>"
fsw_wan1_admin: "discovered"
fsw_wan1_peer: "<your_own_value> (source system.interface.name)"
fsw_wan2_admin: "discovered"
fsw_wan2_peer: "<your_own_value>"
igmp_snooping:
aging_time: "300"
flood_unknown_multicast: "enable"
local_override: "enable"
vlans:
-
proxy: "disable"
querier: "disable"
querier_addr: "<your_own_value>"
version: "2"
vlan_name: "<your_own_value> (source system.interface.name)"
ip_source_guard:
-
binding_entry:
-
entry_name: "<your_own_value>"
ip: "<your_own_value>"
mac: "<your_own_value>"
description: "<your_own_value>"
port: "<your_own_value>"
l3_discovered: "0"
max_allowed_trunk_members: "0"
mclag_igmp_snooping_aware: "enable"
mirror:
-
dst: "<your_own_value>"
name: "default_name_56"
src_egress:
-
name: "default_name_58"
src_ingress:
-
name: "default_name_60"
status: "active"
switching_packet: "enable"
name: "default_name_63"
override_snmp_community: "enable"
override_snmp_sysinfo: "disable"
override_snmp_trap_threshold: "enable"
override_snmp_user: "enable"
owner_vdom: "<your_own_value>"
poe_detection_type: "0"
poe_lldp_detection: "enable"
poe_pre_standard_detection: "enable"
ports:
-
access_mode: "dynamic"
acl_group:
-
name: "default_name_75 (source switch-controller.acl.group.name)"
aggregator_mode: "bandwidth"
allowed_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
allowed_vlans_all: "enable"
arp_inspection_trust: "untrusted"
bundle: "enable"
description: "<your_own_value>"
dhcp_snoop_option82_override:
-
circuit_id: "<your_own_value>"
remote_id: "<your_own_value>"
vlan_name: "<your_own_value> (source system.interface.name)"
dhcp_snoop_option82_trust: "enable"
dhcp_snooping: "untrusted"
discard_mode: "none"
edge_port: "enable"
export_tags:
-
tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
export_to: "<your_own_value> (source system.vdom.name)"
export_to_pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)"
export_to_pool_flag: "0"
fec_capable: "0"
fec_state: "disabled"
fgt_peer_device_name: "<your_own_value>"
fgt_peer_port_name: "<your_own_value>"
fiber_port: "0"
flags: "0"
flap_duration: "30"
flap_rate: "5"
flap_timeout: "0"
flapguard: "enable"
flow_control: "disable"
fortilink_port: "0"
fortiswitch_acls:
-
id: "109"
igmp_snooping: "enable"
igmp_snooping_flood_reports: "enable"
igmps_flood_reports: "enable"
igmps_flood_traffic: "enable"
interface_tags:
-
tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
ip_source_guard: "disable"
isl_local_trunk_name: "<your_own_value>"
isl_peer_device_name: "<your_own_value>"
isl_peer_port_name: "<your_own_value>"
lacp_speed: "slow"
learning_limit: "0"
lldp_profile: "<your_own_value> (source switch-controller.lldp-profile.name)"
lldp_status: "disable"
loop_guard: "enabled"
loop_guard_timeout: "45"
mac_addr: "<your_own_value>"
matched_dpp_intf_tags: "<your_own_value>"
matched_dpp_policy: "<your_own_value>"
max_bundle: "24"
mcast_snooping_flood_traffic: "enable"
mclag: "enable"
mclag_icl_port: "0"
media_type: "<your_own_value>"
member_withdrawal_behavior: "forward"
members:
-
member_name: "<your_own_value>"
min_bundle: "1"
mode: "static"
p2p_port: "0"
packet_sample_rate: "512"
packet_sampler: "enabled"
pause_meter: "0"
pause_meter_resume: "75%"
poe_capable: "0"
poe_max_power: "<your_own_value>"
poe_mode_bt_cabable: "0"
poe_port_mode: "ieee802-3af"
poe_port_power: "normal"
poe_port_priority: "critical-priority"
poe_pre_standard_detection: "enable"
poe_standard: "<your_own_value>"
poe_status: "enable"
port_name: "<your_own_value>"
port_number: "0"
port_owner: "<your_own_value>"
port_policy: "<your_own_value> (source switch-controller.dynamic-port-policy.name)"
port_prefix_type: "0"
port_security_policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name)"
port_selection_criteria: "src-mac"
ptp_policy: "<your_own_value> (source switch-controller.ptp.policy.name)"
qos_policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)"
rpvst_port: "disabled"
sample_direction: "tx"
sflow_counter_interval: "0"
sflow_sample_rate: "49999"
sflow_sampler: "enabled"
speed: "10half"
speed_mask: "2147483647"
stacking_port: "0"
status: "up"
sticky_mac: "enable"
storm_control_policy: "<your_own_value> (source switch-controller.storm-control-policy.name)"
stp_bpdu_guard: "enabled"
stp_bpdu_guard_timeout: "5"
stp_root_guard: "enabled"
stp_state: "enabled"
switch_id: "<your_own_value>"
type: "physical"
untagged_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
virtual_port: "0"
vlan: "<your_own_value> (source system.interface.name)"
pre_provisioned: "0"
qos_drop_policy: "taildrop"
qos_red_probability: "12"
remote_log:
-
csv: "enable"
facility: "kernel"
name: "default_name_189"
port: "514"
server: "192.168.100.40"
severity: "emergency"
status: "enable"
sn: "<your_own_value>"
snmp_community:
-
events: "cpu-high"
hosts:
-
id: "198"
ip: "<your_own_value>"
id: "200"
name: "default_name_201"
query_v1_port: "161"
query_v1_status: "disable"
query_v2c_port: "161"
query_v2c_status: "disable"
status: "disable"
trap_v1_lport: "162"
trap_v1_rport: "162"
trap_v1_status: "disable"
trap_v2c_lport: "162"
trap_v2c_rport: "162"
trap_v2c_status: "disable"
snmp_sysinfo:
contact_info: "<your_own_value>"
description: "<your_own_value>"
engine_id: "<your_own_value>"
location: "<your_own_value>"
status: "disable"
snmp_trap_threshold:
trap_high_cpu_threshold: "80"
trap_log_full_threshold: "90"
trap_low_memory_threshold: "80"
snmp_user:
-
auth_proto: "md5"
auth_pwd: "<your_own_value>"
name: "default_name_226"
priv_proto: "aes128"
priv_pwd: "<your_own_value>"
queries: "disable"
query_port: "161"
security_level: "no-auth-no-priv"
staged_image_version: "<your_own_value>"
static_mac:
-
description: "<your_own_value>"
id: "235"
interface: "<your_own_value>"
mac: "<your_own_value>"
type: "static"
vlan: "<your_own_value> (source system.interface.name)"
storm_control:
broadcast: "enable"
local_override: "enable"
rate: "500"
unknown_multicast: "enable"
unknown_unicast: "enable"
stp_instance:
-
id: "247"
priority: "0"
stp_settings:
forward_time: "15"
hello_time: "2"
local_override: "enable"
max_age: "20"
max_hops: "20"
name: "default_name_255"
pending_timer: "4"
revision: "0"
status: "enable"
switch_device_tag: "<your_own_value>"
switch_dhcp_opt43_key: "<your_own_value>"
switch_id: "<your_own_value>"
switch_log:
local_override: "enable"
severity: "emergency"
status: "enable"
switch_profile: "<your_own_value> (source switch-controller.switch-profile.name)"
switch_stp_settings:
status: "enable"
tdr_supported: "<your_own_value>"
type: "virtual"
version: "0"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3