New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|||
switch_controller_managed_switch
-
|
Default: null
|
Configure FortiSwitch devices that are managed by this FortiGate.
|
|||
802-1X-settings
-
|
Configuration method to edit FortiSwitch 802.1X global settings.
|
||||
link-down-auth
-
|
|
Authentication state to set if a link is down.
|
|||
local-override
-
|
|
Enable to override global 802.1X settings on individual FortiSwitches.
|
|||
max-reauth-attempt
-
|
Maximum number of authentication attempts (0 - 15, default = 3).
|
||||
reauth-period
-
|
Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable).
|
||||
connected
-
|
CAPWAP connection.
|
||||
custom-command
-
|
Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
|
||||
command-entry
-
/ required
|
List of FortiSwitch commands.
|
||||
command-name
-
|
Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name.
|
||||
delayed-restart-trigger
-
|
Delayed restart triggered for this FortiSwitch.
|
||||
description
-
|
Description.
|
||||
directly-connected
-
|
Directly connected FortiSwitch.
|
||||
dynamic-capability
-
|
List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device.
|
||||
dynamically-discovered
-
|
Dynamically discovered FortiSwitch.
|
||||
fsw-wan1-admin
-
|
|
FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch.
|
|||
fsw-wan1-peer
-
|
Fortiswitch WAN1 peer port.
|
||||
fsw-wan2-admin
-
|
|
FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch.
|
|||
fsw-wan2-peer
-
|
FortiSwitch WAN2 peer port.
|
||||
igmp-snooping
-
|
Configure FortiSwitch IGMP snooping global settings.
|
||||
aging-time
-
|
Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300).
|
||||
flood-unknown-multicast
-
|
|
Enable/disable unknown multicast flooding.
|
|||
local-override
-
|
|
Enable/disable overriding the global IGMP snooping configuration.
|
|||
max-allowed-trunk-members
-
|
FortiSwitch maximum allowed trunk members.
|
||||
mirror
-
|
Configuration method to edit FortiSwitch packet mirror.
|
||||
dst
-
|
Destination port.
|
||||
name
-
/ required
|
Mirror name.
|
||||
src-egress
-
|
Source egress interfaces.
|
||||
name
-
/ required
|
Interface name.
|
||||
src-ingress
-
|
Source ingress interfaces.
|
||||
name
-
/ required
|
Interface name.
|
||||
status
-
|
|
Active/inactive mirror configuration.
|
|||
switching-packet
-
|
|
Enable/disable switching functionality when mirroring.
|
|||
name
-
|
Managed-switch name.
|
||||
owner-vdom
-
|
VDOM which owner of port belongs to.
|
||||
poe-pre-standard-detection
-
|
|
Enable/disable PoE pre-standard detection.
|
|||
ports
-
|
Managed-switch port list.
|
||||
allowed-vlans
-
|
Configure switch port tagged vlans
|
||||
vlan-name
-
/ required
|
VLAN name. Source system.interface.name.
|
||||
allowed-vlans-all
-
|
|
Enable/disable all defined vlans on this port.
|
|||
arp-inspection-trust
-
|
|
Trusted or untrusted dynamic ARP inspection.
|
|||
bundle
-
|
|
Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces.
|
|||
description
-
|
Description for port.
|
||||
dhcp-snoop-option82-trust
-
|
|
Enable/disable allowance of DHCP with option-82 on untrusted interface.
|
|||
dhcp-snooping
-
|
|
Trusted or untrusted DHCP-snooping interface.
|
|||
discard-mode
-
|
|
Configure discard mode for port.
|
|||
edge-port
-
|
|
Enable/disable this interface as an edge port, bridging connections between workstations and/or computers.
|
|||
export-tags
-
|
Switch controller export tag name.
|
||||
tag-name
-
/ required
|
Switch tag name. Source switch-controller.switch-interface-tag.name.
|
||||
export-to
-
|
Export managed-switch port to a tenant VDOM. Source system.vdom.name.
|
||||
export-to-pool
-
|
Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name.
|
||||
export-to-pool_flag
-
|
Switch controller export port to pool-list.
|
||||
fgt-peer-device-name
-
|
FGT peer device name.
|
||||
fgt-peer-port-name
-
|
FGT peer port name.
|
||||
fiber-port
-
|
Fiber-port.
|
||||
flags
-
|
Port properties flags.
|
||||
fortilink-port
-
|
FortiLink uplink port.
|
||||
igmp-snooping
-
|
|
Set IGMP snooping mode for the physical port interface.
|
|||
igmps-flood-reports
-
|
|
Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.
|
|||
igmps-flood-traffic
-
|
|
Enable/disable flooding of IGMP snooping traffic to this interface.
|
|||
isl-local-trunk-name
-
|
ISL local trunk name.
|
||||
isl-peer-device-name
-
|
ISL peer device name.
|
||||
isl-peer-port-name
-
|
ISL peer port name.
|
||||
lacp-speed
-
|
|
end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast).
|
|||
learning-limit
-
|
Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).
|
||||
lldp-profile
-
|
LLDP port TLV profile. Source switch-controller.lldp-profile.name.
|
||||
lldp-status
-
|
|
LLDP transmit and receive status.
|
|||
loop-guard
-
|
|
Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops.
|
|||
loop-guard-timeout
-
|
Loop-guard timeout (0 - 120 min, default = 45).
|
||||
max-bundle
-
|
Maximum size of LAG bundle (1 - 24, default = 24)
|
||||
mclag
-
|
|
Enable/disable multi-chassis link aggregation (MCLAG).
|
|||
member-withdrawal-behavior
-
|
|
Port behavior after it withdraws because of loss of control packets.
|
|||
members
-
|
Aggregated LAG bundle interfaces.
|
||||
member-name
-
/ required
|
Interface name from available options.
|
||||
min-bundle
-
|
Minimum size of LAG bundle (1 - 24, default = 1)
|
||||
mode
-
|
|
LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively.
|
|||
poe-capable
-
|
PoE capable.
|
||||
poe-pre-standard-detection
-
|
|
Enable/disable PoE pre-standard detection.
|
|||
poe-status
-
|
|
Enable/disable PoE status.
|
|||
port-name
-
/ required
|
Switch port name.
|
||||
port-number
-
|
Port number.
|
||||
port-owner
-
|
Switch port name.
|
||||
port-prefix-type
-
|
Port prefix type.
|
||||
port-security-policy
-
|
Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name.
|
||||
port-selection-criteria
-
|
|
Algorithm for aggregate port selection.
|
|||
qos-policy
-
|
Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name.
|
||||
sample-direction
-
|
|
sFlow sample direction.
|
|||
sflow-counter-interval
-
|
sFlow sampler counter polling interval (1 - 255 sec).
|
||||
sflow-sample-rate
-
|
sFlow sampler sample rate (0 - 99999 p/sec).
|
||||
sflow-sampler
-
|
|
Enable/disable sFlow protocol on this interface.
|
|||
speed
-
|
|
Switch port speed; default and available settings depend on hardware.
|
|||
speed-mask
-
|
Switch port speed mask.
|
||||
stacking-port
-
|
Stacking port.
|
||||
status
-
|
|
Switch port admin status: up or down.
|
|||
stp-bpdu-guard
-
|
|
Enable/disable STP BPDU guard on this interface.
|
|||
stp-bpdu-guard-timeout
-
|
BPDU Guard disabling protection (0 - 120 min).
|
||||
stp-root-guard
-
|
|
Enable/disable STP root guard on this interface.
|
|||
stp-state
-
|
|
Enable/disable Spanning Tree Protocol (STP) on this interface.
|
|||
switch-id
-
|
Switch id.
|
||||
type
-
|
|
Interface type: physical or trunk port.
|
|||
untagged-vlans
-
|
Configure switch port untagged vlans
|
||||
vlan-name
-
/ required
|
VLAN name. Source system.interface.name.
|
||||
virtual-port
-
|
Virtualized switch port.
|
||||
vlan
-
|
Assign switch ports to a VLAN. Source system.interface.name.
|
||||
pre-provisioned
-
|
Pre-provisioned managed switch.
|
||||
staged-image-version
-
|
Staged image version for FortiSwitch.
|
||||
state
-
|
|
Indicates whether to create or remove the object
|
|||
storm-control
-
|
Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
|
||||
broadcast
-
|
|
Enable/disable storm control to drop broadcast traffic.
|
|||
local-override
-
|
|
Enable to override global FortiSwitch storm control settings for this FortiSwitch.
|
|||
rate
-
|
Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold.
|
||||
unknown-multicast
-
|
|
Enable/disable storm control to drop unknown multicast traffic.
|
|||
unknown-unicast
-
|
|
Enable/disable storm control to drop unknown unicast traffic.
|
|||
stp-settings
-
|
Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
|
||||
forward-time
-
|
Period of time a port is in listening and learning state (4 - 30 sec, default = 15).
|
||||
hello-time
-
|
Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2).
|
||||
local-override
-
|
|
Enable to configure local STP settings that override global STP settings.
|
|||
max-age
-
|
Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20).
|
||||
max-hops
-
|
Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20).
|
||||
name
-
|
Name of local STP settings configuration.
|
||||
pending-timer
-
|
Pending time (1 - 15 sec, default = 4).
|
||||
revision
-
|
STP revision number (0 - 65535).
|
||||
status
-
|
|
Enable/disable STP.
|
|||
switch-device-tag
-
|
User definable label/tag.
|
||||
switch-id
-
/ required
|
Managed-switch id.
|
||||
switch-log
-
|
Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
|
||||
local-override
-
|
|
Enable to configure local logging settings that override global logging settings.
|
|||
severity
-
|
|
Severity of FortiSwitch logs that are added to the FortiGate event log.
|
|||
status
-
|
|
Enable/disable adding FortiSwitch logs to the FortiGate event log.
|
|||
switch-profile
-
|
FortiSwitch profile. Source switch-controller.switch-profile.name.
|
||||
switch-stp-settings
-
|
Configure spanning tree protocol (STP).
|
||||
status
-
|
|
Enable/disable STP.
|
|||
type
-
|
|
Indication of switch type, physical or virtual.
|
|||
version
-
|
FortiSwitch version.
|
||||
username
-
/ required
|
FortiOS or FortiGate username.
|
||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fortios_switch_controller_managed_switch:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
switch_controller_managed_switch:
state: "present"
802-1X-settings:
link-down-auth: "set-unauth"
local-override: "enable"
max-reauth-attempt: "6"
reauth-period: "7"
connected: "8"
custom-command:
-
command-entry: "<your_own_value>"
command-name: "<your_own_value> (source switch-controller.custom-command.command-name)"
delayed-restart-trigger: "12"
description: "<your_own_value>"
directly-connected: "14"
dynamic-capability: "15"
dynamically-discovered: "16"
fsw-wan1-admin: "discovered"
fsw-wan1-peer: "<your_own_value>"
fsw-wan2-admin: "discovered"
fsw-wan2-peer: "<your_own_value>"
igmp-snooping:
aging-time: "22"
flood-unknown-multicast: "enable"
local-override: "enable"
max-allowed-trunk-members: "25"
mirror:
-
dst: "<your_own_value>"
name: "default_name_28"
src-egress:
-
name: "default_name_30"
src-ingress:
-
name: "default_name_32"
status: "active"
switching-packet: "enable"
name: "default_name_35"
owner-vdom: "<your_own_value>"
poe-pre-standard-detection: "enable"
ports:
-
allowed-vlans:
-
vlan-name: "<your_own_value> (source system.interface.name)"
allowed-vlans-all: "enable"
arp-inspection-trust: "untrusted"
bundle: "enable"
description: "<your_own_value>"
dhcp-snoop-option82-trust: "enable"
dhcp-snooping: "untrusted"
discard-mode: "none"
edge-port: "enable"
export-tags:
-
tag-name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
export-to: "<your_own_value> (source system.vdom.name)"
export-to-pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)"
export-to-pool_flag: "53"
fgt-peer-device-name: "<your_own_value>"
fgt-peer-port-name: "<your_own_value>"
fiber-port: "56"
flags: "57"
fortilink-port: "58"
igmp-snooping: "enable"
igmps-flood-reports: "enable"
igmps-flood-traffic: "enable"
isl-local-trunk-name: "<your_own_value>"
isl-peer-device-name: "<your_own_value>"
isl-peer-port-name: "<your_own_value>"
lacp-speed: "slow"
learning-limit: "66"
lldp-profile: "<your_own_value> (source switch-controller.lldp-profile.name)"
lldp-status: "disable"
loop-guard: "enabled"
loop-guard-timeout: "70"
max-bundle: "71"
mclag: "enable"
member-withdrawal-behavior: "forward"
members:
-
member-name: "<your_own_value>"
min-bundle: "76"
mode: "static"
poe-capable: "78"
poe-pre-standard-detection: "enable"
poe-status: "enable"
port-name: "<your_own_value>"
port-number: "82"
port-owner: "<your_own_value>"
port-prefix-type: "84"
port-security-policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal
.name)"
port-selection-criteria: "src-mac"
qos-policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)"
sample-direction: "tx"
sflow-counter-interval: "89"
sflow-sample-rate: "90"
sflow-sampler: "enabled"
speed: "10half"
speed-mask: "93"
stacking-port: "94"
status: "up"
stp-bpdu-guard: "enabled"
stp-bpdu-guard-timeout: "97"
stp-root-guard: "enabled"
stp-state: "enabled"
switch-id: "<your_own_value>"
type: "physical"
untagged-vlans:
-
vlan-name: "<your_own_value> (source system.interface.name)"
virtual-port: "104"
vlan: "<your_own_value> (source system.interface.name)"
pre-provisioned: "106"
staged-image-version: "<your_own_value>"
storm-control:
broadcast: "enable"
local-override: "enable"
rate: "111"
unknown-multicast: "enable"
unknown-unicast: "enable"
stp-settings:
forward-time: "115"
hello-time: "116"
local-override: "enable"
max-age: "118"
max-hops: "119"
name: "default_name_120"
pending-timer: "121"
revision: "122"
status: "enable"
switch-device-tag: "<your_own_value>"
switch-id: "<your_own_value>"
switch-log:
local-override: "enable"
severity: "emergency"
status: "enable"
switch-profile: "<your_own_value> (source switch-controller.switch-profile.name)"
switch-stp-settings:
status: "enable"
type: "virtual"
version: "134"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.