fortinet.fortimanager.fmgr_switchcontroller_managedswitch module – Configure FortiSwitch devices that are managed by this FortiGate.

Note

This module is part of the fortinet.fortimanager collection (version 2.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_switchcontroller_managedswitch.

New in fortinet.fortimanager 2.0.0

Synopsis 

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters 

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
adom string / required	The parameter (adom) in requested url.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: `false` ← (default) `true`
enable_log boolean	Enable/Disable logging for task. Choices: `false` ← (default) `true`
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: `"update"` `"set"` `"add"`
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: `"present"` `"absent"`
switchcontroller_managedswitch dictionary	The top level parameters set.
802-1X-settings dictionary	Deprecated, please rename it to 802_1X_settings. 802 1X settings.
link-down-auth string	Deprecated, please rename it to link_down_auth. Authentication state to set if a link is down. Choices: `"set-unauth"` `"no-action"`
local-override string	Deprecated, please rename it to local_override. Enable to override global 802. Choices: `"disable"` `"enable"`
mab-reauth string	Deprecated, please rename it to mab_reauth. Enable or disable MAB reauthentication settings. Choices: `"disable"` `"enable"`
mac-called-station-delimiter string	Deprecated, please rename it to mac_called_station_delimiter. MAC called station delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
mac-calling-station-delimiter string	Deprecated, please rename it to mac_calling_station_delimiter. MAC calling station delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
mac-case string	Deprecated, please rename it to mac_case. MAC case Choices: `"uppercase"` `"lowercase"`
mac-password-delimiter string	Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
mac-username-delimiter string	Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
max-reauth-attempt integer	Deprecated, please rename it to max_reauth_attempt. Maximum number of authentication attempts
reauth-period integer	Deprecated, please rename it to reauth_period. Reauthentication time interval
tx-period integer	Deprecated, please rename it to tx_period. ‘802.’
_platform string	Platform.
access-profile any	(list) Deprecated, please rename it to access_profile. FortiSwitch access profile.
custom-command list / elements=dictionary	Deprecated, please rename it to custom_command. Custom command.
command-entry string	Deprecated, please rename it to command_entry. List of FortiSwitch commands.
command-name string	Deprecated, please rename it to command_name. Names of commands to be pushed to this FortiSwitch device, as config…
delayed-restart-trigger integer	Deprecated, please rename it to delayed_restart_trigger. Delayed restart triggered for this FortiSwitch.
description string	Description.
dhcp-server-access-list string	Deprecated, please rename it to dhcp_server_access_list. DHCP snooping server access list. Choices: `"disable"` `"enable"` `"global"`
dhcp-snooping-static-client list / elements=dictionary	Deprecated, please rename it to dhcp_snooping_static_client. Dhcp snooping static client.
ip string	Client static IP address.
mac string	Client MAC address.
name string	Client name.
port string	Interface name.
vlan string	VLAN name.
directly-connected integer	Deprecated, please rename it to directly_connected. Directly connected.
dynamic-capability string	Deprecated, please rename it to dynamic_capability. List of features this FortiSwitch supports
dynamically-discovered integer	Deprecated, please rename it to dynamically_discovered. Dynamically discovered.
firmware-provision string	Deprecated, please rename it to firmware_provision. Enable/disable provisioning of firmware to FortiSwitches on join conne… Choices: `"disable"` `"enable"`
firmware-provision-latest string	Deprecated, please rename it to firmware_provision_latest. Enable/disable one-time automatic provisioning of the latest fi… Choices: `"disable"` `"once"`
firmware-provision-version string	Deprecated, please rename it to firmware_provision_version. Firmware version to provision to this FortiSwitch on bootup
flow-identity string	Deprecated, please rename it to flow_identity. Flow-tracking netflow ipfix switch identity in hex format
fsw-wan1-admin string	Deprecated, please rename it to fsw_wan1_admin. FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a ma… Choices: `"disable"` `"enable"` `"discovered"`
fsw-wan1-peer any	(list) Deprecated, please rename it to fsw_wan1_peer. FortiSwitch WAN1 peer port.
fsw-wan2-admin string	Deprecated, please rename it to fsw_wan2_admin. FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a ma… Choices: `"disable"` `"enable"` `"discovered"`
fsw-wan2-peer string	Deprecated, please rename it to fsw_wan2_peer. FortiSwitch WAN2 peer port.
igmp-snooping dictionary	Deprecated, please rename it to igmp_snooping. Igmp snooping.
aging-time integer	Deprecated, please rename it to aging_time. Maximum time to retain a multicast snooping entry for which no packets…
flood-unknown-multicast string	Deprecated, please rename it to flood_unknown_multicast. Enable/disable unknown multicast flooding. Choices: `"disable"` `"enable"`
local-override string	Deprecated, please rename it to local_override. Enable/disable overriding the global IGMP snooping configuration. Choices: `"disable"` `"enable"`
vlans list / elements=dictionary	Vlans.
proxy string	IGMP snooping proxy for the VLAN interface. Choices: `"disable"` `"enable"` `"global"`
querier string	Enable/disable IGMP snooping querier for the VLAN interface. Choices: `"disable"` `"enable"`
querier-addr string	Deprecated, please rename it to querier_addr. IGMP snooping querier address.
version integer	IGMP snooping querying version.
vlan-name any	(list) Deprecated, please rename it to vlan_name. List of FortiSwitch VLANs.
ip-source-guard list / elements=dictionary	Deprecated, please rename it to ip_source_guard. Ip source guard.
binding-entry list / elements=dictionary	Deprecated, please rename it to binding_entry. Binding entry.
entry-name string	Deprecated, please rename it to entry_name. Configure binding pair.
ip string	Source IP for this rule.
mac string	MAC address for this rule.
description string	Description.
port string	Ingress interface to which source guard is bound.
l3-discovered integer	Deprecated, please rename it to l3_discovered. L3 discovered.
max-allowed-trunk-members integer	Deprecated, please rename it to max_allowed_trunk_members. FortiSwitch maximum allowed trunk members.
mclag-igmp-snooping-aware string	Deprecated, please rename it to mclag_igmp_snooping_aware. Enable/disable MCLAG IGMP-snooping awareness. Choices: `"disable"` `"enable"`
mgmt-mode integer	Deprecated, please rename it to mgmt_mode. FortiLink management mode.
mirror list / elements=dictionary	Mirror.
dst string	Destination port.
name string	Mirror name.
src-egress any	(list) Deprecated, please rename it to src_egress. Source egress interfaces.
src-ingress any	(list) Deprecated, please rename it to src_ingress. Source ingress interfaces.
status string	Active/inactive mirror configuration. Choices: `"inactive"` `"active"`
switching-packet string	Deprecated, please rename it to switching_packet. Enable/disable switching functionality when mirroring. Choices: `"disable"` `"enable"`
name string	Managed-switch name.
override-snmp-community string	Deprecated, please rename it to override_snmp_community. Enable/disable overriding the global SNMP communities. Choices: `"disable"` `"enable"`
override-snmp-sysinfo string	Deprecated, please rename it to override_snmp_sysinfo. Enable/disable overriding the global SNMP system information. Choices: `"disable"` `"enable"`
override-snmp-trap-threshold string	Deprecated, please rename it to override_snmp_trap_threshold. Enable/disable overriding the global SNMP trap threshold values. Choices: `"disable"` `"enable"`
override-snmp-user string	Deprecated, please rename it to override_snmp_user. Enable/disable overriding the global SNMP users. Choices: `"disable"` `"enable"`
owner-vdom string	Deprecated, please rename it to owner_vdom. VDOM which owner of port belongs to.
poe-detection-type integer	Deprecated, please rename it to poe_detection_type. Poe detection type.
poe-lldp-detection string	Deprecated, please rename it to poe_lldp_detection. Enable/disable PoE LLDP detection. Choices: `"disable"` `"enable"`
poe-pre-standard-detection string	Deprecated, please rename it to poe_pre_standard_detection. Enable/disable PoE pre-standard detection. Choices: `"disable"` `"enable"`
ports list / elements=dictionary	Ports.
access-mode string	Deprecated, please rename it to access_mode. Access mode of the port. Choices: `"normal"` `"nac"` `"dynamic"` `"static"`
acl-group any	(list) Deprecated, please rename it to acl_group. ACL groups on this port.
aggregator-mode string	Deprecated, please rename it to aggregator_mode. LACP member select mode. Choices: `"bandwidth"` `"count"`
allow-arp-monitor string	Deprecated, please rename it to allow_arp_monitor. Enable/Disable allow ARP monitor. Choices: `"disable"` `"enable"`
allowed-vlans any	(list or str) Deprecated, please rename it to allowed_vlans. Configure switch port tagged vlans
allowed-vlans-all string	Deprecated, please rename it to allowed_vlans_all. Enable/disable all defined vlans on this port. Choices: `"disable"` `"enable"`
arp-inspection-trust string	Deprecated, please rename it to arp_inspection_trust. Trusted or untrusted dynamic ARP inspection. Choices: `"untrusted"` `"trusted"`
authenticated-port integer	Deprecated, please rename it to authenticated_port. Authenticated port.
bundle string	Enable/disable Link Aggregation Group Choices: `"disable"` `"enable"`
description string	Description for port.
dhcp-snoop-option82-override list / elements=dictionary	Deprecated, please rename it to dhcp_snoop_option82_override. Dhcp snoop option82 override.
circuit-id string	Deprecated, please rename it to circuit_id. Circuit ID string.
remote-id string	Deprecated, please rename it to remote_id. Remote ID string.
vlan-name string	Deprecated, please rename it to vlan_name. DHCP snooping option 82 VLAN.
dhcp-snoop-option82-trust string	Deprecated, please rename it to dhcp_snoop_option82_trust. Enable/disable allowance of DHCP with option-82 on untr… Choices: `"disable"` `"enable"`
dhcp-snooping string	Deprecated, please rename it to dhcp_snooping. Trusted or untrusted DHCP-snooping interface. Choices: `"trusted"` `"untrusted"`
discard-mode string	Deprecated, please rename it to discard_mode. Configure discard mode for port. Choices: `"none"` `"all-untagged"` `"all-tagged"`
dot1x-enable string	Deprecated, please rename it to dot1x_enable. Dot1x enable. Choices: `"disable"` `"enable"`
dsl-profile string	Deprecated, please rename it to dsl_profile. DSL policy configuration.
edge-port string	Deprecated, please rename it to edge_port. Enable/disable this interface as an edge port, bridging connections bet… Choices: `"disable"` `"enable"`
encrypted-port integer	Deprecated, please rename it to encrypted_port. Encrypted port.
export-tags any	(list) Deprecated, please rename it to export_tags. Configure export tag
export-to any	(list) Deprecated, please rename it to export_to. Export managed-switch port to a tenant VDOM.
export-to-pool any	(list) Deprecated, please rename it to export_to_pool. Switch controller export port to pool-list.
export-to-pool-flag integer	Deprecated, please rename it to export_to_pool_flag. Switch controller export port to pool-list.
fallback-port string	Deprecated, please rename it to fallback_port. LACP fallback port.
fec-capable integer	Deprecated, please rename it to fec_capable. FEC capable.
fec-state string	Deprecated, please rename it to fec_state. State of forward error correction. Choices: `"disabled"` `"cl74"` `"cl91"` `"detect-by-module"`
fgt-peer-device-name string	Deprecated, please rename it to fgt_peer_device_name. Fgt peer device name.
fgt-peer-port-name string	Deprecated, please rename it to fgt_peer_port_name. Fgt peer port name.
fiber-port integer	Deprecated, please rename it to fiber_port. Fiber port.
flags integer	Flags.
flap-duration integer	Deprecated, please rename it to flap_duration. Period over which flap events are calculated
flap-rate integer	Deprecated, please rename it to flap_rate. Number of stage change events needed within flap-duration.
flap-timeout integer	Deprecated, please rename it to flap_timeout. Flap guard disabling protection
flapguard string	Enable/disable flap guard. Choices: `"disable"` `"enable"`
flow-control string	Deprecated, please rename it to flow_control. Flow control direction. Choices: `"disable"` `"tx"` `"rx"` `"both"`
fortilink-port integer	Deprecated, please rename it to fortilink_port. Fortilink port.
fortiswitch-acls any	(list) Deprecated, please rename it to fortiswitch_acls. ACLs on this port.
igmp-snooping string	Deprecated, please rename it to igmp_snooping. Set IGMP snooping mode for the physical port interface. Choices: `"disable"` `"enable"`
igmp-snooping-flood-reports string	Deprecated, please rename it to igmp_snooping_flood_reports. Enable/disable flooding of IGMP reports to this inter… Choices: `"disable"` `"enable"`
igmps-flood-reports string	Deprecated, please rename it to igmps_flood_reports. Enable/disable flooding of IGMP reports to this interface whe… Choices: `"disable"` `"enable"`
igmps-flood-traffic string	Deprecated, please rename it to igmps_flood_traffic. Enable/disable flooding of IGMP snooping traffic to this inte… Choices: `"disable"` `"enable"`
interface-tags any	(list or str) Deprecated, please rename it to interface_tags. Tag
ip-source-guard string	Deprecated, please rename it to ip_source_guard. Enable/disable IP source guard. Choices: `"disable"` `"enable"`
isl-local-trunk-name string	Deprecated, please rename it to isl_local_trunk_name. Isl local trunk name.
isl-peer-device-name string	Deprecated, please rename it to isl_peer_device_name. Isl peer device name.
isl-peer-device-sn string	Deprecated, please rename it to isl_peer_device_sn. Isl peer device sn.
isl-peer-port-name string	Deprecated, please rename it to isl_peer_port_name. Isl peer port name.
lacp-speed string	Deprecated, please rename it to lacp_speed. End Link Aggregation Control Protocol Choices: `"slow"` `"fast"`
learning-limit integer	Deprecated, please rename it to learning_limit. Limit the number of dynamic MAC addresses on this Port
link-status string	Deprecated, please rename it to link_status. Link status. Choices: `"down"` `"up"`
lldp-profile string	Deprecated, please rename it to lldp_profile. LLDP port TLV profile.
lldp-status string	Deprecated, please rename it to lldp_status. LLDP transmit and receive status. Choices: `"disable"` `"rx-only"` `"tx-only"` `"tx-rx"`
log-mac-event string	Deprecated, please rename it to log_mac_event. Enable/disable logging for dynamic MAC address events. Choices: `"disable"` `"enable"`
loop-guard string	Deprecated, please rename it to loop_guard. Enable/disable loop-guard on this interface, an STP optimization used … Choices: `"disabled"` `"enabled"`
loop-guard-timeout integer	Deprecated, please rename it to loop_guard_timeout. Loop-guard timeout
mac-addr string	Deprecated, please rename it to mac_addr. Port/Trunk MAC.
matched-dpp-intf-tags string	Deprecated, please rename it to matched_dpp_intf_tags. Matched interface tags in the dynamic port policy.
matched-dpp-policy string	Deprecated, please rename it to matched_dpp_policy. Matched child policy in the dynamic port policy.
max-bundle integer	Deprecated, please rename it to max_bundle. Maximum size of LAG bundle
max-miss-heartbeats integer	Deprecated, please rename it to max_miss_heartbeats. Maximum tolerant missed heartbeats.
mcast-snooping-flood-traffic string	Deprecated, please rename it to mcast_snooping_flood_traffic. Enable/disable flooding of IGMP snooping traffic to … Choices: `"disable"` `"enable"`
mclag string	Enable/disable multi-chassis link aggregation Choices: `"disable"` `"enable"`
mclag-icl-port integer	Deprecated, please rename it to mclag_icl_port. Mclag icl port.
media-type string	Deprecated, please rename it to media_type. Media type.
member-withdrawal-behavior string	Deprecated, please rename it to member_withdrawal_behavior. Port behavior after it withdraws because of loss of co… Choices: `"forward"` `"block"`
members any	(list) Aggregated LAG bundle interfaces.
min-bundle integer	Deprecated, please rename it to min_bundle. Minimum size of LAG bundle
mode string	LACP mode Choices: `"static"` `"lacp-passive"` `"lacp-active"`
p2p-port integer	Deprecated, please rename it to p2p_port. P2p port.
packet-sample-rate integer	Deprecated, please rename it to packet_sample_rate. Packet sampling rate
packet-sampler string	Deprecated, please rename it to packet_sampler. Enable/disable packet sampling on this interface. Choices: `"disabled"` `"enabled"`
pause-meter integer	Deprecated, please rename it to pause_meter. Configure ingress pause metering rate, in kbps
pause-meter-resume string	Deprecated, please rename it to pause_meter_resume. Resume threshold for resuming traffic on ingress port. Choices: `"25%"` `"50%"` `"75%"`
pd-capable integer	Deprecated, please rename it to pd_capable. Powered device capable.
poe-capable integer	Deprecated, please rename it to poe_capable. PoE capable.
poe-max-power string	Deprecated, please rename it to poe_max_power. Poe max power.
poe-mode-bt-cabable integer	Deprecated, please rename it to poe_mode_bt_cabable. PoE mode IEEE 802.
poe-port-mode string	Deprecated, please rename it to poe_port_mode. Configure PoE port mode. Choices: `"ieee802-3af"` `"ieee802-3at"` `"ieee802-3bt"`
poe-port-power string	Deprecated, please rename it to poe_port_power. Configure PoE port power. Choices: `"normal"` `"perpetual"` `"perpetual-fast"`
poe-port-priority string	Deprecated, please rename it to poe_port_priority. Configure PoE port priority. Choices: `"critical-priority"` `"high-priority"` `"low-priority"` `"medium-priority"`
poe-pre-standard-detection string	Deprecated, please rename it to poe_pre_standard_detection. Enable/disable PoE pre-standard detection. Choices: `"disable"` `"enable"`
poe-standard string	Deprecated, please rename it to poe_standard. Poe standard.
poe-status string	Deprecated, please rename it to poe_status. Enable/disable PoE status. Choices: `"disable"` `"enable"`
port-name string	Deprecated, please rename it to port_name. Switch port name.
port-number integer	Deprecated, please rename it to port_number. Port number.
port-owner string	Deprecated, please rename it to port_owner. Switch port name.
port-policy string	Deprecated, please rename it to port_policy. Switch controller dynamic port policy from available options.
port-prefix-type integer	Deprecated, please rename it to port_prefix_type. Port prefix type.
port-security-policy string	Deprecated, please rename it to port_security_policy. Switch controller authentication policy to apply to this man…
port-selection-criteria string	Deprecated, please rename it to port_selection_criteria. Algorithm for aggregate port selection. Choices: `"src-mac"` `"dst-mac"` `"src-dst-mac"` `"src-ip"` `"dst-ip"` `"src-dst-ip"`
ptp-policy any	(list) Deprecated, please rename it to ptp_policy. PTP policy configuration.
ptp-status string	Deprecated, please rename it to ptp_status. Enable/disable PTP policy on this FortiSwitch port. Choices: `"disable"` `"enable"`
qnq any	(list) ‘802.’
qos-policy string	Deprecated, please rename it to qos_policy. Switch controller QoS policy from available options.
restricted-auth-port integer	Deprecated, please rename it to restricted_auth_port. Restricted auth port.
rpvst-port string	Deprecated, please rename it to rpvst_port. Enable/disable inter-operability with rapid PVST on this interface. Choices: `"disabled"` `"enabled"`
sample-direction string	Deprecated, please rename it to sample_direction. SFlow sample direction. Choices: `"rx"` `"tx"` `"both"`
sflow-counter-interval integer	Deprecated, please rename it to sflow_counter_interval. SFlow sampler counter polling interval
sflow-sample-rate integer	Deprecated, please rename it to sflow_sample_rate. SFlow sampler sample rate
sflow-sampler string	Deprecated, please rename it to sflow_sampler. Enable/disable sFlow protocol on this interface. Choices: `"disabled"` `"enabled"`
speed string	Switch port speed; default and available settings depend on hardware. Choices: `"auto"` `"10full"` `"10half"` `"100full"` `"100half"` `"1000full"` `"10000full"` `"1000auto"` `"40000full"` `"1000fiber"` `"10000"` `"40000"` `"auto-module"` `"100FX-half"` `"100FX-full"` `"100000full"` `"2500full"` `"25000full"` `"50000full"` `"40000auto"` `"10000cr"` `"10000sr"` `"100000sr4"` `"100000cr4"` `"25000cr4"` `"25000sr4"` `"5000full"` `"2500auto"` `"5000auto"` `"1000full-fiber"` `"40000sr4"` `"40000cr4"` `"25000cr"` `"25000sr"` `"50000cr"` `"50000sr"`
speed-mask integer	Deprecated, please rename it to speed_mask. Switch port speed mask.
stacking-port integer	Deprecated, please rename it to stacking_port. Stacking port.
status string	Switch port admin status Choices: `"down"` `"up"`
sticky-mac string	Deprecated, please rename it to sticky_mac. Enable or disable sticky-mac on the interface. Choices: `"disable"` `"enable"`
storm-control-policy string	Deprecated, please rename it to storm_control_policy. Switch controller storm control policy from available options.
stp-bpdu-guard string	Deprecated, please rename it to stp_bpdu_guard. Enable/disable STP BPDU guard on this interface. Choices: `"disabled"` `"enabled"`
stp-bpdu-guard-timeout integer	Deprecated, please rename it to stp_bpdu_guard_timeout. BPDU Guard disabling protection
stp-root-guard string	Deprecated, please rename it to stp_root_guard. Enable/disable STP root guard on this interface. Choices: `"disabled"` `"enabled"`
stp-state string	Deprecated, please rename it to stp_state. Enable/disable Spanning Tree Protocol Choices: `"disabled"` `"enabled"`
switch-id string	Deprecated, please rename it to switch_id. Switch id.
trunk-member integer	Deprecated, please rename it to trunk_member. Trunk member.
type string	Interface type Choices: `"physical"` `"trunk"`
untagged-vlans any	(list or str) Deprecated, please rename it to untagged_vlans. Configure switch port untagged vlans
virtual-port integer	Deprecated, please rename it to virtual_port. Virtualized switch port.
vlan string	Assign switch ports to a VLAN.
pre-provisioned integer	Deprecated, please rename it to pre_provisioned. Pre-provisioned managed switch.
ptp-profile string	Deprecated, please rename it to ptp_profile. PTP profile configuration.
ptp-status string	Deprecated, please rename it to ptp_status. Enable/disable PTP profile on this FortiSwitch. Choices: `"disable"` `"enable"`
purdue-level string	Deprecated, please rename it to purdue_level. Purdue Level of this FortiSwitch. Choices: `"1"` `"2"` `"3"` `"4"` `"5"` `"1.5"` `"2.5"` `"3.5"` `"5.5"`
qos-drop-policy string	Deprecated, please rename it to qos_drop_policy. Set QoS drop-policy. Choices: `"taildrop"` `"random-early-detection"`
qos-red-probability integer	Deprecated, please rename it to qos_red_probability. Set QoS RED/WRED drop probability.
radius-nas-ip string	Deprecated, please rename it to radius_nas_ip. NAS-IP address.
radius-nas-ip-override string	Deprecated, please rename it to radius_nas_ip_override. Use locally defined NAS-IP. Choices: `"disable"` `"enable"`
remote-log list / elements=dictionary	Deprecated, please rename it to remote_log. Remote log.
csv string	Enable/disable comma-separated value Choices: `"disable"` `"enable"`
facility string	Facility to log to remote syslog server. Choices: `"kernel"` `"user"` `"mail"` `"daemon"` `"auth"` `"syslog"` `"lpr"` `"news"` `"uucp"` `"cron"` `"authpriv"` `"ftp"` `"ntp"` `"audit"` `"alert"` `"clock"` `"local0"` `"local1"` `"local2"` `"local3"` `"local4"` `"local5"` `"local6"` `"local7"`
name string	Remote log name.
port integer	Remote syslog server listening port.
server string	IPv4 address of the remote syslog server.
severity string	Severity of logs to be transferred to remote log server. Choices: `"emergency"` `"alert"` `"critical"` `"error"` `"warning"` `"notification"` `"information"` `"debug"`
status string	Enable/disable logging by FortiSwitch device to a remote syslog server. Choices: `"disable"` `"enable"`
route-offload string	Deprecated, please rename it to route_offload. Enable/disable route offload on this FortiSwitch. Choices: `"disable"` `"enable"`
route-offload-mclag string	Deprecated, please rename it to route_offload_mclag. Enable/disable route offload MCLAG on this FortiSwitch. Choices: `"disable"` `"enable"`
route-offload-router list / elements=dictionary	Deprecated, please rename it to route_offload_router. Route offload router.
router-ip string	Deprecated, please rename it to router_ip. Router IP address.
vlan-name string	Deprecated, please rename it to vlan_name. VLAN name.
sn string	Managed-switch serial number.
snmp-community list / elements=dictionary	Deprecated, please rename it to snmp_community. Snmp community.
events list / elements=string	SNMP notifications Choices: `"cpu-high"` `"mem-low"` `"log-full"` `"intf-ip"` `"ent-conf-change"` `"l2mac"`
hosts list / elements=dictionary	Hosts.
id integer	Host entry ID.
ip string	IPv4 address of the SNMP manager
id integer	SNMP community ID.
name string	SNMP community name.
query-v1-port integer	Deprecated, please rename it to query_v1_port. SNMP v1 query port
query-v1-status string	Deprecated, please rename it to query_v1_status. Enable/disable SNMP v1 queries. Choices: `"disable"` `"enable"`
query-v2c-port integer	Deprecated, please rename it to query_v2c_port. SNMP v2c query port
query-v2c-status string	Deprecated, please rename it to query_v2c_status. Enable/disable SNMP v2c queries. Choices: `"disable"` `"enable"`
status string	Enable/disable this SNMP community. Choices: `"disable"` `"enable"`
trap-v1-lport integer	Deprecated, please rename it to trap_v1_lport. SNMP v2c trap local port
trap-v1-rport integer	Deprecated, please rename it to trap_v1_rport. SNMP v2c trap remote port
trap-v1-status string	Deprecated, please rename it to trap_v1_status. Enable/disable SNMP v1 traps. Choices: `"disable"` `"enable"`
trap-v2c-lport integer	Deprecated, please rename it to trap_v2c_lport. SNMP v2c trap local port
trap-v2c-rport integer	Deprecated, please rename it to trap_v2c_rport. SNMP v2c trap remote port
trap-v2c-status string	Deprecated, please rename it to trap_v2c_status. Enable/disable SNMP v2c traps. Choices: `"disable"` `"enable"`
snmp-sysinfo dictionary	Deprecated, please rename it to snmp_sysinfo. Snmp sysinfo.
contact-info string	Deprecated, please rename it to contact_info. Contact information.
description string	System description.
engine-id string	Deprecated, please rename it to engine_id. Local SNMP engine ID string
location string	System location.
status string	Enable/disable SNMP. Choices: `"disable"` `"enable"`
snmp-trap-threshold dictionary	Deprecated, please rename it to snmp_trap_threshold. Snmp trap threshold.
trap-high-cpu-threshold integer	Deprecated, please rename it to trap_high_cpu_threshold. CPU usage when trap is sent.
trap-log-full-threshold integer	Deprecated, please rename it to trap_log_full_threshold. Log disk usage when trap is sent.
trap-low-memory-threshold integer	Deprecated, please rename it to trap_low_memory_threshold. Memory usage when trap is sent.
snmp-user list / elements=dictionary	Deprecated, please rename it to snmp_user. Snmp user.
auth-proto string	Deprecated, please rename it to auth_proto. Authentication protocol. Choices: `"md5"` `"sha"` `"sha1"` `"sha256"` `"sha384"` `"sha512"` `"sha224"`
auth-pwd any	(list) Deprecated, please rename it to auth_pwd. Password for authentication protocol.
name string	SNMP user name.
priv-proto string	Deprecated, please rename it to priv_proto. Privacy Choices: `"des"` `"aes"` `"aes128"` `"aes192"` `"aes256"` `"aes192c"` `"aes256c"`
priv-pwd any	(list) Deprecated, please rename it to priv_pwd. Password for privacy
queries string	Enable/disable SNMP queries for this user. Choices: `"disable"` `"enable"`
query-port integer	Deprecated, please rename it to query_port. SNMPv3 query port
security-level string	Deprecated, please rename it to security_level. Security level for message authentication and encryption. Choices: `"no-auth-no-priv"` `"auth-no-priv"` `"auth-priv"`
staged-image-version string	Deprecated, please rename it to staged_image_version. Staged image version for FortiSwitch.
static-mac list / elements=dictionary	Deprecated, please rename it to static_mac. Static mac.
description string	Description.
id integer	ID.
interface string	Interface name.
mac string	MAC address.
type string	Type. Choices: `"static"` `"sticky"`
vlan any	(list) Vlan.
storm-control dictionary	Deprecated, please rename it to storm_control. Storm control.
broadcast string	Enable/disable storm control to drop broadcast traffic. Choices: `"disable"` `"enable"`
local-override string	Deprecated, please rename it to local_override. Enable to override global FortiSwitch storm control settings for t… Choices: `"disable"` `"enable"`
rate integer	Rate in packets per second at which storm control drops excess traffic
unknown-multicast string	Deprecated, please rename it to unknown_multicast. Enable/disable storm control to drop unknown multicast traffic. Choices: `"disable"` `"enable"`
unknown-unicast string	Deprecated, please rename it to unknown_unicast. Enable/disable storm control to drop unknown unicast traffic. Choices: `"disable"` `"enable"`
stp-instance list / elements=dictionary	Deprecated, please rename it to stp_instance. Stp instance.
id string	Instance ID.
priority string	Priority. Choices: `"0"` `"4096"` `"8192"` `"12288"` `"12328"` `"16384"` `"20480"` `"24576"` `"28672"` `"32768"` `"36864"` `"40960"` `"45056"` `"49152"` `"53248"` `"57344"` `"61440"`
stp-settings dictionary	Deprecated, please rename it to stp_settings. Stp settings.
forward-time integer	Deprecated, please rename it to forward_time. Period of time a port is in listening and learning state
hello-time integer	Deprecated, please rename it to hello_time. Period of time between successive STP frame Bridge Protocol Data Units
local-override string	Deprecated, please rename it to local_override. Enable to configure local STP settings that override global STP se… Choices: `"disable"` `"enable"`
max-age integer	Deprecated, please rename it to max_age. Maximum time before a bridge port saves its configuration BPDU information
max-hops integer	Deprecated, please rename it to max_hops. Maximum number of hops between the root bridge and the furthest bridge
name string	Name of local STP settings configuration.
pending-timer integer	Deprecated, please rename it to pending_timer. Pending time
revision integer	STP revision number
status string	Enable/disable STP. Choices: `"disable"` `"enable"`
switch-device-tag string	Deprecated, please rename it to switch_device_tag. User definable label/tag.
switch-dhcp_opt43_key string	Deprecated, please rename it to switch_dhcp_opt43_key. DHCP option43 key.
switch-id string / required	Deprecated, please rename it to switch_id. Managed-switch id.
switch-log dictionary	Deprecated, please rename it to switch_log. Switch log.
local-override string	Deprecated, please rename it to local_override. Enable to configure local logging settings that override global lo… Choices: `"disable"` `"enable"`
severity string	Severity of FortiSwitch logs that are added to the FortiGate event log. Choices: `"emergency"` `"alert"` `"critical"` `"error"` `"warning"` `"notification"` `"information"` `"debug"`
status string	Enable/disable adding FortiSwitch logs to the FortiGate event log. Choices: `"disable"` `"enable"`
switch-profile any	(list) Deprecated, please rename it to switch_profile. FortiSwitch profile.
tdr-supported string	Deprecated, please rename it to tdr_supported. Tdr supported.
tunnel-discovered integer	Deprecated, please rename it to tunnel_discovered. Tunnel discovered.
type string	Indication of switch type, physical or virtual. Choices: `"physical"` `"virtual"`
version integer	FortiSwitch version.
vlan list / elements=dictionary	Vlan.
assignment-priority integer	Deprecated, please rename it to assignment_priority. ‘802.’
vlan-name string	Deprecated, please rename it to vlan_name. VLAN name.
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: `300`

Notes 

Note

Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure FortiSwitch devices that are managed by this FortiGate.
      fortinet.fortimanager.fmgr_switchcontroller_managedswitch:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        switchcontroller_managedswitch:
          _platform: <string>
          description: <string>
          name: <string>
          ports:
            -
              allowed_vlans: <list or string>
              allowed_vlans_all: <value in [disable, enable]>
              arp_inspection_trust: <value in [untrusted, trusted]>
              bundle: <value in [disable, enable]>
              description: <string>
              dhcp_snoop_option82_trust: <value in [disable, enable]>
              dhcp_snooping: <value in [trusted, untrusted]>
              discard_mode: <value in [none, all-untagged, all-tagged]>
              edge_port: <value in [disable, enable]>
              igmp_snooping: <value in [disable, enable]>
              igmps_flood_reports: <value in [disable, enable]>
              igmps_flood_traffic: <value in [disable, enable]>
              lacp_speed: <value in [slow, fast]>
              learning_limit: <integer>
              lldp_profile: <string>
              lldp_status: <value in [disable, rx-only, tx-only, ...]>
              loop_guard: <value in [disabled, enabled]>
              loop_guard_timeout: <integer>
              max_bundle: <integer>
              mclag: <value in [disable, enable]>
              member_withdrawal_behavior: <value in [forward, block]>
              members: <list or string>
              min_bundle: <integer>
              mode: <value in [static, lacp-passive, lacp-active]>
              poe_pre_standard_detection: <value in [disable, enable]>
              poe_status: <value in [disable, enable]>
              port_name: <string>
              port_owner: <string>
              port_security_policy: <string>
              port_selection_criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]>
              qos_policy: <string>
              sample_direction: <value in [rx, tx, both]>
              sflow_counter_interval: <integer>
              sflow_sample_rate: <integer>
              sflow_sampler: <value in [disabled, enabled]>
              stp_bpdu_guard: <value in [disabled, enabled]>
              stp_bpdu_guard_timeout: <integer>
              stp_root_guard: <value in [disabled, enabled]>
              stp_state: <value in [disabled, enabled]>
              type: <value in [physical, trunk]>
              untagged_vlans: <list or string>
              vlan: <string>
              export_to_pool_flag: <integer>
              mac_addr: <string>
              packet_sample_rate: <integer>
              packet_sampler: <value in [disabled, enabled]>
              sticky_mac: <value in [disable, enable]>
              storm_control_policy: <string>
              dot1x_enable: <value in [disable, enable]>
              max_miss_heartbeats: <integer>
              access_mode: <value in [normal, nac, dynamic, ...]>
              ip_source_guard: <value in [disable, enable]>
              mclag_icl_port: <integer>
              p2p_port: <integer>
              aggregator_mode: <value in [bandwidth, count]>
              rpvst_port: <value in [disabled, enabled]>
              flow_control: <value in [disable, tx, rx, ...]>
              media_type: <string>
              pause_meter: <integer>
              pause_meter_resume: <value in [25%, 50%, 75%]>
              trunk_member: <integer>
              fec_capable: <integer>
              fec_state: <value in [disabled, cl74, cl91, ...]>
              matched_dpp_intf_tags: <string>
              matched_dpp_policy: <string>
              port_policy: <string>
              status: <value in [down, up]>
              dsl_profile: <string>
              flap_duration: <integer>
              flap_rate: <integer>
              flap_timeout: <integer>
              flapguard: <value in [disable, enable]>
              interface_tags: <list or string>
              poe_max_power: <string>
              poe_standard: <string>
              igmp_snooping_flood_reports: <value in [disable, enable]>
              mcast_snooping_flood_traffic: <value in [disable, enable]>
              link_status: <value in [down, up]>
              poe_mode_bt_cabable: <integer>
              poe_port_mode: <value in [ieee802-3af, ieee802-3at, ieee802-3bt]>
              poe_port_power: <value in [normal, perpetual, perpetual-fast]>
              poe_port_priority: <value in [critical-priority, high-priority, low-priority, ...]>
              acl_group: <list or string>
              dhcp_snoop_option82_override:
                -
                  circuit_id: <string>
                  remote_id: <string>
                  vlan_name: <string>
              fortiswitch_acls: <list or integer>
              isl_peer_device_sn: <string>
              authenticated_port: <integer>
              encrypted_port: <integer>
              ptp_status: <value in [disable, enable]>
              restricted_auth_port: <integer>
              allow_arp_monitor: <value in [disable, enable]>
              export_to: <list or string>
              export_to_pool: <list or string>
              fallback_port: <string>
              fgt_peer_device_name: <string>
              fgt_peer_port_name: <string>
              fiber_port: <integer>
              flags: <integer>
              fortilink_port: <integer>
              isl_local_trunk_name: <string>
              isl_peer_device_name: <string>
              isl_peer_port_name: <string>
              poe_capable: <integer>
              port_number: <integer>
              port_prefix_type: <integer>
              ptp_policy: <list or string>
              speed: <value in [auto, 10full, 10half, ...]>
              speed_mask: <integer>
              stacking_port: <integer>
              switch_id: <string>
              virtual_port: <integer>
              export_tags: <list or string>
              log_mac_event: <value in [disable, enable]>
              pd_capable: <integer>
              qnq: <list or string>
          switch_id: <string>
          override_snmp_community: <value in [disable, enable]>
          override_snmp_sysinfo: <value in [disable, enable]>
          override_snmp_trap_threshold: <value in [disable, enable]>
          override_snmp_user: <value in [disable, enable]>
          poe_detection_type: <integer>
          remote_log:
            -
              csv: <value in [disable, enable]>
              facility: <value in [kernel, user, mail, ...]>
              name: <string>
              port: <integer>
              server: <string>
              severity: <value in [emergency, alert, critical, ...]>
              status: <value in [disable, enable]>
          snmp_community:
            -
              events:
                - cpu-high
                - mem-low
                - log-full
                - intf-ip
                - ent-conf-change
                - l2mac
              hosts:
                -
                  id: <integer>
                  ip: <string>
              id: <integer>
              name: <string>
              query_v1_port: <integer>
              query_v1_status: <value in [disable, enable]>
              query_v2c_port: <integer>
              query_v2c_status: <value in [disable, enable]>
              status: <value in [disable, enable]>
              trap_v1_lport: <integer>
              trap_v1_rport: <integer>
              trap_v1_status: <value in [disable, enable]>
              trap_v2c_lport: <integer>
              trap_v2c_rport: <integer>
              trap_v2c_status: <value in [disable, enable]>
          snmp_user:
            -
              auth_proto: <value in [md5, sha, sha1, ...]>
              auth_pwd: <list or string>
              name: <string>
              priv_proto: <value in [des, aes, aes128, ...]>
              priv_pwd: <list or string>
              queries: <value in [disable, enable]>
              query_port: <integer>
              security_level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]>
          mclag_igmp_snooping_aware: <value in [disable, enable]>
          ip_source_guard:
            -
              binding_entry:
                -
                  entry_name: <string>
                  ip: <string>
                  mac: <string>
              description: <string>
              port: <string>
          l3_discovered: <integer>
          qos_drop_policy: <value in [taildrop, random-early-detection]>
          qos_red_probability: <integer>
          switch_dhcp_opt43_key: <string>
          tdr_supported: <string>
          custom_command:
            -
              command_entry: <string>
              command_name: <string>
          firmware_provision: <value in [disable, enable]>
          firmware_provision_version: <string>
          dhcp_server_access_list: <value in [disable, enable, global]>
          firmware_provision_latest: <value in [disable, once]>
          dhcp_snooping_static_client:
            -
              ip: <string>
              mac: <string>
              name: <string>
              port: <string>
              vlan: <string>
          ptp_profile: <string>
          ptp_status: <value in [disable, enable]>
          route_offload: <value in [disable, enable]>
          route_offload_mclag: <value in [disable, enable]>
          route_offload_router:
            -
              router_ip: <string>
              vlan_name: <string>
          mgmt_mode: <integer>
          purdue_level: <value in [1, 2, 3, ...]>
          radius_nas_ip: <string>
          radius_nas_ip_override: <value in [disable, enable]>
          tunnel_discovered: <integer>
          vlan:
            -
              assignment_priority: <integer>
              vlan_name: <string>
          802_1X_settings:
            link_down_auth: <value in [set-unauth, no-action]>
            local_override: <value in [disable, enable]>
            mab_reauth: <value in [disable, enable]>
            mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            mac_case: <value in [uppercase, lowercase]>
            mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            max_reauth_attempt: <integer>
            reauth_period: <integer>
            tx_period: <integer>
          access_profile: <list or string>
          delayed_restart_trigger: <integer>
          directly_connected: <integer>
          dynamic_capability: <string>
          dynamically_discovered: <integer>
          flow_identity: <string>
          fsw_wan1_admin: <value in [disable, enable, discovered]>
          fsw_wan1_peer: <list or string>
          fsw_wan2_admin: <value in [disable, enable, discovered]>
          fsw_wan2_peer: <string>
          igmp_snooping:
            aging_time: <integer>
            flood_unknown_multicast: <value in [disable, enable]>
            local_override: <value in [disable, enable]>
            vlans:
              -
                proxy: <value in [disable, enable, global]>
                querier: <value in [disable, enable]>
                querier_addr: <string>
                version: <integer>
                vlan_name: <list or string>
          max_allowed_trunk_members: <integer>
          mirror:
            -
              dst: <string>
              name: <string>
              src_egress: <list or string>
              src_ingress: <list or string>
              status: <value in [inactive, active]>
              switching_packet: <value in [disable, enable]>
          owner_vdom: <string>
          poe_pre_standard_detection: <value in [disable, enable]>
          pre_provisioned: <integer>
          sn: <string>
          snmp_sysinfo:
            contact_info: <string>
            description: <string>
            engine_id: <string>
            location: <string>
            status: <value in [disable, enable]>
          snmp_trap_threshold:
            trap_high_cpu_threshold: <integer>
            trap_log_full_threshold: <integer>
            trap_low_memory_threshold: <integer>
          staged_image_version: <string>
          static_mac:
            -
              description: <string>
              id: <integer>
              interface: <string>
              mac: <string>
              type: <value in [static, sticky]>
              vlan: <list or string>
          storm_control:
            broadcast: <value in [disable, enable]>
            local_override: <value in [disable, enable]>
            rate: <integer>
            unknown_multicast: <value in [disable, enable]>
            unknown_unicast: <value in [disable, enable]>
          stp_instance:
            -
              id: <string>
              priority: <value in [0, 4096, 8192, ...]>
          stp_settings:
            forward_time: <integer>
            hello_time: <integer>
            local_override: <value in [disable, enable]>
            max_age: <integer>
            max_hops: <integer>
            name: <string>
            pending_timer: <integer>
            revision: <integer>
            status: <value in [disable, enable]>
          switch_device_tag: <string>
          switch_log:
            local_override: <value in [disable, enable]>
            severity: <value in [emergency, alert, critical, ...]>
            status: <value in [disable, enable]>
          switch_profile: <list or string>
          type: <value in [physical, virtual]>
          version: <integer>
          poe_lldp_detection: <value in [disable, enable]>

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: `"/sys/login/user"`
response_code integer	The status of api request. Returned: always Sample: `0`
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: `"OK."`
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: `0`
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

fortinet.fortimanager.fmgr_switchcontroller_managedswitch module – Configure FortiSwitch devices that are managed by this FortiGate.

Synopsis

Parameters

Notes

Examples

Return Values