fortinet.fortimanager.fmgr_switchcontroller_managedswitch module – Configure FortiSwitch devices that are managed by this FortiGate.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_switchcontroller_managedswitch
.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The top level parameters set. |
|
Deprecated, please rename it to 802_1X_settings. 802 1X settings. |
|
Deprecated, please rename it to link_down_auth. Authentication state to set if a link is down. Choices:
|
|
Deprecated, please rename it to local_override. Enable to override global 802. Choices:
|
|
Deprecated, please rename it to mab_reauth. Enable or disable MAB reauthentication settings. Choices:
|
|
Deprecated, please rename it to mac_called_station_delimiter. MAC called station delimiter Choices:
|
|
Deprecated, please rename it to mac_calling_station_delimiter. MAC calling station delimiter Choices:
|
|
Deprecated, please rename it to mac_case. MAC case Choices:
|
|
Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter Choices:
|
|
Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter Choices:
|
|
Deprecated, please rename it to max_reauth_attempt. Maximum number of authentication attempts |
|
Deprecated, please rename it to reauth_period. Reauthentication time interval |
|
Deprecated, please rename it to tx_period. ‘802.’ |
|
Platform. |
|
(list) Deprecated, please rename it to access_profile. FortiSwitch access profile. |
|
Deprecated, please rename it to custom_command. Custom command. |
|
Deprecated, please rename it to command_entry. List of FortiSwitch commands. |
|
Deprecated, please rename it to command_name. Names of commands to be pushed to this FortiSwitch device, as config… |
|
Deprecated, please rename it to delayed_restart_trigger. Delayed restart triggered for this FortiSwitch. |
|
Description. |
|
Deprecated, please rename it to dhcp_server_access_list. DHCP snooping server access list. Choices:
|
|
Deprecated, please rename it to dhcp_snooping_static_client. Dhcp snooping static client. |
|
Client static IP address. |
|
Client MAC address. |
|
Client name. |
|
Interface name. |
|
VLAN name. |
|
Deprecated, please rename it to directly_connected. Directly connected. |
|
Deprecated, please rename it to dynamic_capability. List of features this FortiSwitch supports |
|
Deprecated, please rename it to dynamically_discovered. Dynamically discovered. |
|
Deprecated, please rename it to firmware_provision. Enable/disable provisioning of firmware to FortiSwitches on join conne… Choices:
|
|
Deprecated, please rename it to firmware_provision_latest. Enable/disable one-time automatic provisioning of the latest fi… Choices:
|
|
Deprecated, please rename it to firmware_provision_version. Firmware version to provision to this FortiSwitch on bootup |
|
Deprecated, please rename it to flow_identity. Flow-tracking netflow ipfix switch identity in hex format |
|
Deprecated, please rename it to fsw_wan1_admin. FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a ma… Choices:
|
|
(list) Deprecated, please rename it to fsw_wan1_peer. FortiSwitch WAN1 peer port. |
|
Deprecated, please rename it to fsw_wan2_admin. FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a ma… Choices:
|
|
Deprecated, please rename it to fsw_wan2_peer. FortiSwitch WAN2 peer port. |
|
Deprecated, please rename it to igmp_snooping. Igmp snooping. |
|
Deprecated, please rename it to aging_time. Maximum time to retain a multicast snooping entry for which no packets… |
|
Deprecated, please rename it to flood_unknown_multicast. Enable/disable unknown multicast flooding. Choices:
|
|
Deprecated, please rename it to local_override. Enable/disable overriding the global IGMP snooping configuration. Choices:
|
|
Vlans. |
|
IGMP snooping proxy for the VLAN interface. Choices:
|
|
Enable/disable IGMP snooping querier for the VLAN interface. Choices:
|
|
Deprecated, please rename it to querier_addr. IGMP snooping querier address. |
|
IGMP snooping querying version. |
|
(list) Deprecated, please rename it to vlan_name. List of FortiSwitch VLANs. |
|
Deprecated, please rename it to ip_source_guard. Ip source guard. |
|
Deprecated, please rename it to binding_entry. Binding entry. |
|
Deprecated, please rename it to entry_name. Configure binding pair. |
|
Source IP for this rule. |
|
MAC address for this rule. |
|
Description. |
|
Ingress interface to which source guard is bound. |
|
Deprecated, please rename it to l3_discovered. L3 discovered. |
|
Deprecated, please rename it to max_allowed_trunk_members. FortiSwitch maximum allowed trunk members. |
|
Deprecated, please rename it to mclag_igmp_snooping_aware. Enable/disable MCLAG IGMP-snooping awareness. Choices:
|
|
Deprecated, please rename it to mgmt_mode. FortiLink management mode. |
|
Mirror. |
|
Destination port. |
|
Mirror name. |
|
(list) Deprecated, please rename it to src_egress. Source egress interfaces. |
|
(list) Deprecated, please rename it to src_ingress. Source ingress interfaces. |
|
Active/inactive mirror configuration. Choices:
|
|
Deprecated, please rename it to switching_packet. Enable/disable switching functionality when mirroring. Choices:
|
|
Managed-switch name. |
|
Deprecated, please rename it to override_snmp_community. Enable/disable overriding the global SNMP communities. Choices:
|
|
Deprecated, please rename it to override_snmp_sysinfo. Enable/disable overriding the global SNMP system information. Choices:
|
|
Deprecated, please rename it to override_snmp_trap_threshold. Enable/disable overriding the global SNMP trap threshold values. Choices:
|
|
Deprecated, please rename it to override_snmp_user. Enable/disable overriding the global SNMP users. Choices:
|
|
Deprecated, please rename it to owner_vdom. VDOM which owner of port belongs to. |
|
Deprecated, please rename it to poe_detection_type. Poe detection type. |
|
Deprecated, please rename it to poe_lldp_detection. Enable/disable PoE LLDP detection. Choices:
|
|
Deprecated, please rename it to poe_pre_standard_detection. Enable/disable PoE pre-standard detection. Choices:
|
|
Ports. |
|
Deprecated, please rename it to access_mode. Access mode of the port. Choices:
|
|
(list) Deprecated, please rename it to acl_group. ACL groups on this port. |
|
Deprecated, please rename it to aggregator_mode. LACP member select mode. Choices:
|
|
Deprecated, please rename it to allow_arp_monitor. Enable/Disable allow ARP monitor. Choices:
|
|
(list or str) Deprecated, please rename it to allowed_vlans. Configure switch port tagged vlans |
|
Deprecated, please rename it to allowed_vlans_all. Enable/disable all defined vlans on this port. Choices:
|
|
Deprecated, please rename it to arp_inspection_trust. Trusted or untrusted dynamic ARP inspection. Choices:
|
|
Deprecated, please rename it to authenticated_port. Authenticated port. |
|
Enable/disable Link Aggregation Group Choices:
|
|
Description for port. |
|
Deprecated, please rename it to dhcp_snoop_option82_override. Dhcp snoop option82 override. |
|
Deprecated, please rename it to circuit_id. Circuit ID string. |
|
Deprecated, please rename it to remote_id. Remote ID string. |
|
Deprecated, please rename it to vlan_name. DHCP snooping option 82 VLAN. |
|
Deprecated, please rename it to dhcp_snoop_option82_trust. Enable/disable allowance of DHCP with option-82 on untr… Choices:
|
|
Deprecated, please rename it to dhcp_snooping. Trusted or untrusted DHCP-snooping interface. Choices:
|
|
Deprecated, please rename it to discard_mode. Configure discard mode for port. Choices:
|
|
Deprecated, please rename it to dot1x_enable. Dot1x enable. Choices:
|
|
Deprecated, please rename it to dsl_profile. DSL policy configuration. |
|
Deprecated, please rename it to edge_port. Enable/disable this interface as an edge port, bridging connections bet… Choices:
|
|
Deprecated, please rename it to encrypted_port. Encrypted port. |
|
(list) Deprecated, please rename it to export_tags. Configure export tag |
|
(list) Deprecated, please rename it to export_to. Export managed-switch port to a tenant VDOM. |
|
(list) Deprecated, please rename it to export_to_pool. Switch controller export port to pool-list. |
|
Deprecated, please rename it to export_to_pool_flag. Switch controller export port to pool-list. |
|
Deprecated, please rename it to fallback_port. LACP fallback port. |
|
Deprecated, please rename it to fec_capable. FEC capable. |
|
Deprecated, please rename it to fec_state. State of forward error correction. Choices:
|
|
Deprecated, please rename it to fgt_peer_device_name. Fgt peer device name. |
|
Deprecated, please rename it to fgt_peer_port_name. Fgt peer port name. |
|
Deprecated, please rename it to fiber_port. Fiber port. |
|
Flags. |
|
Deprecated, please rename it to flap_duration. Period over which flap events are calculated |
|
Deprecated, please rename it to flap_rate. Number of stage change events needed within flap-duration. |
|
Deprecated, please rename it to flap_timeout. Flap guard disabling protection |
|
Enable/disable flap guard. Choices:
|
|
Deprecated, please rename it to flow_control. Flow control direction. Choices:
|
|
Deprecated, please rename it to fortilink_port. Fortilink port. |
|
(list) Deprecated, please rename it to fortiswitch_acls. ACLs on this port. |
|
Deprecated, please rename it to igmp_snooping. Set IGMP snooping mode for the physical port interface. Choices:
|
|
Deprecated, please rename it to igmp_snooping_flood_reports. Enable/disable flooding of IGMP reports to this inter… Choices:
|
|
Deprecated, please rename it to igmps_flood_reports. Enable/disable flooding of IGMP reports to this interface whe… Choices:
|
|
Deprecated, please rename it to igmps_flood_traffic. Enable/disable flooding of IGMP snooping traffic to this inte… Choices:
|
|
(list or str) Deprecated, please rename it to interface_tags. Tag |
|
Deprecated, please rename it to ip_source_guard. Enable/disable IP source guard. Choices:
|
|
Deprecated, please rename it to isl_local_trunk_name. Isl local trunk name. |
|
Deprecated, please rename it to isl_peer_device_name. Isl peer device name. |
|
Deprecated, please rename it to isl_peer_device_sn. Isl peer device sn. |
|
Deprecated, please rename it to isl_peer_port_name. Isl peer port name. |
|
Deprecated, please rename it to lacp_speed. End Link Aggregation Control Protocol Choices:
|
|
Deprecated, please rename it to learning_limit. Limit the number of dynamic MAC addresses on this Port |
|
Deprecated, please rename it to link_status. Link status. Choices:
|
|
Deprecated, please rename it to lldp_profile. LLDP port TLV profile. |
|
Deprecated, please rename it to lldp_status. LLDP transmit and receive status. Choices:
|
|
Deprecated, please rename it to log_mac_event. Enable/disable logging for dynamic MAC address events. Choices:
|
|
Deprecated, please rename it to loop_guard. Enable/disable loop-guard on this interface, an STP optimization used … Choices:
|
|
Deprecated, please rename it to loop_guard_timeout. Loop-guard timeout |
|
Deprecated, please rename it to mac_addr. Port/Trunk MAC. |
|
Deprecated, please rename it to matched_dpp_intf_tags. Matched interface tags in the dynamic port policy. |
|
Deprecated, please rename it to matched_dpp_policy. Matched child policy in the dynamic port policy. |
|
Deprecated, please rename it to max_bundle. Maximum size of LAG bundle |
|
Deprecated, please rename it to max_miss_heartbeats. Maximum tolerant missed heartbeats. |
|
Deprecated, please rename it to mcast_snooping_flood_traffic. Enable/disable flooding of IGMP snooping traffic to … Choices:
|
|
Enable/disable multi-chassis link aggregation Choices:
|
|
Deprecated, please rename it to mclag_icl_port. Mclag icl port. |
|
Deprecated, please rename it to media_type. Media type. |
|
Deprecated, please rename it to member_withdrawal_behavior. Port behavior after it withdraws because of loss of co… Choices:
|
|
(list) Aggregated LAG bundle interfaces. |
|
Deprecated, please rename it to min_bundle. Minimum size of LAG bundle |
|
LACP mode Choices:
|
|
Deprecated, please rename it to p2p_port. P2p port. |
|
Deprecated, please rename it to packet_sample_rate. Packet sampling rate |
|
Deprecated, please rename it to packet_sampler. Enable/disable packet sampling on this interface. Choices:
|
|
Deprecated, please rename it to pause_meter. Configure ingress pause metering rate, in kbps |
|
Deprecated, please rename it to pause_meter_resume. Resume threshold for resuming traffic on ingress port. Choices:
|
|
Deprecated, please rename it to pd_capable. Powered device capable. |
|
Deprecated, please rename it to poe_capable. PoE capable. |
|
Deprecated, please rename it to poe_max_power. Poe max power. |
|
Deprecated, please rename it to poe_mode_bt_cabable. PoE mode IEEE 802. |
|
Deprecated, please rename it to poe_port_mode. Configure PoE port mode. Choices:
|
|
Deprecated, please rename it to poe_port_power. Configure PoE port power. Choices:
|
|
Deprecated, please rename it to poe_port_priority. Configure PoE port priority. Choices:
|
|
Deprecated, please rename it to poe_pre_standard_detection. Enable/disable PoE pre-standard detection. Choices:
|
|
Deprecated, please rename it to poe_standard. Poe standard. |
|
Deprecated, please rename it to poe_status. Enable/disable PoE status. Choices:
|
|
Deprecated, please rename it to port_name. Switch port name. |
|
Deprecated, please rename it to port_number. Port number. |
|
Deprecated, please rename it to port_owner. Switch port name. |
|
Deprecated, please rename it to port_policy. Switch controller dynamic port policy from available options. |
|
Deprecated, please rename it to port_prefix_type. Port prefix type. |
|
Deprecated, please rename it to port_security_policy. Switch controller authentication policy to apply to this man… |
|
Deprecated, please rename it to port_selection_criteria. Algorithm for aggregate port selection. Choices:
|
|
(list) Deprecated, please rename it to ptp_policy. PTP policy configuration. |
|
Deprecated, please rename it to ptp_status. Enable/disable PTP policy on this FortiSwitch port. Choices:
|
|
(list) ‘802.’ |
|
Deprecated, please rename it to qos_policy. Switch controller QoS policy from available options. |
|
Deprecated, please rename it to restricted_auth_port. Restricted auth port. |
|
Deprecated, please rename it to rpvst_port. Enable/disable inter-operability with rapid PVST on this interface. Choices:
|
|
Deprecated, please rename it to sample_direction. SFlow sample direction. Choices:
|
|
Deprecated, please rename it to sflow_counter_interval. SFlow sampler counter polling interval |
|
Deprecated, please rename it to sflow_sample_rate. SFlow sampler sample rate |
|
Deprecated, please rename it to sflow_sampler. Enable/disable sFlow protocol on this interface. Choices:
|
|
Switch port speed; default and available settings depend on hardware. Choices:
|
|
Deprecated, please rename it to speed_mask. Switch port speed mask. |
|
Deprecated, please rename it to stacking_port. Stacking port. |
|
Switch port admin status Choices:
|
|
Deprecated, please rename it to sticky_mac. Enable or disable sticky-mac on the interface. Choices:
|
|
Deprecated, please rename it to storm_control_policy. Switch controller storm control policy from available options. |
|
Deprecated, please rename it to stp_bpdu_guard. Enable/disable STP BPDU guard on this interface. Choices:
|
|
Deprecated, please rename it to stp_bpdu_guard_timeout. BPDU Guard disabling protection |
|
Deprecated, please rename it to stp_root_guard. Enable/disable STP root guard on this interface. Choices:
|
|
Deprecated, please rename it to stp_state. Enable/disable Spanning Tree Protocol Choices:
|
|
Deprecated, please rename it to switch_id. Switch id. |
|
Deprecated, please rename it to trunk_member. Trunk member. |
|
Interface type Choices:
|
|
(list or str) Deprecated, please rename it to untagged_vlans. Configure switch port untagged vlans |
|
Deprecated, please rename it to virtual_port. Virtualized switch port. |
|
Assign switch ports to a VLAN. |
|
Deprecated, please rename it to pre_provisioned. Pre-provisioned managed switch. |
|
Deprecated, please rename it to ptp_profile. PTP profile configuration. |
|
Deprecated, please rename it to ptp_status. Enable/disable PTP profile on this FortiSwitch. Choices:
|
|
Deprecated, please rename it to purdue_level. Purdue Level of this FortiSwitch. Choices:
|
|
Deprecated, please rename it to qos_drop_policy. Set QoS drop-policy. Choices:
|
|
Deprecated, please rename it to qos_red_probability. Set QoS RED/WRED drop probability. |
|
Deprecated, please rename it to radius_nas_ip. NAS-IP address. |
|
Deprecated, please rename it to radius_nas_ip_override. Use locally defined NAS-IP. Choices:
|
|
Deprecated, please rename it to remote_log. Remote log. |
|
Enable/disable comma-separated value Choices:
|
|
Facility to log to remote syslog server. Choices:
|
|
Remote log name. |
|
Remote syslog server listening port. |
|
IPv4 address of the remote syslog server. |
|
Severity of logs to be transferred to remote log server. Choices:
|
|
Enable/disable logging by FortiSwitch device to a remote syslog server. Choices:
|
|
Deprecated, please rename it to route_offload. Enable/disable route offload on this FortiSwitch. Choices:
|
|
Deprecated, please rename it to route_offload_mclag. Enable/disable route offload MCLAG on this FortiSwitch. Choices:
|
|
Deprecated, please rename it to route_offload_router. Route offload router. |
|
Deprecated, please rename it to router_ip. Router IP address. |
|
Deprecated, please rename it to vlan_name. VLAN name. |
|
Managed-switch serial number. |
|
Deprecated, please rename it to snmp_community. Snmp community. |
|
SNMP notifications Choices:
|
|
Hosts. |
|
Host entry ID. |
|
IPv4 address of the SNMP manager |
|
SNMP community ID. |
|
SNMP community name. |
|
Deprecated, please rename it to query_v1_port. SNMP v1 query port |
|
Deprecated, please rename it to query_v1_status. Enable/disable SNMP v1 queries. Choices:
|
|
Deprecated, please rename it to query_v2c_port. SNMP v2c query port |
|
Deprecated, please rename it to query_v2c_status. Enable/disable SNMP v2c queries. Choices:
|
|
Enable/disable this SNMP community. Choices:
|
|
Deprecated, please rename it to trap_v1_lport. SNMP v2c trap local port |
|
Deprecated, please rename it to trap_v1_rport. SNMP v2c trap remote port |
|
Deprecated, please rename it to trap_v1_status. Enable/disable SNMP v1 traps. Choices:
|
|
Deprecated, please rename it to trap_v2c_lport. SNMP v2c trap local port |
|
Deprecated, please rename it to trap_v2c_rport. SNMP v2c trap remote port |
|
Deprecated, please rename it to trap_v2c_status. Enable/disable SNMP v2c traps. Choices:
|
|
Deprecated, please rename it to snmp_sysinfo. Snmp sysinfo. |
|
Deprecated, please rename it to contact_info. Contact information. |
|
System description. |
|
Deprecated, please rename it to engine_id. Local SNMP engine ID string |
|
System location. |
|
Enable/disable SNMP. Choices:
|
|
Deprecated, please rename it to snmp_trap_threshold. Snmp trap threshold. |
|
Deprecated, please rename it to trap_high_cpu_threshold. CPU usage when trap is sent. |
|
Deprecated, please rename it to trap_log_full_threshold. Log disk usage when trap is sent. |
|
Deprecated, please rename it to trap_low_memory_threshold. Memory usage when trap is sent. |
|
Deprecated, please rename it to snmp_user. Snmp user. |
|
Deprecated, please rename it to auth_proto. Authentication protocol. Choices:
|
|
(list) Deprecated, please rename it to auth_pwd. Password for authentication protocol. |
|
SNMP user name. |
|
Deprecated, please rename it to priv_proto. Privacy Choices:
|
|
(list) Deprecated, please rename it to priv_pwd. Password for privacy |
|
Enable/disable SNMP queries for this user. Choices:
|
|
Deprecated, please rename it to query_port. SNMPv3 query port |
|
Deprecated, please rename it to security_level. Security level for message authentication and encryption. Choices:
|
|
Deprecated, please rename it to staged_image_version. Staged image version for FortiSwitch. |
|
Deprecated, please rename it to static_mac. Static mac. |
|
Description. |
|
ID. |
|
Interface name. |
|
MAC address. |
|
Type. Choices:
|
|
(list) Vlan. |
|
Deprecated, please rename it to storm_control. Storm control. |
|
Enable/disable storm control to drop broadcast traffic. Choices:
|
|
Deprecated, please rename it to local_override. Enable to override global FortiSwitch storm control settings for t… Choices:
|
|
Rate in packets per second at which storm control drops excess traffic |
|
Deprecated, please rename it to unknown_multicast. Enable/disable storm control to drop unknown multicast traffic. Choices:
|
|
Deprecated, please rename it to unknown_unicast. Enable/disable storm control to drop unknown unicast traffic. Choices:
|
|
Deprecated, please rename it to stp_instance. Stp instance. |
|
Instance ID. |
|
Priority. Choices:
|
|
Deprecated, please rename it to stp_settings. Stp settings. |
|
Deprecated, please rename it to forward_time. Period of time a port is in listening and learning state |
|
Deprecated, please rename it to hello_time. Period of time between successive STP frame Bridge Protocol Data Units |
|
Deprecated, please rename it to local_override. Enable to configure local STP settings that override global STP se… Choices:
|
|
Deprecated, please rename it to max_age. Maximum time before a bridge port saves its configuration BPDU information |
|
Deprecated, please rename it to max_hops. Maximum number of hops between the root bridge and the furthest bridge |
|
Name of local STP settings configuration. |
|
Deprecated, please rename it to pending_timer. Pending time |
|
STP revision number |
|
Enable/disable STP. Choices:
|
|
Deprecated, please rename it to switch_device_tag. User definable label/tag. |
|
Deprecated, please rename it to switch_dhcp_opt43_key. DHCP option43 key. |
|
Deprecated, please rename it to switch_id. Managed-switch id. |
|
Deprecated, please rename it to switch_log. Switch log. |
|
Deprecated, please rename it to local_override. Enable to configure local logging settings that override global lo… Choices:
|
|
Severity of FortiSwitch logs that are added to the FortiGate event log. Choices:
|
|
Enable/disable adding FortiSwitch logs to the FortiGate event log. Choices:
|
|
(list) Deprecated, please rename it to switch_profile. FortiSwitch profile. |
|
Deprecated, please rename it to tdr_supported. Tdr supported. |
|
Deprecated, please rename it to tunnel_discovered. Tunnel discovered. |
|
Indication of switch type, physical or virtual. Choices:
|
|
FortiSwitch version. |
|
Vlan. |
|
Deprecated, please rename it to assignment_priority. ‘802.’ |
|
Deprecated, please rename it to vlan_name. VLAN name. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fortinet.fortimanager.fmgr_switchcontroller_managedswitch:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
switchcontroller_managedswitch:
_platform: <string>
description: <string>
name: <string>
ports:
-
allowed_vlans: <list or string>
allowed_vlans_all: <value in [disable, enable]>
arp_inspection_trust: <value in [untrusted, trusted]>
bundle: <value in [disable, enable]>
description: <string>
dhcp_snoop_option82_trust: <value in [disable, enable]>
dhcp_snooping: <value in [trusted, untrusted]>
discard_mode: <value in [none, all-untagged, all-tagged]>
edge_port: <value in [disable, enable]>
igmp_snooping: <value in [disable, enable]>
igmps_flood_reports: <value in [disable, enable]>
igmps_flood_traffic: <value in [disable, enable]>
lacp_speed: <value in [slow, fast]>
learning_limit: <integer>
lldp_profile: <string>
lldp_status: <value in [disable, rx-only, tx-only, ...]>
loop_guard: <value in [disabled, enabled]>
loop_guard_timeout: <integer>
max_bundle: <integer>
mclag: <value in [disable, enable]>
member_withdrawal_behavior: <value in [forward, block]>
members: <list or string>
min_bundle: <integer>
mode: <value in [static, lacp-passive, lacp-active]>
poe_pre_standard_detection: <value in [disable, enable]>
poe_status: <value in [disable, enable]>
port_name: <string>
port_owner: <string>
port_security_policy: <string>
port_selection_criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]>
qos_policy: <string>
sample_direction: <value in [rx, tx, both]>
sflow_counter_interval: <integer>
sflow_sample_rate: <integer>
sflow_sampler: <value in [disabled, enabled]>
stp_bpdu_guard: <value in [disabled, enabled]>
stp_bpdu_guard_timeout: <integer>
stp_root_guard: <value in [disabled, enabled]>
stp_state: <value in [disabled, enabled]>
type: <value in [physical, trunk]>
untagged_vlans: <list or string>
vlan: <string>
export_to_pool_flag: <integer>
mac_addr: <string>
packet_sample_rate: <integer>
packet_sampler: <value in [disabled, enabled]>
sticky_mac: <value in [disable, enable]>
storm_control_policy: <string>
dot1x_enable: <value in [disable, enable]>
max_miss_heartbeats: <integer>
access_mode: <value in [normal, nac, dynamic, ...]>
ip_source_guard: <value in [disable, enable]>
mclag_icl_port: <integer>
p2p_port: <integer>
aggregator_mode: <value in [bandwidth, count]>
rpvst_port: <value in [disabled, enabled]>
flow_control: <value in [disable, tx, rx, ...]>
media_type: <string>
pause_meter: <integer>
pause_meter_resume: <value in [25%, 50%, 75%]>
trunk_member: <integer>
fec_capable: <integer>
fec_state: <value in [disabled, cl74, cl91, ...]>
matched_dpp_intf_tags: <string>
matched_dpp_policy: <string>
port_policy: <string>
status: <value in [down, up]>
dsl_profile: <string>
flap_duration: <integer>
flap_rate: <integer>
flap_timeout: <integer>
flapguard: <value in [disable, enable]>
interface_tags: <list or string>
poe_max_power: <string>
poe_standard: <string>
igmp_snooping_flood_reports: <value in [disable, enable]>
mcast_snooping_flood_traffic: <value in [disable, enable]>
link_status: <value in [down, up]>
poe_mode_bt_cabable: <integer>
poe_port_mode: <value in [ieee802-3af, ieee802-3at, ieee802-3bt]>
poe_port_power: <value in [normal, perpetual, perpetual-fast]>
poe_port_priority: <value in [critical-priority, high-priority, low-priority, ...]>
acl_group: <list or string>
dhcp_snoop_option82_override:
-
circuit_id: <string>
remote_id: <string>
vlan_name: <string>
fortiswitch_acls: <list or integer>
isl_peer_device_sn: <string>
authenticated_port: <integer>
encrypted_port: <integer>
ptp_status: <value in [disable, enable]>
restricted_auth_port: <integer>
allow_arp_monitor: <value in [disable, enable]>
export_to: <list or string>
export_to_pool: <list or string>
fallback_port: <string>
fgt_peer_device_name: <string>
fgt_peer_port_name: <string>
fiber_port: <integer>
flags: <integer>
fortilink_port: <integer>
isl_local_trunk_name: <string>
isl_peer_device_name: <string>
isl_peer_port_name: <string>
poe_capable: <integer>
port_number: <integer>
port_prefix_type: <integer>
ptp_policy: <list or string>
speed: <value in [auto, 10full, 10half, ...]>
speed_mask: <integer>
stacking_port: <integer>
switch_id: <string>
virtual_port: <integer>
export_tags: <list or string>
log_mac_event: <value in [disable, enable]>
pd_capable: <integer>
qnq: <list or string>
switch_id: <string>
override_snmp_community: <value in [disable, enable]>
override_snmp_sysinfo: <value in [disable, enable]>
override_snmp_trap_threshold: <value in [disable, enable]>
override_snmp_user: <value in [disable, enable]>
poe_detection_type: <integer>
remote_log:
-
csv: <value in [disable, enable]>
facility: <value in [kernel, user, mail, ...]>
name: <string>
port: <integer>
server: <string>
severity: <value in [emergency, alert, critical, ...]>
status: <value in [disable, enable]>
snmp_community:
-
events:
- cpu-high
- mem-low
- log-full
- intf-ip
- ent-conf-change
- l2mac
hosts:
-
id: <integer>
ip: <string>
id: <integer>
name: <string>
query_v1_port: <integer>
query_v1_status: <value in [disable, enable]>
query_v2c_port: <integer>
query_v2c_status: <value in [disable, enable]>
status: <value in [disable, enable]>
trap_v1_lport: <integer>
trap_v1_rport: <integer>
trap_v1_status: <value in [disable, enable]>
trap_v2c_lport: <integer>
trap_v2c_rport: <integer>
trap_v2c_status: <value in [disable, enable]>
snmp_user:
-
auth_proto: <value in [md5, sha, sha1, ...]>
auth_pwd: <list or string>
name: <string>
priv_proto: <value in [des, aes, aes128, ...]>
priv_pwd: <list or string>
queries: <value in [disable, enable]>
query_port: <integer>
security_level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]>
mclag_igmp_snooping_aware: <value in [disable, enable]>
ip_source_guard:
-
binding_entry:
-
entry_name: <string>
ip: <string>
mac: <string>
description: <string>
port: <string>
l3_discovered: <integer>
qos_drop_policy: <value in [taildrop, random-early-detection]>
qos_red_probability: <integer>
switch_dhcp_opt43_key: <string>
tdr_supported: <string>
custom_command:
-
command_entry: <string>
command_name: <string>
firmware_provision: <value in [disable, enable]>
firmware_provision_version: <string>
dhcp_server_access_list: <value in [disable, enable, global]>
firmware_provision_latest: <value in [disable, once]>
dhcp_snooping_static_client:
-
ip: <string>
mac: <string>
name: <string>
port: <string>
vlan: <string>
ptp_profile: <string>
ptp_status: <value in [disable, enable]>
route_offload: <value in [disable, enable]>
route_offload_mclag: <value in [disable, enable]>
route_offload_router:
-
router_ip: <string>
vlan_name: <string>
mgmt_mode: <integer>
purdue_level: <value in [1, 2, 3, ...]>
radius_nas_ip: <string>
radius_nas_ip_override: <value in [disable, enable]>
tunnel_discovered: <integer>
vlan:
-
assignment_priority: <integer>
vlan_name: <string>
802_1X_settings:
link_down_auth: <value in [set-unauth, no-action]>
local_override: <value in [disable, enable]>
mab_reauth: <value in [disable, enable]>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
max_reauth_attempt: <integer>
reauth_period: <integer>
tx_period: <integer>
access_profile: <list or string>
delayed_restart_trigger: <integer>
directly_connected: <integer>
dynamic_capability: <string>
dynamically_discovered: <integer>
flow_identity: <string>
fsw_wan1_admin: <value in [disable, enable, discovered]>
fsw_wan1_peer: <list or string>
fsw_wan2_admin: <value in [disable, enable, discovered]>
fsw_wan2_peer: <string>
igmp_snooping:
aging_time: <integer>
flood_unknown_multicast: <value in [disable, enable]>
local_override: <value in [disable, enable]>
vlans:
-
proxy: <value in [disable, enable, global]>
querier: <value in [disable, enable]>
querier_addr: <string>
version: <integer>
vlan_name: <list or string>
max_allowed_trunk_members: <integer>
mirror:
-
dst: <string>
name: <string>
src_egress: <list or string>
src_ingress: <list or string>
status: <value in [inactive, active]>
switching_packet: <value in [disable, enable]>
owner_vdom: <string>
poe_pre_standard_detection: <value in [disable, enable]>
pre_provisioned: <integer>
sn: <string>
snmp_sysinfo:
contact_info: <string>
description: <string>
engine_id: <string>
location: <string>
status: <value in [disable, enable]>
snmp_trap_threshold:
trap_high_cpu_threshold: <integer>
trap_log_full_threshold: <integer>
trap_low_memory_threshold: <integer>
staged_image_version: <string>
static_mac:
-
description: <string>
id: <integer>
interface: <string>
mac: <string>
type: <value in [static, sticky]>
vlan: <list or string>
storm_control:
broadcast: <value in [disable, enable]>
local_override: <value in [disable, enable]>
rate: <integer>
unknown_multicast: <value in [disable, enable]>
unknown_unicast: <value in [disable, enable]>
stp_instance:
-
id: <string>
priority: <value in [0, 4096, 8192, ...]>
stp_settings:
forward_time: <integer>
hello_time: <integer>
local_override: <value in [disable, enable]>
max_age: <integer>
max_hops: <integer>
name: <string>
pending_timer: <integer>
revision: <integer>
status: <value in [disable, enable]>
switch_device_tag: <string>
switch_log:
local_override: <value in [disable, enable]>
severity: <value in [emergency, alert, critical, ...]>
status: <value in [disable, enable]>
switch_profile: <list or string>
type: <value in [physical, virtual]>
version: <integer>
poe_lldp_detection: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |