fortinet.fortimanager.fmgr_switchcontroller_managedswitch module – Configure FortiSwitch devices that are managed by this FortiGate.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_switchcontroller_managedswitch.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

switchcontroller_managedswitch

dictionary

The top level parameters set.

802_1X_settings

dictionary

802 1X settings.

string

Authentication state to set if a link is down.

Choices:

  • "set-unauth"

  • "no-action"

local_override

string

Enable to override global 802.

Choices:

  • "disable"

  • "enable"

mab_reauth

string

Enable or disable MAB reauthentication settings.

Choices:

  • "disable"

  • "enable"

mac_called_station_delimiter

string

MAC called station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_calling_station_delimiter

string

MAC calling station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_case

string

MAC case

Choices:

  • "uppercase"

  • "lowercase"

mac_password_delimiter

string

MAC authentication password delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_username_delimiter

string

MAC authentication username delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

max_reauth_attempt

integer

Maximum number of authentication attempts

reauth_period

integer

Reauthentication time interval

tx_period

integer

_platform

string

Platform.

access_profile

any

(list) FortiSwitch access profile.

custom_command

list / elements=dictionary

Custom command.

command_entry

string

List of FortiSwitch commands.

command_name

string

Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-com…

delayed_restart_trigger

integer

Delayed restart triggered for this FortiSwitch.

description

string

Description.

dhcp_server_access_list

string

DHCP snooping server access list.

Choices:

  • "disable"

  • "enable"

  • "global"

dhcp_snooping_static_client

list / elements=dictionary

Dhcp snooping static client.

ip

string

Client static IP address.

mac

string

Client MAC address.

name

string

Client name.

port

string

Interface name.

vlan

string

VLAN name.

directly_connected

integer

Directly connected.

dynamic_capability

string

List of features this FortiSwitch supports

dynamically_discovered

integer

Dynamically discovered.

firmware_provision

string

Enable/disable provisioning of firmware to FortiSwitches on join connection.

Choices:

  • "disable"

  • "enable"

firmware_provision_latest

string

Enable/disable one-time automatic provisioning of the latest firmware version.

Choices:

  • "disable"

  • "once"

firmware_provision_version

string

Firmware version to provision to this FortiSwitch on bootup

flow_identity

string

Flow-tracking netflow ipfix switch identity in hex format

fsw_wan1_admin

string

FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch.

Choices:

  • "disable"

  • "enable"

  • "discovered"

fsw_wan1_peer

any

(list) FortiSwitch WAN1 peer port.

fsw_wan2_admin

string

FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch.

Choices:

  • "disable"

  • "enable"

  • "discovered"

fsw_wan2_peer

string

FortiSwitch WAN2 peer port.

igmp_snooping

dictionary

Igmp snooping.

aging_time

integer

Maximum time to retain a multicast snooping entry for which no packets have been seen

flood_unknown_multicast

string

Enable/disable unknown multicast flooding.

Choices:

  • "disable"

  • "enable"

local_override

string

Enable/disable overriding the global IGMP snooping configuration.

Choices:

  • "disable"

  • "enable"

vlans

list / elements=dictionary

Vlans.

proxy

string

IGMP snooping proxy for the VLAN interface.

Choices:

  • "disable"

  • "enable"

  • "global"

querier

string

Enable/disable IGMP snooping querier for the VLAN interface.

Choices:

  • "disable"

  • "enable"

querier_addr

string

IGMP snooping querier address.

version

integer

IGMP snooping querying version.

vlan_name

any

(list) List of FortiSwitch VLANs.

ip_source_guard

list / elements=dictionary

Ip source guard.

binding_entry

list / elements=dictionary

Binding entry.

entry_name

string

Configure binding pair.

ip

string

Source IP for this rule.

mac

string

MAC address for this rule.

description

string

Description.

port

string

Ingress interface to which source guard is bound.

l3_discovered

integer

L3 discovered.

max_allowed_trunk_members

integer

FortiSwitch maximum allowed trunk members.

mclag_igmp_snooping_aware

string

Enable/disable MCLAG IGMP-snooping awareness.

Choices:

  • "disable"

  • "enable"

mgmt_mode

integer

FortiLink management mode.

mirror

list / elements=dictionary

Mirror.

dst

string

Destination port.

name

string

Mirror name.

src_egress

any

(list) Source egress interfaces.

src_ingress

any

(list) Source ingress interfaces.

status

string

Active/inactive mirror configuration.

Choices:

  • "inactive"

  • "active"

switching_packet

string

Enable/disable switching functionality when mirroring.

Choices:

  • "disable"

  • "enable"

name

string

Managed-switch name.

override_snmp_community

string

Enable/disable overriding the global SNMP communities.

Choices:

  • "disable"

  • "enable"

override_snmp_sysinfo

string

Enable/disable overriding the global SNMP system information.

Choices:

  • "disable"

  • "enable"

override_snmp_trap_threshold

string

Enable/disable overriding the global SNMP trap threshold values.

Choices:

  • "disable"

  • "enable"

override_snmp_user

string

Enable/disable overriding the global SNMP users.

Choices:

  • "disable"

  • "enable"

owner_vdom

string

VDOM which owner of port belongs to.

poe_detection_type

integer

Poe detection type.

poe_lldp_detection

string

Enable/disable PoE LLDP detection.

Choices:

  • "disable"

  • "enable"

poe_pre_standard_detection

string

Enable/disable PoE pre-standard detection.

Choices:

  • "disable"

  • "enable"

ports

list / elements=dictionary

Ports.

access_mode

string

Access mode of the port.

Choices:

  • "normal"

  • "nac"

  • "dynamic"

  • "static"

acl_group

any

(list) ACL groups on this port.

aggregator_mode

string

LACP member select mode.

Choices:

  • "bandwidth"

  • "count"

allow_arp_monitor

string

Enable/Disable allow ARP monitor.

Choices:

  • "disable"

  • "enable"

allowed_vlans

any

(list or str) Configure switch port tagged vlans

allowed_vlans_all

string

Enable/disable all defined vlans on this port.

Choices:

  • "disable"

  • "enable"

arp_inspection_trust

string

Trusted or untrusted dynamic ARP inspection.

Choices:

  • "untrusted"

  • "trusted"

authenticated_port

integer

Authenticated port.

bundle

string

Enable/disable Link Aggregation Group

Choices:

  • "disable"

  • "enable"

description

string

Description for port.

dhcp_snoop_option82_override

list / elements=dictionary

Dhcp snoop option82 override.

circuit_id

string

Circuit ID string.

remote_id

string

Remote ID string.

vlan_name

string

DHCP snooping option 82 VLAN.

dhcp_snoop_option82_trust

string

Enable/disable allowance of DHCP with option-82 on untrusted interface.

Choices:

  • "disable"

  • "enable"

dhcp_snooping

string

Trusted or untrusted DHCP-snooping interface.

Choices:

  • "trusted"

  • "untrusted"

discard_mode

string

Configure discard mode for port.

Choices:

  • "none"

  • "all-untagged"

  • "all-tagged"

dot1x_enable

string

Dot1x enable.

Choices:

  • "disable"

  • "enable"

dsl_profile

string

DSL policy configuration.

edge_port

string

Enable/disable this interface as an edge port, bridging connections between workstations and/or computers.

Choices:

  • "disable"

  • "enable"

encrypted_port

integer

Encrypted port.

export_tags

any

(list) Configure export tag

export_to

any

(list) Export managed-switch port to a tenant VDOM.

export_to_pool

any

(list) Switch controller export port to pool-list.

export_to_pool_flag

integer

Switch controller export port to pool-list.

fallback_port

string

LACP fallback port.

fec_capable

integer

FEC capable.

fec_state

string

State of forward error correction.

Choices:

  • "disabled"

  • "cl74"

  • "cl91"

  • "detect-by-module"

fgt_peer_device_name

string

Fgt peer device name.

fgt_peer_port_name

string

Fgt peer port name.

fiber_port

integer

Fiber port.

flags

integer

Flags.

flap_duration

integer

Period over which flap events are calculated

flap_rate

integer

Number of stage change events needed within flap-duration.

flap_timeout

integer

Flap guard disabling protection

flapguard

string

Enable/disable flap guard.

Choices:

  • "disable"

  • "enable"

flow_control

string

Flow control direction.

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "both"

integer

Fortilink port.

fortiswitch_acls

any

(list) ACLs on this port.

igmp_snooping

string

Set IGMP snooping mode for the physical port interface.

Choices:

  • "disable"

  • "enable"

igmp_snooping_flood_reports

string

Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.

Choices:

  • "disable"

  • "enable"

igmps_flood_reports

string

Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.

Choices:

  • "disable"

  • "enable"

igmps_flood_traffic

string

Enable/disable flooding of IGMP snooping traffic to this interface.

Choices:

  • "disable"

  • "enable"

interface_tags

any

(list or str) Tag

ip_source_guard

string

Enable/disable IP source guard.

Choices:

  • "disable"

  • "enable"

isl_local_trunk_name

string

Isl local trunk name.

isl_peer_device_name

string

Isl peer device name.

isl_peer_device_sn

string

Isl peer device sn.

isl_peer_port_name

string

Isl peer port name.

lacp_speed

string

End Link Aggregation Control Protocol

Choices:

  • "slow"

  • "fast"

learning_limit

integer

Limit the number of dynamic MAC addresses on this Port

string

Link status.

Choices:

  • "down"

  • "up"

lldp_profile

string

LLDP port TLV profile.

lldp_status

string

LLDP transmit and receive status.

Choices:

  • "disable"

  • "rx-only"

  • "tx-only"

  • "tx-rx"

log_mac_event

string

Enable/disable logging for dynamic MAC address events.

Choices:

  • "disable"

  • "enable"

loop_guard

string

Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops.

Choices:

  • "disabled"

  • "enabled"

loop_guard_timeout

integer

Loop-guard timeout

mac_addr

string

Port/Trunk MAC.

matched_dpp_intf_tags

string

Matched interface tags in the dynamic port policy.

matched_dpp_policy

string

Matched child policy in the dynamic port policy.

max_bundle

integer

Maximum size of LAG bundle

max_miss_heartbeats

integer

Maximum tolerant missed heartbeats.

mcast_snooping_flood_traffic

string

Enable/disable flooding of IGMP snooping traffic to this interface.

Choices:

  • "disable"

  • "enable"

mclag

string

Enable/disable multi-chassis link aggregation

Choices:

  • "disable"

  • "enable"

mclag_icl_port

integer

Mclag icl port.

media_type

string

Media type.

member_withdrawal_behavior

string

Port behavior after it withdraws because of loss of control packets.

Choices:

  • "forward"

  • "block"

members

any

(list) Aggregated LAG bundle interfaces.

min_bundle

integer

Minimum size of LAG bundle

mode

string

LACP mode

Choices:

  • "static"

  • "lacp-passive"

  • "lacp-active"

p2p_port

integer

P2p port.

packet_sample_rate

integer

Packet sampling rate

packet_sampler

string

Enable/disable packet sampling on this interface.

Choices:

  • "disabled"

  • "enabled"

pause_meter

integer

Configure ingress pause metering rate, in kbps

pause_meter_resume

string

Resume threshold for resuming traffic on ingress port.

Choices:

  • "25%"

  • "50%"

  • "75%"

pd_capable

integer

Powered device capable.

poe_capable

integer

PoE capable.

poe_max_power

string

Poe max power.

poe_mode_bt_cabable

integer

PoE mode IEEE 802.

poe_port_mode

string

Configure PoE port mode.

Choices:

  • "ieee802-3af"

  • "ieee802-3at"

  • "ieee802-3bt"

poe_port_power

string

Configure PoE port power.

Choices:

  • "normal"

  • "perpetual"

  • "perpetual-fast"

poe_port_priority

string

Configure PoE port priority.

Choices:

  • "critical-priority"

  • "high-priority"

  • "low-priority"

  • "medium-priority"

poe_pre_standard_detection

string

Enable/disable PoE pre-standard detection.

Choices:

  • "disable"

  • "enable"

poe_standard

string

Poe standard.

poe_status

string

Enable/disable PoE status.

Choices:

  • "disable"

  • "enable"

port_name

string

Switch port name.

port_number

integer

Port number.

port_owner

string

Switch port name.

port_policy

string

Switch controller dynamic port policy from available options.

port_prefix_type

integer

Port prefix type.

port_security_policy

string

Switch controller authentication policy to apply to this managed switch from available options.

port_selection_criteria

string

Algorithm for aggregate port selection.

Choices:

  • "src-mac"

  • "dst-mac"

  • "src-dst-mac"

  • "src-ip"

  • "dst-ip"

  • "src-dst-ip"

ptp_policy

any

(list) PTP policy configuration.

ptp_status

string

Enable/disable PTP policy on this FortiSwitch port.

Choices:

  • "disable"

  • "enable"

qnq

any

(list) ‘802.’

qos_policy

string

Switch controller QoS policy from available options.

restricted_auth_port

integer

Restricted auth port.

rpvst_port

string

Enable/disable inter-operability with rapid PVST on this interface.

Choices:

  • "disabled"

  • "enabled"

sample_direction

string

SFlow sample direction.

Choices:

  • "rx"

  • "tx"

  • "both"

sflow_counter_interval

integer

SFlow sampler counter polling interval

sflow_sample_rate

integer

SFlow sampler sample rate

sflow_sampler

string

Enable/disable sFlow protocol on this interface.

Choices:

  • "disabled"

  • "enabled"

speed

string

Switch port speed; default and available settings depend on hardware.

Choices:

  • "auto"

  • "10full"

  • "10half"

  • "100full"

  • "100half"

  • "1000full"

  • "10000full"

  • "1000auto"

  • "40000full"

  • "1000fiber"

  • "10000"

  • "40000"

  • "auto-module"

  • "100FX-half"

  • "100FX-full"

  • "100000full"

  • "2500full"

  • "25000full"

  • "50000full"

  • "40000auto"

  • "10000cr"

  • "10000sr"

  • "100000sr4"

  • "100000cr4"

  • "25000cr4"

  • "25000sr4"

  • "5000full"

  • "2500auto"

  • "5000auto"

  • "1000full-fiber"

  • "40000sr4"

  • "40000cr4"

  • "25000cr"

  • "25000sr"

  • "50000cr"

  • "50000sr"

speed_mask

integer

Switch port speed mask.

stacking_port

integer

Stacking port.

status

string

Switch port admin status

Choices:

  • "down"

  • "up"

sticky_mac

string

Enable or disable sticky-mac on the interface.

Choices:

  • "disable"

  • "enable"

storm_control_policy

string

Switch controller storm control policy from available options.

stp_bpdu_guard

string

Enable/disable STP BPDU guard on this interface.

Choices:

  • "disabled"

  • "enabled"

stp_bpdu_guard_timeout

integer

BPDU Guard disabling protection

stp_root_guard

string

Enable/disable STP root guard on this interface.

Choices:

  • "disabled"

  • "enabled"

stp_state

string

Enable/disable Spanning Tree Protocol

Choices:

  • "disabled"

  • "enabled"

switch_id

string

Switch id.

trunk_member

integer

Trunk member.

type

string

Interface type

Choices:

  • "physical"

  • "trunk"

untagged_vlans

any

(list or str) Configure switch port untagged vlans

virtual_port

integer

Virtualized switch port.

vlan

string

Assign switch ports to a VLAN.

pre_provisioned

integer

Pre-provisioned managed switch.

ptp_profile

string

PTP profile configuration.

ptp_status

string

Enable/disable PTP profile on this FortiSwitch.

Choices:

  • "disable"

  • "enable"

purdue_level

string

Purdue Level of this FortiSwitch.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

  • "5"

  • "1.5"

  • "2.5"

  • "3.5"

  • "5.5"

qos_drop_policy

string

Set QoS drop-policy.

Choices:

  • "taildrop"

  • "random-early-detection"

qos_red_probability

integer

Set QoS RED/WRED drop probability.

radius_nas_ip

string

NAS-IP address.

radius_nas_ip_override

string

Use locally defined NAS-IP.

Choices:

  • "disable"

  • "enable"

remote_log

list / elements=dictionary

Remote log.

csv

string

Enable/disable comma-separated value

Choices:

  • "disable"

  • "enable"

facility

string

Facility to log to remote syslog server.

Choices:

  • "kernel"

  • "user"

  • "mail"

  • "daemon"

  • "auth"

  • "syslog"

  • "lpr"

  • "news"

  • "uucp"

  • "cron"

  • "authpriv"

  • "ftp"

  • "ntp"

  • "audit"

  • "alert"

  • "clock"

  • "local0"

  • "local1"

  • "local2"

  • "local3"

  • "local4"

  • "local5"

  • "local6"

  • "local7"

name

string

Remote log name.

port

integer

Remote syslog server listening port.

server

string

IPv4 address of the remote syslog server.

severity

string

Severity of logs to be transferred to remote log server.

Choices:

  • "emergency"

  • "alert"

  • "critical"

  • "error"

  • "warning"

  • "notification"

  • "information"

  • "debug"

status

string

Enable/disable logging by FortiSwitch device to a remote syslog server.

Choices:

  • "disable"

  • "enable"

route_offload

string

Enable/disable route offload on this FortiSwitch.

Choices:

  • "disable"

  • "enable"

route_offload_mclag

string

Enable/disable route offload MCLAG on this FortiSwitch.

Choices:

  • "disable"

  • "enable"

route_offload_router

list / elements=dictionary

Route offload router.

router_ip

string

Router IP address.

vlan_name

string

VLAN name.

sn

string

Managed-switch serial number.

snmp_community

list / elements=dictionary

Snmp community.

events

list / elements=string

SNMP notifications

Choices:

  • "cpu-high"

  • "mem-low"

  • "log-full"

  • "intf-ip"

  • "ent-conf-change"

  • "l2mac"

hosts

list / elements=dictionary

Hosts.

id

integer

Host entry ID.

ip

string

IPv4 address of the SNMP manager

id

integer

SNMP community ID.

name

string

SNMP community name.

query_v1_port

integer

SNMP v1 query port

query_v1_status

string

Enable/disable SNMP v1 queries.

Choices:

  • "disable"

  • "enable"

query_v2c_port

integer

SNMP v2c query port

query_v2c_status

string

Enable/disable SNMP v2c queries.

Choices:

  • "disable"

  • "enable"

status

string

Enable/disable this SNMP community.

Choices:

  • "disable"

  • "enable"

trap_v1_lport

integer

SNMP v2c trap local port

trap_v1_rport

integer

SNMP v2c trap remote port

trap_v1_status

string

Enable/disable SNMP v1 traps.

Choices:

  • "disable"

  • "enable"

trap_v2c_lport

integer

SNMP v2c trap local port

trap_v2c_rport

integer

SNMP v2c trap remote port

trap_v2c_status

string

Enable/disable SNMP v2c traps.

Choices:

  • "disable"

  • "enable"

snmp_sysinfo

dictionary

Snmp sysinfo.

contact_info

string

Contact information.

description

string

System description.

engine_id

string

Local SNMP engine ID string

location

string

System location.

status

string

Enable/disable SNMP.

Choices:

  • "disable"

  • "enable"

snmp_trap_threshold

dictionary

Snmp trap threshold.

trap_high_cpu_threshold

integer

CPU usage when trap is sent.

trap_log_full_threshold

integer

Log disk usage when trap is sent.

trap_low_memory_threshold

integer

Memory usage when trap is sent.

snmp_user

list / elements=dictionary

Snmp user.

auth_proto

string

Authentication protocol.

Choices:

  • "md5"

  • "sha"

  • "sha1"

  • "sha256"

  • "sha384"

  • "sha512"

  • "sha224"

auth_pwd

any

(list) Password for authentication protocol.

name

string

SNMP user name.

priv_proto

string

Privacy

Choices:

  • "des"

  • "aes"

  • "aes128"

  • "aes192"

  • "aes256"

  • "aes192c"

  • "aes256c"

priv_pwd

any

(list) Password for privacy

queries

string

Enable/disable SNMP queries for this user.

Choices:

  • "disable"

  • "enable"

query_port

integer

SNMPv3 query port

security_level

string

Security level for message authentication and encryption.

Choices:

  • "no-auth-no-priv"

  • "auth-no-priv"

  • "auth-priv"

staged_image_version

string

Staged image version for FortiSwitch.

static_mac

list / elements=dictionary

Static mac.

description

string

Description.

id

integer

ID.

interface

string

Interface name.

mac

string

MAC address.

type

string

Type.

Choices:

  • "static"

  • "sticky"

vlan

any

(list) Vlan.

storm_control

dictionary

Storm control.

broadcast

string

Enable/disable storm control to drop broadcast traffic.

Choices:

  • "disable"

  • "enable"

local_override

string

Enable to override global FortiSwitch storm control settings for this FortiSwitch.

Choices:

  • "disable"

  • "enable"

rate

integer

Rate in packets per second at which storm control drops excess traffic

unknown_multicast

string

Enable/disable storm control to drop unknown multicast traffic.

Choices:

  • "disable"

  • "enable"

unknown_unicast

string

Enable/disable storm control to drop unknown unicast traffic.

Choices:

  • "disable"

  • "enable"

stp_instance

list / elements=dictionary

Stp instance.

id

string

Instance ID.

priority

string

Priority.

Choices:

  • "0"

  • "4096"

  • "8192"

  • "12288"

  • "12328"

  • "16384"

  • "20480"

  • "24576"

  • "28672"

  • "32768"

  • "36864"

  • "40960"

  • "45056"

  • "49152"

  • "53248"

  • "57344"

  • "61440"

stp_settings

dictionary

Stp settings.

forward_time

integer

Period of time a port is in listening and learning state

hello_time

integer

Period of time between successive STP frame Bridge Protocol Data Units

local_override

string

Enable to configure local STP settings that override global STP settings.

Choices:

  • "disable"

  • "enable"

max_age

integer

Maximum time before a bridge port saves its configuration BPDU information

max_hops

integer

Maximum number of hops between the root bridge and the furthest bridge

name

string

Name of local STP settings configuration.

pending_timer

integer

Pending time

revision

integer

STP revision number

status

string

Enable/disable STP.

Choices:

  • "disable"

  • "enable"

switch_device_tag

string

User definable label/tag.

switch_dhcp_opt43_key

string

DHCP option43 key.

switch_id

string / required

Managed-switch id.

switch_log

dictionary

Switch log.

local_override

string

Enable to configure local logging settings that override global logging settings.

Choices:

  • "disable"

  • "enable"

severity

string

Severity of FortiSwitch logs that are added to the FortiGate event log.

Choices:

  • "emergency"

  • "alert"

  • "critical"

  • "error"

  • "warning"

  • "notification"

  • "information"

  • "debug"

status

string

Enable/disable adding FortiSwitch logs to the FortiGate event log.

Choices:

  • "disable"

  • "enable"

switch_profile

any

(list) FortiSwitch profile.

tdr_supported

string

Tdr supported.

tunnel_discovered

integer

Tunnel discovered.

type

string

Indication of switch type, physical or virtual.

Choices:

  • "physical"

  • "virtual"

version

integer

FortiSwitch version.

vlan

list / elements=dictionary

Vlan.

assignment_priority

integer

vlan_name

string

VLAN name.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure FortiSwitch devices that are managed by this FortiGate.
      fortinet.fortimanager.fmgr_switchcontroller_managedswitch:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        switchcontroller_managedswitch:
          _platform: <string>
          description: <string>
          name: <string>
          ports:
            -
              allowed_vlans: <list or string>
              allowed_vlans_all: <value in [disable, enable]>
              arp_inspection_trust: <value in [untrusted, trusted]>
              bundle: <value in [disable, enable]>
              description: <string>
              dhcp_snoop_option82_trust: <value in [disable, enable]>
              dhcp_snooping: <value in [trusted, untrusted]>
              discard_mode: <value in [none, all-untagged, all-tagged]>
              edge_port: <value in [disable, enable]>
              igmp_snooping: <value in [disable, enable]>
              igmps_flood_reports: <value in [disable, enable]>
              igmps_flood_traffic: <value in [disable, enable]>
              lacp_speed: <value in [slow, fast]>
              learning_limit: <integer>
              lldp_profile: <string>
              lldp_status: <value in [disable, rx-only, tx-only, ...]>
              loop_guard: <value in [disabled, enabled]>
              loop_guard_timeout: <integer>
              max_bundle: <integer>
              mclag: <value in [disable, enable]>
              member_withdrawal_behavior: <value in [forward, block]>
              members: <list or string>
              min_bundle: <integer>
              mode: <value in [static, lacp-passive, lacp-active]>
              poe_pre_standard_detection: <value in [disable, enable]>
              poe_status: <value in [disable, enable]>
              port_name: <string>
              port_owner: <string>
              port_security_policy: <string>
              port_selection_criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]>
              qos_policy: <string>
              sample_direction: <value in [rx, tx, both]>
              sflow_counter_interval: <integer>
              sflow_sample_rate: <integer>
              sflow_sampler: <value in [disabled, enabled]>
              stp_bpdu_guard: <value in [disabled, enabled]>
              stp_bpdu_guard_timeout: <integer>
              stp_root_guard: <value in [disabled, enabled]>
              stp_state: <value in [disabled, enabled]>
              type: <value in [physical, trunk]>
              untagged_vlans: <list or string>
              vlan: <string>
              export_to_pool_flag: <integer>
              mac_addr: <string>
              packet_sample_rate: <integer>
              packet_sampler: <value in [disabled, enabled]>
              sticky_mac: <value in [disable, enable]>
              storm_control_policy: <string>
              dot1x_enable: <value in [disable, enable]>
              max_miss_heartbeats: <integer>
              access_mode: <value in [normal, nac, dynamic, ...]>
              ip_source_guard: <value in [disable, enable]>
              mclag_icl_port: <integer>
              p2p_port: <integer>
              aggregator_mode: <value in [bandwidth, count]>
              rpvst_port: <value in [disabled, enabled]>
              flow_control: <value in [disable, tx, rx, ...]>
              media_type: <string>
              pause_meter: <integer>
              pause_meter_resume: <value in [25%, 50%, 75%]>
              trunk_member: <integer>
              fec_capable: <integer>
              fec_state: <value in [disabled, cl74, cl91, ...]>
              matched_dpp_intf_tags: <string>
              matched_dpp_policy: <string>
              port_policy: <string>
              status: <value in [down, up]>
              dsl_profile: <string>
              flap_duration: <integer>
              flap_rate: <integer>
              flap_timeout: <integer>
              flapguard: <value in [disable, enable]>
              interface_tags: <list or string>
              poe_max_power: <string>
              poe_standard: <string>
              igmp_snooping_flood_reports: <value in [disable, enable]>
              mcast_snooping_flood_traffic: <value in [disable, enable]>
              link_status: <value in [down, up]>
              poe_mode_bt_cabable: <integer>
              poe_port_mode: <value in [ieee802-3af, ieee802-3at, ieee802-3bt]>
              poe_port_power: <value in [normal, perpetual, perpetual-fast]>
              poe_port_priority: <value in [critical-priority, high-priority, low-priority, ...]>
              acl_group: <list or string>
              dhcp_snoop_option82_override:
                -
                  circuit_id: <string>
                  remote_id: <string>
                  vlan_name: <string>
              fortiswitch_acls: <list or integer>
              isl_peer_device_sn: <string>
              authenticated_port: <integer>
              encrypted_port: <integer>
              ptp_status: <value in [disable, enable]>
              restricted_auth_port: <integer>
              allow_arp_monitor: <value in [disable, enable]>
              export_to: <list or string>
              export_to_pool: <list or string>
              fallback_port: <string>
              fgt_peer_device_name: <string>
              fgt_peer_port_name: <string>
              fiber_port: <integer>
              flags: <integer>
              fortilink_port: <integer>
              isl_local_trunk_name: <string>
              isl_peer_device_name: <string>
              isl_peer_port_name: <string>
              poe_capable: <integer>
              port_number: <integer>
              port_prefix_type: <integer>
              ptp_policy: <list or string>
              speed: <value in [auto, 10full, 10half, ...]>
              speed_mask: <integer>
              stacking_port: <integer>
              switch_id: <string>
              virtual_port: <integer>
              export_tags: <list or string>
              log_mac_event: <value in [disable, enable]>
              pd_capable: <integer>
              qnq: <list or string>
          switch_id: <string>
          override_snmp_community: <value in [disable, enable]>
          override_snmp_sysinfo: <value in [disable, enable]>
          override_snmp_trap_threshold: <value in [disable, enable]>
          override_snmp_user: <value in [disable, enable]>
          poe_detection_type: <integer>
          remote_log:
            -
              csv: <value in [disable, enable]>
              facility: <value in [kernel, user, mail, ...]>
              name: <string>
              port: <integer>
              server: <string>
              severity: <value in [emergency, alert, critical, ...]>
              status: <value in [disable, enable]>
          snmp_community:
            -
              events:
                - "cpu-high"
                - "mem-low"
                - "log-full"
                - "intf-ip"
                - "ent-conf-change"
                - "l2mac"
              hosts:
                -
                  id: <integer>
                  ip: <string>
              id: <integer>
              name: <string>
              query_v1_port: <integer>
              query_v1_status: <value in [disable, enable]>
              query_v2c_port: <integer>
              query_v2c_status: <value in [disable, enable]>
              status: <value in [disable, enable]>
              trap_v1_lport: <integer>
              trap_v1_rport: <integer>
              trap_v1_status: <value in [disable, enable]>
              trap_v2c_lport: <integer>
              trap_v2c_rport: <integer>
              trap_v2c_status: <value in [disable, enable]>
          snmp_user:
            -
              auth_proto: <value in [md5, sha, sha1, ...]>
              auth_pwd: <list or string>
              name: <string>
              priv_proto: <value in [des, aes, aes128, ...]>
              priv_pwd: <list or string>
              queries: <value in [disable, enable]>
              query_port: <integer>
              security_level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]>
          mclag_igmp_snooping_aware: <value in [disable, enable]>
          ip_source_guard:
            -
              binding_entry:
                -
                  entry_name: <string>
                  ip: <string>
                  mac: <string>
              description: <string>
              port: <string>
          l3_discovered: <integer>
          qos_drop_policy: <value in [taildrop, random-early-detection]>
          qos_red_probability: <integer>
          switch_dhcp_opt43_key: <string>
          tdr_supported: <string>
          custom_command:
            -
              command_entry: <string>
              command_name: <string>
          firmware_provision: <value in [disable, enable]>
          firmware_provision_version: <string>
          dhcp_server_access_list: <value in [disable, enable, global]>
          firmware_provision_latest: <value in [disable, once]>
          dhcp_snooping_static_client:
            -
              ip: <string>
              mac: <string>
              name: <string>
              port: <string>
              vlan: <string>
          ptp_profile: <string>
          ptp_status: <value in [disable, enable]>
          route_offload: <value in [disable, enable]>
          route_offload_mclag: <value in [disable, enable]>
          route_offload_router:
            -
              router_ip: <string>
              vlan_name: <string>
          mgmt_mode: <integer>
          purdue_level: <value in [1, 2, 3, ...]>
          radius_nas_ip: <string>
          radius_nas_ip_override: <value in [disable, enable]>
          tunnel_discovered: <integer>
          vlan:
            -
              assignment_priority: <integer>
              vlan_name: <string>
          802_1X_settings:
            link_down_auth: <value in [set-unauth, no-action]>
            local_override: <value in [disable, enable]>
            mab_reauth: <value in [disable, enable]>
            mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            mac_case: <value in [uppercase, lowercase]>
            mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
            max_reauth_attempt: <integer>
            reauth_period: <integer>
            tx_period: <integer>
          access_profile: <list or string>
          delayed_restart_trigger: <integer>
          directly_connected: <integer>
          dynamic_capability: <string>
          dynamically_discovered: <integer>
          flow_identity: <string>
          fsw_wan1_admin: <value in [disable, enable, discovered]>
          fsw_wan1_peer: <list or string>
          fsw_wan2_admin: <value in [disable, enable, discovered]>
          fsw_wan2_peer: <string>
          igmp_snooping:
            aging_time: <integer>
            flood_unknown_multicast: <value in [disable, enable]>
            local_override: <value in [disable, enable]>
            vlans:
              -
                proxy: <value in [disable, enable, global]>
                querier: <value in [disable, enable]>
                querier_addr: <string>
                version: <integer>
                vlan_name: <list or string>
          max_allowed_trunk_members: <integer>
          mirror:
            -
              dst: <string>
              name: <string>
              src_egress: <list or string>
              src_ingress: <list or string>
              status: <value in [inactive, active]>
              switching_packet: <value in [disable, enable]>
          owner_vdom: <string>
          poe_pre_standard_detection: <value in [disable, enable]>
          pre_provisioned: <integer>
          sn: <string>
          snmp_sysinfo:
            contact_info: <string>
            description: <string>
            engine_id: <string>
            location: <string>
            status: <value in [disable, enable]>
          snmp_trap_threshold:
            trap_high_cpu_threshold: <integer>
            trap_log_full_threshold: <integer>
            trap_low_memory_threshold: <integer>
          staged_image_version: <string>
          static_mac:
            -
              description: <string>
              id: <integer>
              interface: <string>
              mac: <string>
              type: <value in [static, sticky]>
              vlan: <list or string>
          storm_control:
            broadcast: <value in [disable, enable]>
            local_override: <value in [disable, enable]>
            rate: <integer>
            unknown_multicast: <value in [disable, enable]>
            unknown_unicast: <value in [disable, enable]>
          stp_instance:
            -
              id: <string>
              priority: <value in [0, 4096, 8192, ...]>
          stp_settings:
            forward_time: <integer>
            hello_time: <integer>
            local_override: <value in [disable, enable]>
            max_age: <integer>
            max_hops: <integer>
            name: <string>
            pending_timer: <integer>
            revision: <integer>
            status: <value in [disable, enable]>
          switch_device_tag: <string>
          switch_log:
            local_override: <value in [disable, enable]>
            severity: <value in [emergency, alert, critical, ...]>
            status: <value in [disable, enable]>
          switch_profile: <list or string>
          type: <value in [physical, virtual]>
          version: <integer>
          poe_lldp_detection: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)