fortinet.fortimanager.fmgr_switchcontroller_managedswitch_ports module – Managed-switch port list.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_switchcontroller_managedswitch_ports.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

managed-switch

string

Deprecated, please use “managed_switch”

managed_switch

string

The parameter (managed-switch) in requested url.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

switchcontroller_managedswitch_ports

dictionary

The top level parameters set.

access_mode

string

Access mode of the port.

Choices:

  • "normal"

  • "nac"

  • "dynamic"

  • "static"

acl_group

any

(list) ACL groups on this port.

aggregator_mode

string

LACP member select mode.

Choices:

  • "bandwidth"

  • "count"

allow_arp_monitor

string

Enable/Disable allow ARP monitor.

Choices:

  • "disable"

  • "enable"

allowed_vlans

any

(list or str) Configure switch port tagged vlans

allowed_vlans_all

string

Enable/disable all defined vlans on this port.

Choices:

  • "disable"

  • "enable"

arp_inspection_trust

string

Trusted or untrusted dynamic ARP inspection.

Choices:

  • "untrusted"

  • "trusted"

authenticated_port

integer

Authenticated port.

bundle

string

Enable/disable Link Aggregation Group

Choices:

  • "disable"

  • "enable"

description

string

Description for port.

dhcp_snoop_option82_override

list / elements=dictionary

Dhcp snoop option82 override.

circuit_id

string

Circuit ID string.

remote_id

string

Remote ID string.

vlan_name

string

DHCP snooping option 82 VLAN.

dhcp_snoop_option82_trust

string

Enable/disable allowance of DHCP with option-82 on untrusted interface.

Choices:

  • "disable"

  • "enable"

dhcp_snooping

string

Trusted or untrusted DHCP-snooping interface.

Choices:

  • "trusted"

  • "untrusted"

discard_mode

string

Configure discard mode for port.

Choices:

  • "none"

  • "all-untagged"

  • "all-tagged"

dot1x_enable

string

Dot1x enable.

Choices:

  • "disable"

  • "enable"

dsl_profile

string

DSL policy configuration.

edge_port

string

Enable/disable this interface as an edge port, bridging connections between workstations and/or computers.

Choices:

  • "disable"

  • "enable"

encrypted_port

integer

Encrypted port.

export_tags

any

(list) Configure export tag

export_to

any

(list) Export managed-switch port to a tenant VDOM.

export_to_pool

any

(list) Switch controller export port to pool-list.

export_to_pool_flag

integer

Switch controller export port to pool-list.

fallback_port

string

LACP fallback port.

fec_capable

integer

FEC capable.

fec_state

string

State of forward error correction.

Choices:

  • "disabled"

  • "cl74"

  • "cl91"

  • "detect-by-module"

fgt_peer_device_name

string

Fgt peer device name.

fgt_peer_port_name

string

Fgt peer port name.

fiber_port

integer

Fiber port.

flags

integer

Flags.

flap_duration

integer

Period over which flap events are calculated

flap_rate

integer

Number of stage change events needed within flap-duration.

flap_timeout

integer

Flap guard disabling protection

flapguard

string

Enable/disable flap guard.

Choices:

  • "disable"

  • "enable"

flow_control

string

Flow control direction.

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "both"

integer

Fortilink port.

fortiswitch_acls

any

(list) ACLs on this port.

igmp_snooping

string

Set IGMP snooping mode for the physical port interface.

Choices:

  • "disable"

  • "enable"

igmp_snooping_flood_reports

string

Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.

Choices:

  • "disable"

  • "enable"

igmps_flood_reports

string

Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled.

Choices:

  • "disable"

  • "enable"

igmps_flood_traffic

string

Enable/disable flooding of IGMP snooping traffic to this interface.

Choices:

  • "disable"

  • "enable"

interface_tags

any

(list or str) Tag

ip_source_guard

string

Enable/disable IP source guard.

Choices:

  • "disable"

  • "enable"

isl_local_trunk_name

string

Isl local trunk name.

isl_peer_device_name

string

Isl peer device name.

isl_peer_device_sn

string

Isl peer device sn.

isl_peer_port_name

string

Isl peer port name.

lacp_speed

string

End Link Aggregation Control Protocol

Choices:

  • "slow"

  • "fast"

learning_limit

integer

Limit the number of dynamic MAC addresses on this Port

string

Link status.

Choices:

  • "down"

  • "up"

lldp_profile

string

LLDP port TLV profile.

lldp_status

string

LLDP transmit and receive status.

Choices:

  • "disable"

  • "rx-only"

  • "tx-only"

  • "tx-rx"

log_mac_event

string

Enable/disable logging for dynamic MAC address events.

Choices:

  • "disable"

  • "enable"

loop_guard

string

Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops.

Choices:

  • "disabled"

  • "enabled"

loop_guard_timeout

integer

Loop-guard timeout

mac_addr

string

Port/Trunk MAC.

matched_dpp_intf_tags

string

Matched interface tags in the dynamic port policy.

matched_dpp_policy

string

Matched child policy in the dynamic port policy.

max_bundle

integer

Maximum size of LAG bundle

max_miss_heartbeats

integer

Maximum tolerant missed heartbeats.

mcast_snooping_flood_traffic

string

Enable/disable flooding of IGMP snooping traffic to this interface.

Choices:

  • "disable"

  • "enable"

mclag

string

Enable/disable multi-chassis link aggregation

Choices:

  • "disable"

  • "enable"

mclag_icl_port

integer

Mclag icl port.

media_type

string

Media type.

member_withdrawal_behavior

string

Port behavior after it withdraws because of loss of control packets.

Choices:

  • "forward"

  • "block"

members

any

(list) Aggregated LAG bundle interfaces.

min_bundle

integer

Minimum size of LAG bundle

mode

string

LACP mode

Choices:

  • "static"

  • "lacp-passive"

  • "lacp-active"

p2p_port

integer

P2p port.

packet_sample_rate

integer

Packet sampling rate

packet_sampler

string

Enable/disable packet sampling on this interface.

Choices:

  • "disabled"

  • "enabled"

pause_meter

integer

Configure ingress pause metering rate, in kbps

pause_meter_resume

string

Resume threshold for resuming traffic on ingress port.

Choices:

  • "25%"

  • "50%"

  • "75%"

pd_capable

integer

Powered device capable.

poe_capable

integer

PoE capable.

poe_max_power

string

Poe max power.

poe_mode_bt_cabable

integer

PoE mode IEEE 802.

poe_port_mode

string

Configure PoE port mode.

Choices:

  • "ieee802-3af"

  • "ieee802-3at"

  • "ieee802-3bt"

poe_port_power

string

Configure PoE port power.

Choices:

  • "normal"

  • "perpetual"

  • "perpetual-fast"

poe_port_priority

string

Configure PoE port priority.

Choices:

  • "critical-priority"

  • "high-priority"

  • "low-priority"

  • "medium-priority"

poe_pre_standard_detection

string

Enable/disable PoE pre-standard detection.

Choices:

  • "disable"

  • "enable"

poe_standard

string

Poe standard.

poe_status

string

Enable/disable PoE status.

Choices:

  • "disable"

  • "enable"

port_name

string / required

Switch port name.

port_number

integer

Port number.

port_owner

string

Switch port name.

port_policy

string

Switch controller dynamic port policy from available options.

port_prefix_type

integer

Port prefix type.

port_security_policy

string

Switch controller authentication policy to apply to this managed switch from available options.

port_selection_criteria

string

Algorithm for aggregate port selection.

Choices:

  • "src-mac"

  • "dst-mac"

  • "src-dst-mac"

  • "src-ip"

  • "dst-ip"

  • "src-dst-ip"

ptp_policy

any

(list) PTP policy configuration.

ptp_status

string

Enable/disable PTP policy on this FortiSwitch port.

Choices:

  • "disable"

  • "enable"

qnq

any

(list) ‘802.’

qos_policy

string

Switch controller QoS policy from available options.

restricted_auth_port

integer

Restricted auth port.

rpvst_port

string

Enable/disable inter-operability with rapid PVST on this interface.

Choices:

  • "disabled"

  • "enabled"

sample_direction

string

SFlow sample direction.

Choices:

  • "rx"

  • "tx"

  • "both"

sflow_counter_interval

integer

SFlow sampler counter polling interval

sflow_sample_rate

integer

SFlow sampler sample rate

sflow_sampler

string

Enable/disable sFlow protocol on this interface.

Choices:

  • "disabled"

  • "enabled"

speed

string

Switch port speed; default and available settings depend on hardware.

Choices:

  • "auto"

  • "10full"

  • "10half"

  • "100full"

  • "100half"

  • "1000full"

  • "10000full"

  • "1000auto"

  • "40000full"

  • "1000fiber"

  • "10000"

  • "40000"

  • "auto-module"

  • "100FX-half"

  • "100FX-full"

  • "100000full"

  • "2500full"

  • "25000full"

  • "50000full"

  • "40000auto"

  • "10000cr"

  • "10000sr"

  • "100000sr4"

  • "100000cr4"

  • "25000cr4"

  • "25000sr4"

  • "5000full"

  • "2500auto"

  • "5000auto"

  • "1000full-fiber"

  • "40000sr4"

  • "40000cr4"

  • "25000cr"

  • "25000sr"

  • "50000cr"

  • "50000sr"

speed_mask

integer

Switch port speed mask.

stacking_port

integer

Stacking port.

status

string

Switch port admin status

Choices:

  • "down"

  • "up"

sticky_mac

string

Enable or disable sticky-mac on the interface.

Choices:

  • "disable"

  • "enable"

storm_control_policy

string

Switch controller storm control policy from available options.

stp_bpdu_guard

string

Enable/disable STP BPDU guard on this interface.

Choices:

  • "disabled"

  • "enabled"

stp_bpdu_guard_timeout

integer

BPDU Guard disabling protection

stp_root_guard

string

Enable/disable STP root guard on this interface.

Choices:

  • "disabled"

  • "enabled"

stp_state

string

Enable/disable Spanning Tree Protocol

Choices:

  • "disabled"

  • "enabled"

switch_id

string

Switch id.

trunk_member

integer

Trunk member.

type

string

Interface type

Choices:

  • "physical"

  • "trunk"

untagged_vlans

any

(list or str) Configure switch port untagged vlans

virtual_port

integer

Virtualized switch port.

vlan

string

Assign switch ports to a VLAN.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Managed-switch port list.
      fortinet.fortimanager.fmgr_switchcontroller_managedswitch_ports:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        managed_switch: <your own value>
        state: present # <value in [present, absent]>
        switchcontroller_managedswitch_ports:
          allowed_vlans: <list or string>
          allowed_vlans_all: <value in [disable, enable]>
          arp_inspection_trust: <value in [untrusted, trusted]>
          bundle: <value in [disable, enable]>
          description: <string>
          dhcp_snoop_option82_trust: <value in [disable, enable]>
          dhcp_snooping: <value in [trusted, untrusted]>
          discard_mode: <value in [none, all-untagged, all-tagged]>
          edge_port: <value in [disable, enable]>
          igmp_snooping: <value in [disable, enable]>
          igmps_flood_reports: <value in [disable, enable]>
          igmps_flood_traffic: <value in [disable, enable]>
          lacp_speed: <value in [slow, fast]>
          learning_limit: <integer>
          lldp_profile: <string>
          lldp_status: <value in [disable, rx-only, tx-only, ...]>
          loop_guard: <value in [disabled, enabled]>
          loop_guard_timeout: <integer>
          max_bundle: <integer>
          mclag: <value in [disable, enable]>
          member_withdrawal_behavior: <value in [forward, block]>
          members: <list or string>
          min_bundle: <integer>
          mode: <value in [static, lacp-passive, lacp-active]>
          poe_pre_standard_detection: <value in [disable, enable]>
          poe_status: <value in [disable, enable]>
          port_name: <string>
          port_owner: <string>
          port_security_policy: <string>
          port_selection_criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]>
          qos_policy: <string>
          sample_direction: <value in [rx, tx, both]>
          sflow_counter_interval: <integer>
          sflow_sample_rate: <integer>
          sflow_sampler: <value in [disabled, enabled]>
          stp_bpdu_guard: <value in [disabled, enabled]>
          stp_bpdu_guard_timeout: <integer>
          stp_root_guard: <value in [disabled, enabled]>
          stp_state: <value in [disabled, enabled]>
          type: <value in [physical, trunk]>
          untagged_vlans: <list or string>
          vlan: <string>
          export_to_pool_flag: <integer>
          mac_addr: <string>
          packet_sample_rate: <integer>
          packet_sampler: <value in [disabled, enabled]>
          sticky_mac: <value in [disable, enable]>
          storm_control_policy: <string>
          dot1x_enable: <value in [disable, enable]>
          max_miss_heartbeats: <integer>
          access_mode: <value in [normal, nac, dynamic, ...]>
          ip_source_guard: <value in [disable, enable]>
          mclag_icl_port: <integer>
          p2p_port: <integer>
          aggregator_mode: <value in [bandwidth, count]>
          rpvst_port: <value in [disabled, enabled]>
          flow_control: <value in [disable, tx, rx, ...]>
          media_type: <string>
          pause_meter: <integer>
          pause_meter_resume: <value in [25%, 50%, 75%]>
          trunk_member: <integer>
          fec_capable: <integer>
          fec_state: <value in [disabled, cl74, cl91, ...]>
          matched_dpp_intf_tags: <string>
          matched_dpp_policy: <string>
          port_policy: <string>
          status: <value in [down, up]>
          dsl_profile: <string>
          flap_duration: <integer>
          flap_rate: <integer>
          flap_timeout: <integer>
          flapguard: <value in [disable, enable]>
          interface_tags: <list or string>
          poe_max_power: <string>
          poe_standard: <string>
          igmp_snooping_flood_reports: <value in [disable, enable]>
          mcast_snooping_flood_traffic: <value in [disable, enable]>
          link_status: <value in [down, up]>
          poe_mode_bt_cabable: <integer>
          poe_port_mode: <value in [ieee802-3af, ieee802-3at, ieee802-3bt]>
          poe_port_power: <value in [normal, perpetual, perpetual-fast]>
          poe_port_priority: <value in [critical-priority, high-priority, low-priority, ...]>
          acl_group: <list or string>
          dhcp_snoop_option82_override:
            -
              circuit_id: <string>
              remote_id: <string>
              vlan_name: <string>
          fortiswitch_acls: <list or integer>
          isl_peer_device_sn: <string>
          authenticated_port: <integer>
          encrypted_port: <integer>
          ptp_status: <value in [disable, enable]>
          restricted_auth_port: <integer>
          allow_arp_monitor: <value in [disable, enable]>
          export_to: <list or string>
          export_to_pool: <list or string>
          fallback_port: <string>
          fgt_peer_device_name: <string>
          fgt_peer_port_name: <string>
          fiber_port: <integer>
          flags: <integer>
          fortilink_port: <integer>
          isl_local_trunk_name: <string>
          isl_peer_device_name: <string>
          isl_peer_port_name: <string>
          poe_capable: <integer>
          port_number: <integer>
          port_prefix_type: <integer>
          ptp_policy: <list or string>
          speed: <value in [auto, 10full, 10half, ...]>
          speed_mask: <integer>
          stacking_port: <integer>
          switch_id: <string>
          virtual_port: <integer>
          export_tags: <list or string>
          log_mac_event: <value in [disable, enable]>
          pd_capable: <integer>
          qnq: <list or string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)