Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_switchcontroller_managedswitch
.
New in version 2.10: of fortinet.fortimanager
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
adom string / required | the parameter (adom) in requested url | ||||
bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
enable_log boolean |
| Enable/Disable logging for task | |||
proposed_method string |
| The overridden method for the underlying Json RPC request | |||
rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||||
rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||||
state string / required |
| the directive to create, update or delete an object | |||
switchcontroller_managedswitch dictionary | the top level parameters set | ||||
_platform string | no description | ||||
custom-command list / elements=string | no description | ||||
command-entry string | List of FortiSwitch commands. | ||||
command-name string | Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. | ||||
description string | Description. | ||||
firmware-provision string |
| Enable/disable provisioning of firmware to FortiSwitches on join connection. | |||
firmware-provision-version string | Firmware version to provision to this FortiSwitch on bootup (major.minor.build, i.e. 6.2.1234). | ||||
ip-source-guard list / elements=string | no description | ||||
binding-entry list / elements=string | no description | ||||
entry-name string | Configure binding pair. | ||||
ip string | Source IP for this rule. | ||||
mac string | MAC address for this rule. | ||||
description string | Description. | ||||
port string | Ingress interface to which source guard is bound. | ||||
l3-discovered integer | no description | ||||
mclag-igmp-snooping-aware string |
| Enable/disable MCLAG IGMP-snooping awareness. | |||
name string | Managed-switch name. | ||||
override-snmp-community string |
| Enable/disable overriding the global SNMP communities. | |||
override-snmp-sysinfo string |
| Enable/disable overriding the global SNMP system information. | |||
override-snmp-trap-threshold string |
| Enable/disable overriding the global SNMP trap threshold values. | |||
override-snmp-user string |
| Enable/disable overriding the global SNMP users. | |||
poe-detection-type integer | no description | ||||
ports list / elements=string | no description | ||||
access-mode string |
| Access mode of the port. | |||
aggregator-mode string |
| LACP member select mode. | |||
allowed-vlans string | Configure switch port tagged vlans | ||||
allowed-vlans-all string |
| Enable/disable all defined vlans on this port. | |||
arp-inspection-trust string |
| Trusted or untrusted dynamic ARP inspection. | |||
bundle string |
| Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. | |||
description string | Description for port. | ||||
dhcp-snoop-option82-trust string |
| Enable/disable allowance of DHCP with option-82 on untrusted interface. | |||
dhcp-snooping string |
| Trusted or untrusted DHCP-snooping interface. | |||
discard-mode string |
| Configure discard mode for port. | |||
edge-port string |
| Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. | |||
export-to-pool-flag integer | Switch controller export port to pool-list. | ||||
fec-capable integer | FEC capable. | ||||
fec-state string |
| State of forward error correction. | |||
flow-control string |
| Flow control direction. | |||
igmp-snooping string |
| Set IGMP snooping mode for the physical port interface. | |||
igmps-flood-reports string |
| Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. | |||
igmps-flood-traffic string |
| Enable/disable flooding of IGMP snooping traffic to this interface. | |||
ip-source-guard string |
| Enable/disable IP source guard. | |||
lacp-speed string |
| end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). | |||
learning-limit integer | Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). | ||||
lldp-profile string | LLDP port TLV profile. | ||||
lldp-status string |
| LLDP transmit and receive status. | |||
loop-guard string |
| Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. | |||
loop-guard-timeout integer | Loop-guard timeout (0 - 120 min, default = 45). | ||||
mac-addr string | Port/Trunk MAC. | ||||
matched-dpp-intf-tags string | Matched interface tags in the dynamic port policy. | ||||
matched-dpp-policy string | Matched child policy in the dynamic port policy. | ||||
max-bundle integer | Maximum size of LAG bundle (1 - 24, default = 24) | ||||
mclag string |
| Enable/disable multi-chassis link aggregation (MCLAG). | |||
mclag-icl-port integer | no description | ||||
media-type string | no description | ||||
member-withdrawal-behavior string |
| Port behavior after it withdraws because of loss of control packets. | |||
members string | no description | ||||
min-bundle integer | Minimum size of LAG bundle (1 - 24, default = 1) | ||||
mode string |
| LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. | |||
p2p-port integer | no description | ||||
packet-sample-rate integer | Packet sampling rate (0 - 99999 p/sec). | ||||
packet-sampler string |
| Enable/disable packet sampling on this interface. | |||
pause-meter integer | Configure ingress pause metering rate, in kbps (default = 0, disabled). | ||||
pause-meter-resume string |
| Resume threshold for resuming traffic on ingress port. | |||
poe-pre-standard-detection string |
| Enable/disable PoE pre-standard detection. | |||
poe-status string |
| Enable/disable PoE status. | |||
port-name string | Switch port name. | ||||
port-owner string | Switch port name. | ||||
port-policy string | Switch controller dynamic port policy from available options. | ||||
port-security-policy string | Switch controller authentication policy to apply to this managed switch from available options. | ||||
port-selection-criteria string |
| Algorithm for aggregate port selection. | |||
qos-policy string | Switch controller QoS policy from available options. | ||||
rpvst-port string |
| Enable/disable inter-operability with rapid PVST on this interface. | |||
sample-direction string |
| sFlow sample direction. | |||
sflow-counter-interval integer | sFlow sampler counter polling interval (1 - 255 sec). | ||||
sflow-sample-rate integer | sFlow sampler sample rate (0 - 99999 p/sec). | ||||
sflow-sampler string |
| Enable/disable sFlow protocol on this interface. | |||
status string |
| Switch port admin status: up or down. | |||
sticky-mac string |
| Enable or disable sticky-mac on the interface. | |||
storm-control-policy string | Switch controller storm control policy from available options. | ||||
stp-bpdu-guard string |
| Enable/disable STP BPDU guard on this interface. | |||
stp-bpdu-guard-timeout integer | BPDU Guard disabling protection (0 - 120 min). | ||||
stp-root-guard string |
| Enable/disable STP root guard on this interface. | |||
stp-state string |
| Enable/disable Spanning Tree Protocol (STP) on this interface. | |||
trunk-member integer | Trunk member. | ||||
type string |
| Interface type: physical or trunk port. | |||
untagged-vlans string | Configure switch port untagged vlans | ||||
vlan string | Assign switch ports to a VLAN. | ||||
qos-drop-policy string |
| Set QoS drop-policy. | |||
qos-red-probability integer | Set QoS RED/WRED drop probability. | ||||
remote-log list / elements=string | no description | ||||
csv string |
| Enable/disable comma-separated value (CSV) strings. | |||
facility string |
| Facility to log to remote syslog server. | |||
name string | Remote log name. | ||||
port integer | Remote syslog server listening port. | ||||
server string | IPv4 address of the remote syslog server. | ||||
severity string |
| Severity of logs to be transferred to remote log server. | |||
status string |
| Enable/disable logging by FortiSwitch device to a remote syslog server. | |||
snmp-community list / elements=string | no description | ||||
events list / elements=string |
| no description | |||
hosts list / elements=string | no description | ||||
id integer | Host entry ID. | ||||
ip string | IPv4 address of the SNMP manager (host). | ||||
id integer | SNMP community ID. | ||||
name string | SNMP community name. | ||||
query-v1-port integer | SNMP v1 query port (default = 161). | ||||
query-v1-status string |
| Enable/disable SNMP v1 queries. | |||
query-v2c-port integer | SNMP v2c query port (default = 161). | ||||
query-v2c-status string |
| Enable/disable SNMP v2c queries. | |||
status string |
| Enable/disable this SNMP community. | |||
trap-v1-lport integer | SNMP v2c trap local port (default = 162). | ||||
trap-v1-rport integer | SNMP v2c trap remote port (default = 162). | ||||
trap-v1-status string |
| Enable/disable SNMP v1 traps. | |||
trap-v2c-lport integer | SNMP v2c trap local port (default = 162). | ||||
trap-v2c-rport integer | SNMP v2c trap remote port (default = 162). | ||||
trap-v2c-status string |
| Enable/disable SNMP v2c traps. | |||
snmp-user list / elements=string | no description | ||||
auth-proto string |
| Authentication protocol. | |||
auth-pwd string | no description | ||||
name string | SNMP user name. | ||||
priv-proto string |
| Privacy (encryption) protocol. | |||
priv-pwd string | no description | ||||
queries string |
| Enable/disable SNMP queries for this user. | |||
query-port integer | SNMPv3 query port (default = 161). | ||||
security-level string |
| Security level for message authentication and encryption. | |||
switch-dhcp_opt43_key string | DHCP option43 key. | ||||
switch-id string | Managed-switch id. | ||||
tdr-supported string | no description | ||||
workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock |
Note
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure FortiSwitch devices that are managed by this FortiGate. fmgr_switchcontroller_managedswitch: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> switchcontroller_managedswitch: _platform: <value of string> description: <value of string> name: <value of string> ports: - allowed-vlans: <value of string> allowed-vlans-all: <value in [disable, enable]> arp-inspection-trust: <value in [untrusted, trusted]> bundle: <value in [disable, enable]> description: <value of string> dhcp-snoop-option82-trust: <value in [disable, enable]> dhcp-snooping: <value in [trusted, untrusted]> discard-mode: <value in [none, all-untagged, all-tagged]> edge-port: <value in [disable, enable]> igmp-snooping: <value in [disable, enable]> igmps-flood-reports: <value in [disable, enable]> igmps-flood-traffic: <value in [disable, enable]> lacp-speed: <value in [slow, fast]> learning-limit: <value of integer> lldp-profile: <value of string> lldp-status: <value in [disable, rx-only, tx-only, ...]> loop-guard: <value in [disabled, enabled]> loop-guard-timeout: <value of integer> max-bundle: <value of integer> mclag: <value in [disable, enable]> member-withdrawal-behavior: <value in [forward, block]> members: <value of string> min-bundle: <value of integer> mode: <value in [static, lacp-passive, lacp-active]> poe-pre-standard-detection: <value in [disable, enable]> poe-status: <value in [disable, enable]> port-name: <value of string> port-owner: <value of string> port-security-policy: <value of string> port-selection-criteria: <value in [src-mac, dst-mac, src-dst-mac, ...]> qos-policy: <value of string> sample-direction: <value in [rx, tx, both]> sflow-counter-interval: <value of integer> sflow-sample-rate: <value of integer> sflow-sampler: <value in [disabled, enabled]> stp-bpdu-guard: <value in [disabled, enabled]> stp-bpdu-guard-timeout: <value of integer> stp-root-guard: <value in [disabled, enabled]> stp-state: <value in [disabled, enabled]> type: <value in [physical, trunk]> untagged-vlans: <value of string> vlan: <value of string> export-to-pool-flag: <value of integer> mac-addr: <value of string> packet-sample-rate: <value of integer> packet-sampler: <value in [disabled, enabled]> sticky-mac: <value in [disable, enable]> storm-control-policy: <value of string> access-mode: <value in [normal, nac, dynamic, ...]> ip-source-guard: <value in [disable, enable]> mclag-icl-port: <value of integer> p2p-port: <value of integer> aggregator-mode: <value in [bandwidth, count]> rpvst-port: <value in [disabled, enabled]> flow-control: <value in [disable, tx, rx, ...]> media-type: <value of string> pause-meter: <value of integer> pause-meter-resume: <value in [25%, 50%, 75%]> trunk-member: <value of integer> fec-capable: <value of integer> fec-state: <value in [disabled, cl74, cl91]> matched-dpp-intf-tags: <value of string> matched-dpp-policy: <value of string> port-policy: <value of string> status: <value in [down, up]> switch-id: <value of string> override-snmp-community: <value in [disable, enable]> override-snmp-sysinfo: <value in [disable, enable]> override-snmp-trap-threshold: <value in [disable, enable]> override-snmp-user: <value in [disable, enable]> poe-detection-type: <value of integer> remote-log: - csv: <value in [disable, enable]> facility: <value in [kernel, user, mail, ...]> name: <value of string> port: <value of integer> server: <value of string> severity: <value in [emergency, alert, critical, ...]> status: <value in [disable, enable]> snmp-community: - events: - cpu-high - mem-low - log-full - intf-ip - ent-conf-change hosts: - id: <value of integer> ip: <value of string> id: <value of integer> name: <value of string> query-v1-port: <value of integer> query-v1-status: <value in [disable, enable]> query-v2c-port: <value of integer> query-v2c-status: <value in [disable, enable]> status: <value in [disable, enable]> trap-v1-lport: <value of integer> trap-v1-rport: <value of integer> trap-v1-status: <value in [disable, enable]> trap-v2c-lport: <value of integer> trap-v2c-rport: <value of integer> trap-v2c-status: <value in [disable, enable]> snmp-user: - auth-proto: <value in [md5, sha]> auth-pwd: <value of string> name: <value of string> priv-proto: <value in [des, aes]> priv-pwd: <value of string> queries: <value in [disable, enable]> query-port: <value of integer> security-level: <value in [no-auth-no-priv, auth-no-priv, auth-priv]> mclag-igmp-snooping-aware: <value in [disable, enable]> ip-source-guard: - binding-entry: - entry-name: <value of string> ip: <value of string> mac: <value of string> description: <value of string> port: <value of string> l3-discovered: <value of integer> qos-drop-policy: <value in [taildrop, random-early-detection]> qos-red-probability: <value of integer> switch-dhcp_opt43_key: <value of string> tdr-supported: <value of string> custom-command: - command-entry: <value of string> command-name: <value of string> firmware-provision: <value in [disable, enable]> firmware-provision-version: <value of string>
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
request_url string | always | The full url requested Sample: /sys/login/user |
response_code integer | always | The status of api request |
response_message string | always | The descriptive message of the api response Sample: OK. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_switchcontroller_managedswitch_module.html