Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_switch_controller_managed_switch.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | ||||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |||
| password string | Default: "" | FortiOS or FortiGate password. | |||
| ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | |||
| state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | |||
| switch_controller_managed_switch dictionary | Configure FortiSwitch devices that are managed by this FortiGate. | ||||
| connected integer | CAPWAP connection. | ||||
| custom_command list / elements=string | Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch. | ||||
| command_entry string | List of FortiSwitch commands. | ||||
| command_name string | Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name. | ||||
| delayed_restart_trigger integer | Delayed restart triggered for this FortiSwitch. | ||||
| description string | Description. | ||||
| directly_connected integer | Directly connected FortiSwitch. | ||||
| dynamic_capability integer | List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. | ||||
| dynamically_discovered integer | Dynamically discovered FortiSwitch. | ||||
| fsw_wan1_admin string |
| FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. | |||
| fsw_wan1_peer string | Fortiswitch WAN1 peer port. | ||||
| fsw_wan2_admin string |
| FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. | |||
| fsw_wan2_peer string | FortiSwitch WAN2 peer port. | ||||
| igmp_snooping dictionary | Configure FortiSwitch IGMP snooping global settings. | ||||
| aging_time integer | Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). | ||||
| flood_unknown_multicast string |
| Enable/disable unknown multicast flooding. | |||
| local_override string |
| Enable/disable overriding the global IGMP snooping configuration. | |||
| max_allowed_trunk_members integer | FortiSwitch maximum allowed trunk members. | ||||
| mirror list / elements=string | Configuration method to edit FortiSwitch packet mirror. | ||||
| dst string | Destination port. | ||||
| name string / required | Mirror name. | ||||
| src_egress list / elements=string | Source egress interfaces. | ||||
| name string / required | Interface name. | ||||
| src_ingress list / elements=string | Source ingress interfaces. | ||||
| name string / required | Interface name. | ||||
| status string |
| Active/inactive mirror configuration. | |||
| switching_packet string |
| Enable/disable switching functionality when mirroring. | |||
| name string | Managed-switch name. | ||||
| owner_vdom string | VDOM which owner of port belongs to. | ||||
| poe_pre_standard_detection string |
| Enable/disable PoE pre-standard detection. | |||
| ports list / elements=string | Managed-switch port list. | ||||
| allowed_vlans list / elements=string | Configure switch port tagged vlans | ||||
| vlan_name string | VLAN name. Source system.interface.name. | ||||
| allowed_vlans_all string |
| Enable/disable all defined vlans on this port. | |||
| arp_inspection_trust string |
| Trusted or untrusted dynamic ARP inspection. | |||
| bundle string |
| Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. | |||
| description string | Description for port. | ||||
| dhcp_snoop_option82_trust string |
| Enable/disable allowance of DHCP with option-82 on untrusted interface. | |||
| dhcp_snooping string |
| Trusted or untrusted DHCP-snooping interface. | |||
| discard_mode string |
| Configure discard mode for port. | |||
| edge_port string |
| Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. | |||
| export_tags list / elements=string | Switch controller export tag name. | ||||
| tag_name string | Switch tag name. Source switch-controller.switch-interface-tag.name. | ||||
| export_to string | Export managed-switch port to a tenant VDOM. Source system.vdom.name. | ||||
| export_to_pool string | Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. | ||||
| export_to_pool_flag integer | Switch controller export port to pool-list. | ||||
| fgt_peer_device_name string | FGT peer device name. | ||||
| fgt_peer_port_name string | FGT peer port name. | ||||
| fiber_port integer | Fiber-port. | ||||
| flags integer | Port properties flags. | ||||
| fortilink_port integer | FortiLink uplink port. | ||||
| igmp_snooping string |
| Set IGMP snooping mode for the physical port interface. | |||
| igmps_flood_reports string |
| Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. | |||
| igmps_flood_traffic string |
| Enable/disable flooding of IGMP snooping traffic to this interface. | |||
| isl_local_trunk_name string | ISL local trunk name. | ||||
| isl_peer_device_name string | ISL peer device name. | ||||
| isl_peer_port_name string | ISL peer port name. | ||||
| lacp_speed string |
| end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). | |||
| learning_limit integer | Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). | ||||
| lldp_profile string | LLDP port TLV profile. Source switch-controller.lldp-profile.name. | ||||
| lldp_status string |
| LLDP transmit and receive status. | |||
| loop_guard string |
| Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. | |||
| loop_guard_timeout integer | Loop-guard timeout (0 - 120 min). | ||||
| max_bundle integer | Maximum size of LAG bundle (1 - 24) | ||||
| mclag string |
| Enable/disable multi-chassis link aggregation (MCLAG). | |||
| member_withdrawal_behavior string |
| Port behavior after it withdraws because of loss of control packets. | |||
| members list / elements=string | Aggregated LAG bundle interfaces. | ||||
| member_name string | Interface name from available options. | ||||
| min_bundle integer | Minimum size of LAG bundle (1 - 24) | ||||
| mode string |
| LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. | |||
| poe_capable integer | PoE capable. | ||||
| poe_pre_standard_detection string |
| Enable/disable PoE pre-standard detection. | |||
| poe_status string |
| Enable/disable PoE status. | |||
| port_name string | Switch port name. | ||||
| port_number integer | Port number. | ||||
| port_owner string | Switch port name. | ||||
| port_prefix_type integer | Port prefix type. | ||||
| port_security_policy string | Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name. | ||||
| port_selection_criteria string |
| Algorithm for aggregate port selection. | |||
| qos_policy string | Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. | ||||
| sample_direction string |
| sFlow sample direction. | |||
| sflow_counter_interval integer | sFlow sampler counter polling interval (1 - 255 sec). | ||||
| sflow_sample_rate integer | sFlow sampler sample rate (0 - 99999 p/sec). | ||||
| sflow_sampler string |
| Enable/disable sFlow protocol on this interface. | |||
| speed string |
| Switch port speed; default and available settings depend on hardware. | |||
| speed_mask integer | Switch port speed mask. | ||||
| stacking_port integer | Stacking port. | ||||
| status string |
| Switch port admin status: up or down. | |||
| stp_bpdu_guard string |
| Enable/disable STP BPDU guard on this interface. | |||
| stp_bpdu_guard_timeout integer | BPDU Guard disabling protection (0 - 120 min). | ||||
| stp_root_guard string |
| Enable/disable STP root guard on this interface. | |||
| stp_state string |
| Enable/disable Spanning Tree Protocol (STP) on this interface. | |||
| switch_id string | Switch id. | ||||
| type string |
| Interface type: physical or trunk port. | |||
| untagged_vlans list / elements=string | Configure switch port untagged vlans | ||||
| vlan_name string | VLAN name. Source system.interface.name. | ||||
| virtual_port integer | Virtualized switch port. | ||||
| vlan string | Assign switch ports to a VLAN. Source system.interface.name. | ||||
| pre_provisioned integer | Pre-provisioned managed switch. | ||||
| settings_802_1X dictionary | Configuration method to edit FortiSwitch 802.1X global settings. | ||||
| link_down_auth string |
| Authentication state to set if a link is down. | |||
| local_override string |
| Enable to override global 802.1X settings on individual FortiSwitches. | |||
| max_reauth_attempt integer | Maximum number of authentication attempts (0 - 15). | ||||
| reauth_period integer | Reauthentication time interval (1 - 1440 min). | ||||
| staged_image_version string | Staged image version for FortiSwitch. | ||||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | |||
| storm_control dictionary | Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. | ||||
| broadcast string |
| Enable/disable storm control to drop broadcast traffic. | |||
| local_override string |
| Enable to override global FortiSwitch storm control settings for this FortiSwitch. | |||
| rate integer | Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond this threshold. | ||||
| unknown_multicast string |
| Enable/disable storm control to drop unknown multicast traffic. | |||
| unknown_unicast string |
| Enable/disable storm control to drop unknown unicast traffic. | |||
| stp_settings dictionary | Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. | ||||
| forward_time integer | Period of time a port is in listening and learning state (4 - 30 sec). | ||||
| hello_time integer | Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). | ||||
| local_override string |
| Enable to configure local STP settings that override global STP settings. | |||
| max_age integer | Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). | ||||
| max_hops integer | Maximum number of hops between the root bridge and the furthest bridge (1- 40). | ||||
| name string | Name of local STP settings configuration. | ||||
| pending_timer integer | Pending time (1 - 15 sec). | ||||
| revision integer | STP revision number (0 - 65535). | ||||
| status string |
| Enable/disable STP. | |||
| switch_device_tag string | User definable label/tag. | ||||
| switch_id string | Managed-switch id. | ||||
| switch_log dictionary | Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). | ||||
| local_override string |
| Enable to configure local logging settings that override global logging settings. | |||
| severity string |
| Severity of FortiSwitch logs that are added to the FortiGate event log. | |||
| status string |
| Enable/disable adding FortiSwitch logs to the FortiGate event log. | |||
| switch_profile string | FortiSwitch profile. Source switch-controller.switch-profile.name. | ||||
| switch_stp_settings dictionary | Configure spanning tree protocol (STP). | ||||
| status string |
| Enable/disable STP. | |||
| type string |
| Indication of switch type, physical or virtual. | |||
| version integer | FortiSwitch version. | ||||
| username string | FortiOS or FortiGate username. | ||||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |||
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fortios_switch_controller_managed_switch:
vdom: "{{ vdom }}"
state: "present"
switch_controller_managed_switch:
settings_802_1X:
link_down_auth: "set-unauth"
local_override: "enable"
max_reauth_attempt: "6"
reauth_period: "7"
connected: "8"
custom_command:
-
command_entry: "<your_own_value>"
command_name: "<your_own_value> (source switch-controller.custom-command.command-name)"
delayed_restart_trigger: "12"
description: "<your_own_value>"
directly_connected: "14"
dynamic_capability: "15"
dynamically_discovered: "16"
fsw_wan1_admin: "discovered"
fsw_wan1_peer: "<your_own_value>"
fsw_wan2_admin: "discovered"
fsw_wan2_peer: "<your_own_value>"
igmp_snooping:
aging_time: "22"
flood_unknown_multicast: "enable"
local_override: "enable"
max_allowed_trunk_members: "25"
mirror:
-
dst: "<your_own_value>"
name: "default_name_28"
src_egress:
-
name: "default_name_30"
src_ingress:
-
name: "default_name_32"
status: "active"
switching_packet: "enable"
name: "default_name_35"
owner_vdom: "<your_own_value>"
poe_pre_standard_detection: "enable"
ports:
-
allowed_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
allowed_vlans_all: "enable"
arp_inspection_trust: "untrusted"
bundle: "enable"
description: "<your_own_value>"
dhcp_snoop_option82_trust: "enable"
dhcp_snooping: "untrusted"
discard_mode: "none"
edge_port: "enable"
export_tags:
-
tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
export_to: "<your_own_value> (source system.vdom.name)"
export_to_pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)"
export_to_pool_flag: "53"
fgt_peer_device_name: "<your_own_value>"
fgt_peer_port_name: "<your_own_value>"
fiber_port: "56"
flags: "57"
fortilink_port: "58"
igmp_snooping: "enable"
igmps_flood_reports: "enable"
igmps_flood_traffic: "enable"
isl_local_trunk_name: "<your_own_value>"
isl_peer_device_name: "<your_own_value>"
isl_peer_port_name: "<your_own_value>"
lacp_speed: "slow"
learning_limit: "66"
lldp_profile: "<your_own_value> (source switch-controller.lldp-profile.name)"
lldp_status: "disable"
loop_guard: "enabled"
loop_guard_timeout: "70"
max_bundle: "71"
mclag: "enable"
member_withdrawal_behavior: "forward"
members:
-
member_name: "<your_own_value>"
min_bundle: "76"
mode: "static"
poe_capable: "78"
poe_pre_standard_detection: "enable"
poe_status: "enable"
port_name: "<your_own_value>"
port_number: "82"
port_owner: "<your_own_value>"
port_prefix_type: "84"
port_security_policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal
.name)"
port_selection_criteria: "src-mac"
qos_policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)"
sample_direction: "tx"
sflow_counter_interval: "89"
sflow_sample_rate: "90"
sflow_sampler: "enabled"
speed: "10half"
speed_mask: "93"
stacking_port: "94"
status: "up"
stp_bpdu_guard: "enabled"
stp_bpdu_guard_timeout: "97"
stp_root_guard: "enabled"
stp_state: "enabled"
switch_id: "<your_own_value>"
type: "physical"
untagged_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
virtual_port: "104"
vlan: "<your_own_value> (source system.interface.name)"
pre_provisioned: "106"
staged_image_version: "<your_own_value>"
storm_control:
broadcast: "enable"
local_override: "enable"
rate: "111"
unknown_multicast: "enable"
unknown_unicast: "enable"
stp_settings:
forward_time: "115"
hello_time: "116"
local_override: "enable"
max_age: "118"
max_hops: "119"
name: "default_name_120"
pending_timer: "121"
revision: "122"
status: "enable"
switch_device_tag: "<your_own_value>"
switch_id: "<your_own_value>"
switch_log:
local_override: "enable"
severity: "emergency"
status: "enable"
switch_profile: "<your_own_value> (source switch-controller.switch-profile.name)"
switch_stp_settings:
status: "enable"
type: "virtual"
version: "134"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_switch_controller_managed_switch_module.html