Technical Tip: Create a new admin account using ‘custom-command’ for managed-switch
Description
This article describes how to configure a new administrator account on managed switch using custom-command.
The FortiSwitch has a default 'admin' account. You can add an additional administrator accounts as per the requirement.
Helpful Links:
Page#41 adding admin accounts, standalone FortiSwitch https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/1f363a36-ba24-11ea-8b7d-00505692583a/fortiswitchos-6.4.2-admin-guide.pdf
Page#133 custom commands, managed FortiSwitch https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/2f7d95c8-7367-11ea-9384-00505692583a/FortiSwitch-6.4.0-Managed_by_FortiOS_6.4.pdf
Solution
By default, managed FortiSwitch has a default ‘admin’ account.
The custom script contains generic FortiSwitch commands.
In below example, custom command will be used on FortiGate to add a new administrator account on managed-switch.
1) Create below custom command:
SSH into the FortiSwitch from FortiGate(# execute ssh admin@<switch-ip>)
In the ‘set command’, “%0a” denotes a new line or return action.
This article describes how to configure a new administrator account on managed switch using custom-command.
The FortiSwitch has a default 'admin' account. You can add an additional administrator accounts as per the requirement.
Helpful Links:
Page#41 adding admin accounts, standalone FortiSwitch https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/1f363a36-ba24-11ea-8b7d-00505692583a/fortiswitchos-6.4.2-admin-guide.pdf
Page#133 custom commands, managed FortiSwitch https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/2f7d95c8-7367-11ea-9384-00505692583a/FortiSwitch-6.4.0-Managed_by_FortiOS_6.4.pdf
Solution
By default, managed FortiSwitch has a default ‘admin’ account.
# show system adminExecute a custom script on a managed FortiSwitch unit from the FortiGate.
# config system admin
edit "admin"
set accprofile "super_admin"
set password ENC AK1D81TRKaQlvte2V1ggzzyD7glETgGBlzaCFZw=
next
end
The custom script contains generic FortiSwitch commands.
In below example, custom command will be used on FortiGate to add a new administrator account on managed-switch.
1) Create below custom command:
# config switch-controller custom-command2) Push the commands to the FortiSwitches: (the serial number is the FortiSwitch(s) serial number).
(custom-command) edit <command-name>
new entry 'command-name' added
(command-name) set command "config system admin %0a edit <username> %0a set accprofile super_admin %0a set password <password> %0a next %0a end %0a"
(command-name) next
(custom-command) end
# config switch-controller managed-switchTo verify if the change is pushed to the FortiSwitch:
(managed-switch) edit S124EF591------9
(S124EF591------9) config custom-command
(custom-command) # edit 1
new entry '1' added
(2) set command-name <command-name>
(2) next
(custom-command) end
SSH into the FortiSwitch from FortiGate(# execute ssh admin@<switch-ip>)
# show system adminNote.
In the ‘set command’, “%0a” denotes a new line or return action.