|
Procedure to Push Configurations to All Managed FortiSwitch Devices:
- Example: Changing the Telnet port (23) of FortiSwitch to 223 and setting the CLI administrator timeout to 480 minutes (default 5 minutes).
The general command run on a FortiSwitch is as follows:
config system global
set admin-telnet-port 223
set admintimeout 480
end
-
Create a custom command on FortiGate for the FortiSwitch configuration above:
config switch-controller custom-command
edit "telnet-admin"
set command "config system global %0a set admin-telnet-port 223 %0a set admintimeout 480 %0a end %0a"
next
end
Note: '%0a' is the hexadecimal value for a newline character.
-
Apply the custom-command configuration globally on the FortiGate so that it is pushed to all managed FortiSwitch devices:
config switch-controller global
config custom-command
edit "1"
set command-name "telnet-admin"
end
end
After running the above command the config related to telnet and admin timeout will be pushed to all online managed FortiSwitch.
Procedure to Execute Commands on All Managed FortiSwitch Devices:
- Example: Resetting debug commands on multiple FortiSwitch devices that are consuming resources due to active debug sessions left unreset.
The general FortiSwitch command to reset debug is as follows:
diagnose debug reset
-
Create a custom command on FortiGate for the FortiSwitch command above:
config switch-controller custom-command
edit "reset-debug"
set command "diag debug reset"
next
end
-
Apply the custom-command configuration globally on the FortiGate so that it is pushed to all managed FortiSwitch devices:
config switch-controller global
config custom-command
edit "2"
set command-name "reset-debug"
end
end
After running the above command all the FortiSwitch will have the debug level reset to default.
Procedure to Delete the Custom Command Configuration:
Note: Delete the entry from the global configuration first, and then from the custom command configuration. Attempting to delete the entry from the custom command configuration first will result in the following error:
The entry is used by other 1 entries
Command fail. Return code -23
To delete the configuration: Remove the entry from the global configuration:
config switch-controller global
config custom-command
delete "2"
end
end
Remove the entry from the custom command configuration:
config switch-controller custom-command
delete "reset-debug"
end
Important Notes:
- Deleting the custom command entry does not revert the changes applied by the custom command. To revert these changes, push the base configuration for FortiSwitch from the FortiGate to overwrite the custom command configuration.
- If any FortiSwitch is offline while executing the custom command, the following message will appear on the FortiGate:
FortiLink Switch:S448DF3XXXXXXXXX seems offline. This config would be applied once the Switch comes online!
|
