FortiSwitch-500 CLI Reference v4.0 MR1

FortiSwitch-500
Version 4.0 MR1
CLI Reference
FortiSwitch-500 CLI Reference
Version 4.0 MR1
Revision 1
23 November 2009
© Copyright 2009 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams
or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical,
manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate®,
FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam, FortiGuard-Antivirus,
FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet®, FortiOS, FortiPartner,
FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in
the United States and/or other countries. The names of actual companies and products mentioned herein may be
the trademarks of their respective owners.
Regulatory compliance
FCC Class A Part 15 CSA/CUS
CAUTION: Risk of explosion if battery is replaced by incorrect type. Dispose of used batteries according to
instructions.
Table of Contents
1 INTRODUCTION .................................................................................................................. 10
1.1 Overview .................................................................................................................................................... 10
1.1.1 Audience............................................................................................................................................ 10
1.1.2 Registering your Fortinet product ...................................................................................................... 10
1.1.3 Customer Service and Technical Support......................................................................................... 10
1.1.4 Training.............................................................................................................................................. 10
1.1.5 Fortinet Documentation ..................................................................................................................... 11
1.1.6 Accessing the CLI.............................................................................................................................. 11
1.1.7 Document Conventions ..................................................................................................................... 11
1.2 CLI Command Structure........................................................................................................................... 12
1.2.1 Line-Edit Commands ......................................................................................................................... 12
1.2.2 Mode-Based Structure....................................................................................................................... 13
1.2.3 Command Syntax .............................................................................................................................. 15
1.2.4 “No” Form of Commands................................................................................................................... 15
1.2.5 Command Completion....................................................................................................................... 16
2 DEFAULT MODE ................................................................................................................. 17
2.1 Overview .................................................................................................................................................... 17
2.1.1 Access ............................................................................................................................................... 17
2.1.2 Exit..................................................................................................................................................... 17
2.2 Commands................................................................................................................................................. 17
2.2.1 cls ...................................................................................................................................................... 18
2.2.2 enable ................................................................................................................................................ 19
2.2.3 help .................................................................................................................................................... 20
2.2.4 logout ................................................................................................................................................. 22
2.2.5 ping .................................................................................................................................................... 23
2.2.6 show .................................................................................................................................................. 24
2.2.7 show cos dot1p-mapping................................................................................................................... 25
2.2.8 show garp .......................................................................................................................................... 26
2.2.9 show gvrp configuration..................................................................................................................... 27
2.2.10 show history..................................................................................................................................... 29
2.2.11 show lag brief .................................................................................................................................. 30
2.2.12 show mgmt-ip .................................................................................................................................. 31
3
2.2.13 show serial....................................................................................................................................... 32
2.2.14 show spanning-tree ......................................................................................................................... 33
2.2.15 show spanning-tree brief ................................................................................................................. 35
2.2.16 show spanning-tree lag ................................................................................................................... 36
2.2.17 show spanning-tree mst .................................................................................................................. 37
2.2.18 show spanning-tree mst detailed..................................................................................................... 39
2.2.19 show spanning-tree mst lag............................................................................................................. 40
2.2.20 show spanning-tree mst port ........................................................................................................... 42
2.2.21 show spanning-tree mst summary .................................................................................................. 44
2.2.22 show spanning-tree port .................................................................................................................. 45
2.2.23 show spanning-tree summary ......................................................................................................... 46
2.2.24 show spanning-tree vlan.................................................................................................................. 47
2.2.25 show system.................................................................................................................................... 48
2.2.26 show system cardtypes-supported.................................................................................................. 49
2.2.27 show system io-card........................................................................................................................ 50
2.2.28 show system fan.............................................................................................................................. 52
2.2.29 show system info ............................................................................................................................. 53
2.2.30 show system mibs-supported .......................................................................................................... 54
2.2.31 show system power-supply ............................................................................................................. 56
2.2.32 show system status ......................................................................................................................... 57
2.2.33 show system version ....................................................................................................................... 58
2.2.34 show telnet....................................................................................................................................... 60
2.2.35 telnet ................................................................................................................................................ 61
3 ENABLE MODE ................................................................................................................... 62
3.1 Overview .................................................................................................................................................... 62
3.1.1 Access ............................................................................................................................................... 62
3.1.2 Exit..................................................................................................................................................... 62
3.1.3 Commands ........................................................................................................................................ 62
3.1.4 clear ................................................................................................................................................... 64
3.1.5 clear counters .................................................................................................................................... 65
3.1.6 clear fdb-table learned....................................................................................................................... 66
3.1.7 clear logging buffered ........................................................................................................................ 67
3.1.8 clear radius statistics ......................................................................................................................... 68
3.1.9 clear trap-log...................................................................................................................................... 69
3.1.10 clock................................................................................................................................................. 70
3.1.11 cls .................................................................................................................................................... 71
4
3.1.12 configure .......................................................................................................................................... 72
3.1.13 disconnect........................................................................................................................................ 73
3.1.14 exit ................................................................................................................................................... 74
3.1.15 file .................................................................................................................................................... 75
3.1.16 help .................................................................................................................................................. 76
3.1.17 logout ............................................................................................................................................... 77
3.1.18 paging .............................................................................................................................................. 78
3.1.19 ping .................................................................................................................................................. 79
3.1.20 reload............................................................................................................................................... 80
3.1.21 show ................................................................................................................................................ 81
3.1.22 show arp .......................................................................................................................................... 83
3.1.23 show authentication......................................................................................................................... 84
3.1.24 show clock ....................................................................................................................................... 85
3.1.25 show cos dot1p-mapping................................................................................................................. 86
3.1.26 show fabric-control .......................................................................................................................... 87
3.1.27 show fdb-table ................................................................................................................................. 89
3.1.28 show garp ........................................................................................................................................ 91
3.1.29 show gvrp ........................................................................................................................................ 92
3.1.30 show history..................................................................................................................................... 94
3.1.31 show ipfix ......................................................................................................................................... 95
3.1.32 show lag........................................................................................................................................... 96
3.1.33 show logging.................................................................................................................................. 101
3.1.34 show login-session ........................................................................................................................ 103
3.1.35 show mgmt-ip ................................................................................................................................ 104
3.1.36 show monitor ................................................................................................................................. 106
3.1.37 show port ....................................................................................................................................... 107
3.1.38 show radius ................................................................................................................................... 111
3.1.39 show running-config ...................................................................................................................... 113
3.1.40 show serial..................................................................................................................................... 115
3.1.41 show snmpd .................................................................................................................................. 116
3.1.42 show snmp-trap ............................................................................................................................. 117
3.1.43 show sntp....................................................................................................................................... 118
3.1.44 show spanning-tree ....................................................................................................................... 120
3.1.45 show spanning-tree brief ............................................................................................................... 122
3.1.46 show spanning-tree lag ................................................................................................................. 123
3.1.47 show spanning-tree mst ................................................................................................................ 124
3.1.48 show spanning-tree mst detailed................................................................................................... 126
5
3.1.49 show spanning-tree mst lag........................................................................................................... 127
3.1.50 show spanning-tree mst port ......................................................................................................... 129
3.1.51 show spanning-tree mst summary ................................................................................................ 132
3.1.52 show spanning-tree port ................................................................................................................ 133
3.1.53 show spanning-tree summary ....................................................................................................... 134
3.1.54 show spanning-tree vlan................................................................................................................ 135
3.1.55 show startup-config ....................................................................................................................... 136
3.1.56 show system.................................................................................................................................. 137
3.1.57 show system cardtypes-supported................................................................................................ 138
3.1.58 show system io-card...................................................................................................................... 139
3.1.59 show system fan............................................................................................................................ 141
3.1.60 show system info ........................................................................................................................... 142
3.1.61 show system mibs-supported ........................................................................................................ 143
3.1.62 show system power-supply ........................................................................................................... 145
3.1.63 show system status ....................................................................................................................... 146
3.1.64 show system version ..................................................................................................................... 147
3.1.65 show task....................................................................................................................................... 149
3.1.66 show telnet..................................................................................................................................... 150
3.1.67 show users .................................................................................................................................... 151
3.1.68 show vlan....................................................................................................................................... 152
3.1.69 sleep .............................................................................................................................................. 154
3.1.70 tech-support save-info ................................................................................................................... 155
3.1.71 telnet .............................................................................................................................................. 156
3.1.72 traceroute....................................................................................................................................... 157
4 CONFIG MODE.................................................................................................................. 158
4.1 Overview .................................................................................................................................................. 158
4.1.1 Access ............................................................................................................................................. 158
4.1.2 Exit................................................................................................................................................... 158
4.2 Commands............................................................................................................................................... 158
4.2.1 authentication login.......................................................................................................................... 160
4.2.2 cos dot1p-mapping .......................................................................................................................... 161
4.2.3 end................................................................................................................................................... 162
4.2.4 exit ................................................................................................................................................... 163
4.2.5 fabric-control .................................................................................................................................... 164
4.2.6 fabric-control partition ...................................................................................................................... 167
4.2.7 fdb-table aging-time......................................................................................................................... 168
6
4.2.8 garp timer......................................................................................................................................... 169
4.2.9 gvrp.................................................................................................................................................. 170
4.2.10 ipfix ................................................................................................................................................ 171
4.2.11 lag .................................................................................................................................................. 172
4.2.12 logging ........................................................................................................................................... 173
4.2.13 mgmt-ip.......................................................................................................................................... 175
4.2.14 mgmt-ip inband.............................................................................................................................. 176
4.2.15 mgmt-ip service-port...................................................................................................................... 177
4.2.16 mgmt-ip sshd ................................................................................................................................. 178
4.2.17 mgmt-ip telnetd.............................................................................................................................. 179
4.2.18 port................................................................................................................................................. 180
4.2.19 prompt............................................................................................................................................ 181
4.2.20 radius ............................................................................................................................................. 182
4.2.21 serial .............................................................................................................................................. 184
4.2.22 snmpd ............................................................................................................................................ 185
4.2.23 snmp-trap....................................................................................................................................... 188
4.2.24 sntp ................................................................................................................................................ 190
4.2.25 spanning-tree................................................................................................................................. 191
4.2.26 users .............................................................................................................................................. 194
4.2.27 vlan ................................................................................................................................................ 196
5 DEBUG MODE................................................................................................................... 197
5.1 Overview .................................................................................................................................................. 197
5.1.1 Access ............................................................................................................................................. 197
5.1.2 Exit................................................................................................................................................... 197
5.2 Commands............................................................................................................................................... 197
6 FILE MODE ........................................................................................................................ 198
6.1 Overview .................................................................................................................................................. 198
6.1.1 Access ............................................................................................................................................. 198
6.1.2 Exit................................................................................................................................................... 198
6.2 Commands............................................................................................................................................... 198
6.2.1 copy ................................................................................................................................................. 199
6.2.2 delete ............................................................................................................................................... 201
6.2.3 dir..................................................................................................................................................... 202
6.2.4 end................................................................................................................................................... 203
6.2.5 exit ................................................................................................................................................... 204
7
6.2.6 ftp..................................................................................................................................................... 205
6.2.7 script ................................................................................................................................................ 206
6.2.8 system image .................................................................................................................................. 208
6.2.9 tftp.................................................................................................................................................... 209
6.2.10 update boot-loader ........................................................................................................................ 210
6.2.11 verify .............................................................................................................................................. 211
7 CONFIG-LAG MODE ......................................................................................................... 212
7.1 Overview .................................................................................................................................................. 212
7.1.1 Access ............................................................................................................................................. 212
7.1.2 Exit................................................................................................................................................... 212
7.2 Commands............................................................................................................................................... 212
7.2.1 add-port ........................................................................................................................................... 214
7.2.2 delete-port........................................................................................................................................ 215
7.2.3 end................................................................................................................................................... 216
7.2.4 exit ................................................................................................................................................... 217
7.2.5 fdb-table static ................................................................................................................................. 218
7.2.6 garp timer......................................................................................................................................... 219
7.2.7 gvrp port-mode ................................................................................................................................ 220
7.2.8 lacp .................................................................................................................................................. 221
7.2.9 mtu................................................................................................................................................... 222
7.2.10 name.............................................................................................................................................. 223
7.2.11 shutdown ....................................................................................................................................... 224
7.2.12 spanning-tree................................................................................................................................. 225
7.2.13 vlan ................................................................................................................................................ 227
7.2.14 vscale-mode .................................................................................................................................. 229
8 CONFIG-PORT MODE....................................................................................................... 230
8.1 Overview .................................................................................................................................................. 230
8.1.1 Access ............................................................................................................................................. 230
8.1.2 Exit................................................................................................................................................... 230
8.2 Commands............................................................................................................................................... 230
8.2.1 description ....................................................................................................................................... 232
8.2.2 end................................................................................................................................................... 233
8.2.3 exit ................................................................................................................................................... 234
8.2.4 fabric-control .................................................................................................................................... 235
8.2.5 fdb-table static ................................................................................................................................. 236
8
8.2.6 flow-control ...................................................................................................................................... 237
8.2.7 garp timer......................................................................................................................................... 238
8.2.8 gvrp port-mode ................................................................................................................................ 239
8.2.9 monitor............................................................................................................................................. 240
8.2.10 mtu................................................................................................................................................. 241
8.2.11 shutdown ....................................................................................................................................... 242
8.2.12 spanning-tree................................................................................................................................. 243
8.2.13 vlan ................................................................................................................................................ 245
8.2.14 vscale-mode .................................................................................................................................. 247
9 CONFIG-VLAN MODE ....................................................................................................... 248
9.1 Overview .................................................................................................................................................. 248
9.1.1 Access ............................................................................................................................................. 248
9.1.2 Exit................................................................................................................................................... 248
9.2 Commands............................................................................................................................................... 248
9.2.1 end................................................................................................................................................... 249
9.2.2 exit ................................................................................................................................................... 250
9.2.3 participation all................................................................................................................................. 251
9.2.4 port................................................................................................................................................... 252
9.2.5 vlan-id .............................................................................................................................................. 253
10 COMMAND INDEX........................................................................................................... 254
9
1 Introduction
1.1 Overview
1.1.1 Audience
This guide is intended for use by data center administrators, system administrators and customer
support personnel responsible for monitoring or configuring the Fortinet FortiSwitch Ethernet
Fabric Switch via the command line interface. It assumes a basic familiarity with the following:
•
Network administration
•
Establishing and using a telnet session
•
Using a command line interface
1.1.2 Registering your Fortinet product
Before you begin, take a moment to register your Fortinet product at the Fortinet Technical
Support web site, https://support.fortinet.com.
Many Fortinet customer services, such as firmware updates, technical support, and FortiGuard
Antivirus and other FortiGuard services, require product registration.
For more information, see the Fortinet Knowledge Center article Registration Frequently Asked
Questions.
1.1.3 Customer Service and Technical Support
Fortinet Technical Support provides services designed to make sure that your Fortinet products
install quickly, configure easily, and operate reliably in your network.
To learn about the technical support services that Fortinet provides, visit the Fortinet Technical
Support web site at https://support.fortinet.com.
You can dramatically improve the time that it takes to resolve your technical support ticket by
providing your configuration file, a network diagram, and other specific information. For a list of
required information, see the Fortinet Knowledge Center article What does Fortinet Technical
Support require in order to best assist the customer?
1.1.4 Training
Fortinet Training Services provides classes that orient you quickly to your new equipment, and
certifications to verify your knowledge level. Fortinet provides a variety of training programs to
serve the needs of our customers and partners world-wide.
To learn about the training services that Fortinet provides, visit the Fortinet Training Services web
site at http://campus.training.fortinet.com, or email them at training@fortinet.com.
10
1.1.5 Fortinet Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the most up-todate versions of Fortinet publications, as well as additional technical documentation such as
technical notes.
In addition to the Fortinet Technical Documentation web site, you can find Fortinet technical
documentation on the Fortinet Tools and Documentation CD, and on the Fortinet Knowledge
Center.
1.1.5.1 Fortinet Tools & Documentation CD
Many Fortinet publications are available on the Fortinet Tools and Documentation CD shipped
with your Fortinet product. The documents on this CD are current at shipping time. For current
versions of Fortinet documentation, visit the Fortinet Technical Documentation web site,
http://docs.fortinet.com.
1.1.5.2 Fortinet Knowledge Base
The Fortinet Knowledge Base provides additional Fortinet technical documentation, such as
troubleshooting and how-to-articles, examples, FAQs, technical notes, a glossary, and more. Visit
the Fortinet Knowledge Base at http://kb.fortinet.com.
1.1.5.3 Comments on FortiMail technical documentation
Please send information about any errors or omissions in this document to techdoc@fortinet.com.
1.1.6 Accessing the CLI
The CLI is accessed via:
•
Serial interface connected directly from a PC to the serial console port of the switch.
•
Telnet session or secure shell (SSH) session. Telnet or SSH session can be initiated inband through the network or out-of-band via the management network port; either telnet
or SSH access requires that an IP address be configured on the switch.
Note: The maximum number of concurrent telnet and SSH connections to the switch is
15.
The following are the default settings of these interfaces:
•
Serial: initialized baud-rate 115200, 8 bit, no parity, and no flow control. By default the
serial port is turned on.
•
Telnet: initialized to port 23. By default the telnet service is turned on.
•
SSH: initialized to port 22. By default the SSH service is turned off.
1.1.7 Document Conventions
The following typographical conventions are used in command descriptions:
Table 1: Document Conventions
Convention
Use
keywords, to be typed verbatim
bold type
11
italic type
arguments for which the user must supply a
value (the argument gives the name, range, or
format of the information to be supplied by the
operator; see Arguments below)
{ }
logical groupings
[
optional arguments or keywords
]
|
separator for mutually exclusive options
<>
required arguments
1.2 CLI Command Structure
The CLI accepts two types of commands: asynchronous line-edit commands for navigating and
editing input into the CLI, and mode-based commands for monitoring and configuring the
FortiSwitch Ethernet Fabric Switch. This section describes both types of commands and how
they are organized and accessed.
1.2.1 Line-Edit Commands
Common line-editing and navigation commands are available for the user’s convenience. The list
is shown below, and can also be accessed through the CLI by using the help command.
Table 2: Line-Edit Commands
Key Combination
Action
<DEL>, <BS>
delete previous character
Ctrl-A
go to beginning of line
Ctrl-E
go to end of line
Ctrl-F
go forward one character
Ctrl-B
go backward one character
Ctrl-D
delete current character
Ctrl-U, X
delete to beginning of line
Ctrl-K
delete to end of line
Ctrl-W
delete previous word
Ctrl-T
transpose previous character
12
Ctrl-P
go to previous line in history buffer
Ctrl-R
rewrites or pastes the line
Ctrl-N
go to next line in history buffer
Ctrl-Y
print last deleted character
Ctrl-Q
enables serial flow
Ctrl-S
disables serial flow
Ctrl-Z
return to root command prompt
Up Arrow
go to previous line in history buffer
Down Arrow
go to next line in history buffer
Right Arrow
go forward one character
Left Arrow
go backward one character
<TAB>, <SPACE>
command-line completion
Exit
go to next lower command prompt
?
list choices
1.2.2 Mode-Based Structure
The FortiSwitch Operating System (FSOS) v4.0 CLI command tree groups commands in modes
according to their nature as shown below. Because the CLI is divided into modes, the commands
in one mode are not available until the operator switches to that mode, with the exception of the
Default Mode commands which are also available in Enable Mode.
The commands available to the operator at any point in time depend upon the mode. Entering a
question mark (?) at the CLI prompt displays a list of the commands available at any point and
provides brief descriptions of the commands.
Table 3: Mode Summary
Mode
Name
Prompt
Description
Access
Exit
Default
Mode
>
Basic show commands
for viewing system
information.
Log on to switch or use
exit command from
Enable Mode.
logout: ends
session
Enable
Mode
#
Full set of show
commands, plus access
to Config Mode and File
Mode.
Use enable command in
Default Mode (requires
password), exit from
Config Mode or File
exit: returns to
Default Mode
13
Mode, or end from the
other configuration
modes.
Debug
Mode
(Debug)#
Advanced command set
for debugging, to be used
only in cooperation with
Fortinet technical support
Use debug command in
Enable Mode.
exit/end: returns
to Enable Mode
File
Mode
(File)#
Commands for image
updating and file transfer.
Use file command in
Enable Mode.
exit/end: returns
to Enable Mode
Config
Mode
(Config)#
Configuration commands
for the switch as a whole,
plus access to additional
configuration modes.
Use config command in
Enable Mode or exit
command in the other
configuration modes.
exit/end: returns
to Enable Mode
ConfigLAG
Mode
(ConfigLAG n)#
where n
is the
LAG ID
Configuration commands
for LAGs.
Use lag command (and
specify a LAG ID) in
Config Mode.
exit: returns to
Config Mode
end: returns to
Enable Mode.
ConfigPort
Mode
(ConfigPort
x/y)#
where
x/y
identifies
the port
in
slot/port
format
Configuration commands
for individual ports.
Use port command (and
specify a port to be
configured) in Config
Mode.
Use exit
command to
return to Config
Mode or end
command to
return to Enable
Mode.
ConfigVLAN
Mode
(ConfigVLAN)#
Configuration commands
for VLANs.
Use vlan command in
Config Mode.
Use exit
command to
return to Config
Mode or end
command to
return to Enable
Mode.
14
1.2.3 Command Syntax
1.2.3.1 Order
Option tokens, arguments and other elements within a typed command must be entered in a
specific order. The order is shown in the syntax section of each command description in this
guide, but is also revealed one element at a time by typing ? after entering a partial command in
the CLI.
1.2.3.2 Arguments
Arguments for which the operator must supply a value are displayed in this document in italic type;
they must be replaced with a name or number.
The information in brackets gives the name, range, or format of the information to be supplied by
the operator (see Special Argument Types below)
To use spaces as part of a name argument, enclose it in double quotes. For example, the
expression “System Name with Spaces” forces the system to accept the spaces. Note: an empty
string (“”) is not valid.
Parameters may be mandatory values, optional values, choices, or a combination. <parameter>.
Angle brackets < > indicate a mandatory parameter for which a value must be entered in place
of the brackets and the text inside them.
Square brackets [ ] indicate an optional parameter for which a value may be entered in place of
the brackets and the text inside them.
Vertical bars | separate alternative, mutually exclusive elements.
Curly braces { } indicate that an element must be chosen from the list of choices.
1.2.3.3 Special Argument Types
<1-4094>: takes an integer in the range specified.
<ip_address>: takes a valid IP address in the following format: a.b.c.d (e.g., 172.16.0.114)
<mac_address>: takes a valid MAC address represented as six hexadecimal numbers separated
by colons (e.g., 00:1A:F6:00:03:61)
<slot/port>: is used to identify a physical port on the chassis; the operator must supply a slot
number and a port number (e.g., 1/3). Ports are identified in this way for consistency with the
FortiSwitch-1000, which has multiple line cards; note that on the FortiSwitch-500, the slot
value is always “1”.
<hh:mm:ss>: takes a time value with two digits each for hours, minutes and seconds, separated
by colons.
1.2.4 “No” Form of Commands
The token no can be used to reverse the action of many of the configuration commands in the
CLI (the commands in the Config modes and in File Mode). The “no” form generally reverses the
action of a command or resets a parameter to its default value; in the case of configuration
commands that enable something by default, the “no” form disables (and vice versa).
15
Selected uses of the “no” form are called out under individual commands; the operator may also
type no ? in the CLI for a full list of the commands available in a given mode that support the “no”
form.
1.2.5 Command Completion
The CLI can parse a command when enough letters have been typed to uniquely identify the
command keyword. The command may then be executed by typing <enter>, or the command
word may be completed by pressing <tab> or <space bar>.
16
2 Default Mode
2.1 Overview
The Default Mode provides basic show commands for viewing system information and simple
network commands (ping, telnet).
2.1.1 Access
This mode is accessed by logging on to the switch, or by using the exit command in Enable
Mode.
2.1.2 Exit
To exit from this mode, use the logout command to end the CLI session.
2.2 Commands
Command
Purpose
enable
Enter Enable Mode.
cls
Clear the screen.
help
Display line-editing commands.
logout
Exit this session. Any unsaved changes are
lost.
ping
Send ICMP echo packets to a specified IP
address.
show
Display switch options and settings.
telnet
Telnet to a remote host.
17
2.2.1 cls
Syntax
cls
Purpose
To clear the screen.
Options & Parameters
This command has no options or parameters.
18
2.2.2 enable
Syntax
enable
Purpose
To enter Enable Mode.
Options & Parameters
This command has no options or parameters.
Notes
Enable Mode increases the privilege level of the user and allows access to a wider set of
commands. Enable Mode is required for the user to enter Configuration or File modes.
Users with read-only privileges do not have access to Enable Mode or the enable command.
19
2.2.3 help
Syntax
help
Purpose
To display the function of special editing keys.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) > help
HELP:
Special keys:
<DEL>, <BS>... delete previous character
Ctrl-A ...... go to beginning of line
Ctrl-E ...... go to end of line
Ctrl-F ...... go forward one character
Ctrl-B ...... go backward one character
Ctrl-D ...... delete current character
Ctrl-U, X .... delete to beginning of line
Ctrl-K ...... delete to end of line
Ctrl-W ...... delete previous word
Ctrl-T ...... transpose previous character
Ctrl-P ...... go to previous line in history buffer
Ctrl-R ...... rewrites or pastes the line
Ctrl-N ...... go to next line in history buffer
Ctrl-Y ...... print last deleted character
Ctrl-Q ...... enables serial flow
Ctrl-S ...... disables serial flow
Ctrl-Z ...... return to root command prompt
Up Arrow ..... go to previous line in history buffer
Down Arrow ... go to next line in history buffer
Right Arrow... go forward one character
Left Arrow ... go backward one character
<TAB>, <SPACE> command-line completion
Exit
...... go to next lower command prompt
?
...... list choices
20
21
2.2.4 logout
Syntax
logout
Purpose
To exit this session.
Options & Parameters
This command has no options or parameters.
Notes
User is prompted to save any unsaved changes to the switch configuration. In order to save
running configuration changes, the user must cancel the logout procedure and use the copy
running-config command. (See copy “
Notes & Examples” on page 199)
Example
(FS5CX420F1087012) > logout
Warning: the system has unsaved configuration changes.
Would you like to logout now? (y/n) y
22
2.2.5 ping
Syntax
ping <ip_address>
Purpose
To test the accessibility of a specified IP address by sending ICMP echo packets.
Options & Parameters
<ip_address>
Specifies the host’s IP address.
Example
(FS5CX420F1087012) >ping 10.10.10.30
Send count=3, Receive count=3 from 10.10.10.30
23
2.2.6 show
The show commands display information about the options and settings of the switch. A limited
set is available in Default Mode; the complete set (including all Default Mode show commands) is
available in Enable Mode. (See page 81)
Table 4: Show Commands in Default Mode
Command
Purpose
show cos
Display class-of-service (802.1p) priority mapping
information. (See page 25)
show garp
Display Generic Attribute Registration Protocol (GARP)
information. (See page 26)
show gvrp
Display GARP VLAN Registration Protocol (GVRP)
parameters for one or all ports. (See page 27)
show history
Display the last commands entered in the CLI. (See page
29)
show lag brief
Display LAG static capability and summary information for the
device. (See page 30)
show mgmt-ip
Display the management interface configuration. (See page
31)
show serial
Display EIA-232 parameters and serial port inactivity timeout.
(See page 32)
show spanning-tree
Display spanning tree information. (See page 33)
show system
Display Chassis components and System information. (See
page 48)
show telnet
Display outbound telnet configuration information. (See page
60)
24
2.2.7 show
cos dot1p-mapping
Syntax
show cos dot1p-mapping [slot/port]
Purpose
To display class-of-service (802.1p) priority mapping information.
Defaults
Shows mapping of 802.1p priority to FortiSwitch OS queues.
Options & Parameters
[slot/port]
Specifies a port in slot/port format for which to display 802.1p
priority mapping information. If mapping is not configurable
by port, all ports will display identical information.
Example
(FS5CX420F1087012) >show cos dot1p-mapping 1/1
User Priority
-------------
Traffic Class
-------------
0
1
1
1
2
0
3
1
4
2
5
2
6
3
7
3
25
2.2.8 show
garp
Syntax
show garp [ statistics { port <slot/port> | lag <lag_ID> } ]
Purpose
To display Generic Attribute Registration Protocol (GARP) applications information.
Defaults
Displays the status of GMRP and GVRP Admin Modes by default.
Options & Parameters
statistics
Displays GARP applications PDU statistics.
port
Displays spanning tree values on a per-port basis.
<slot/port>
Specifies a port for which to display information.
lag
Displays spanning tree values on a per-LAG basis.
<lag_ID>
Specifies a LAG for which to display information.
Example
default:
(FS5CX420F1087012) >show garp
GMRP Admin Mode................................ Disable
GVRP Admin Mode................................ Disable
statistics port:
(FS5CX420F1087012) >show garp statistics port 1/1
GVRP PDUs received............................. 0
GVRP PDUs Transmitted.......................... 0
GVRP Failed Registratons...................... 0
statistics lag:
(FS5CX420F1087012) >show garp statistics lag 1
GVRP PDUs received............................. 536
GVRP PDUs Transmitted.......................... 518
GVRP Failed Registrations...................... 0
26
2.2.9 show
gvrp configuration
Syntax
show gvrp configuration { <slot/port> | all | lag <lag_ID> }
Purpose
To display GARP VLAN Registration Protocol (GVRP) parameters for a specified port or LAG or
for all ports.
Options & Parameters
<slot/port>
Specifies a port in slot/port format for which to display
information.
all
Displays GVRP information for all ports.
lag
Displays GVRP values on a per-LAG basis.
<lag_ID>
Specifies a LAG for which to display information.
Example
(FS5CX420F1087012) > show gvrp configuration all
GVRP Admin Mode................................ Disable
Join
Port
Leave
Timer
Timer
LeaveAll
Port
Timer
GVRP Mode
(centisecs) (centisecs) (centisecs)
----------- ----------- ----------- ----------- ----------1/1
20
60
1000
Disabled
1/2
20
60
1000
Disabled
1/3
20
60
1000
Disabled
1/4
20
60
1000
Disabled
1/5
20
60
1000
Disabled
1/6
20
60
1000
Disabled
1/7
20
60
1000
Disabled
1/8
20
60
1000
Disabled
1/9
20
60
1000
Disabled
1/10
20
60
1000
Disabled
1/11
20
60
1000
Disabled
1/12
20
60
1000
Disabled
1/13
20
60
1000
Disabled
27
1/14
20
60
1000
Disabled
1/15
20
60
1000
Disabled
1/16
20
60
1000
Disabled
1/17
20
60
1000
Disabled
1/18
20
60
1000
Disabled
1/19
20
60
1000
Disabled
1/20
20
60
1000
Disabled
1/21
20
60
1000
Disabled
1/22
20
60
1000
Disabled
1/23
20
60
1000
Disabled
1/24
20
60
1000
Disabled
LAG 1
20
60
1000
Disabled
LAG 2
20
60
1000
Disabled
28
2.2.10 show
history
Syntax
show history [count]
Purpose
To display the last commands entered in the CLI.
Defaults
Displays the last 10 commands.
Options & Parameters
<count>
Specifies the number of commands to display.
Example
(FS5CX420F1087012) >show history
1 show vlan
2 show fdb-table
3 show mac-addr
4 configure
5 vlan
6 exit
7 telnet
8 enable
9 show cos
10 show spanning-tree
29
2.2.11 show
lag brief
Syntax
show lag brief
Purpose
To display LAG capability and summary information for the switch.
Defaults
The show lag command has no default behavior, and in Default Mode it requires the option brief.
Options & Parameters
This command has no additional options or parameters.
Notes
The show lag command in Enable Mode can also display LAG or LACP information for one or all
ports. (See show lag on page 96)
Example
(FS5CX420F1087012) > show lag brief
LAG ID
LAG Name
Link State Mbr Ports Active Ports
------ ----------------- ---------- --------- -----------1
S1-L2
Down
1/13,
1/14,
1/15,
1/16,
1/17,1/18
2
S2-L2
Up
1/19,
1/19,1/20,
1/20,
1/21,1/22,
1/21,
1/23,1/24
1/22,
1/23,1/24
30
2.2.12 show
mgmt-ip
Syntax
show mgmt-ip { inband | service-port }
Purpose
To display the management interface configuration.
Options & Parameters
inband
Displays configuration for in-band connectivity.
service-port
Displays service port configuration.
Notes
The sshd and telnetd options are available in Enable Mode.
Examples
inband:
(FS5CX420F1087012) > show mgmt-ip inband
IP Address..................................... 0.0.0.0
Subnet Mask.................................... 0.0.0.0
Default Gateway................................ 0.0.0.0
Burned In MAC Address.......................... 00:1A:F6:00:03:61
Locally Administered MAC Address............... 00:00:00:00:00:00
MAC Address Type............................... Burned In
Network Configuration Protocol Current......... None
Management VLAN ID............................. 1
service-port:
(FS5CX420F1087012) > show mgmt-ip service-port
IP Address..................................... 172.16.0.116
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 172.16.0.1
ServPort Configured Protocol Current........... DHCP
Burned In MAC Address.......................... 00:1A:F6:00:03:61
31
2.2.13 show
serial
Syntax
show serial
Purpose
To display EIA-232 parameters and serial port inactivity timeout.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) >show serial
Serial Port Login Timeout (minutes)............ 160
Baud Rate (bps)................................ 115200
Character Size (bits).......................... 8
Flow Control................................... Disable
Stop Bits...................................... 1
Parity......................................... none
32
2.2.14 show
spanning-tree
Syntax
show spanning-tree [ brief | lag <lag_ID> | mst { summary | { <0-64> { detailed | lag
{ <lag_ID> { detailed | summary } | all summary } | port { all summary | <slot/port> { detailed |
summary } } } } } | port <slot/port> | summary | vlan <vlan_ID> ]
Purpose
To display spanning tree information.
Default
Displays Spanning Tree Protocol (STP) settings for the chassis as a whole.
Options & Parameters
brief
Displays settings for the common and internal spanning tree.
(See page 35)
lag
Displays spanning tree information for a specified LAG. (See
page 36)
mst
Displays overview information for a specified Multiple
Spanning Tree (MST) instance. (See page 37)
mst summary
Displays settings for an MST instance. (See page 44)
mst <0-64> detailed
Displays detailed information for a specified multiple
spanning tree (MST) instance. (See page 37)
mst <0-64> port
Displays spanning tree settings for an MST instance on a
per-port basis. (See page 42)
port
Displays spanning tree values on a per-port basis. (See
page 45)
summary
Displays spanning tree settings and lists MST instances.
(See page 46)
vlan
Displays spanning tree settings for a specified VLAN. (See
page 47)
Notes
Because of the complexity of this command’s options, it is broken up here into multiple sections.
Example
default:
(FS5CX420F1087012) >show spanning-tree
33
Bridge Priority................................ 32768
Bridge Identifier.............................. 80:00:00:1A:F6:00:0D:7E
Time Since Topology Change..................... 0 day 0 hr 24 min 32 sec
Topology Change Count.......................... 504
Topology Change in progress.................... FALSE
Designated Root................................ 80:00:00:1A:F6:00:09:46
Root Path Cost................................. 0
Root Port Identifier........................... 80:1B
Bridge Max Age................................. 20
Bridge Max Hops................................ 20
Bridge Forwarding Delay........................ 15
Root Port Hello Time........................... 2
Bridge Hold Time............................... 6
CST Regional Root.............................. 80:00:00:1A:F6:00:09:46
Regional Root Path Cost........................ 1000
Associated FIDs
--------------1
Associated VLANs
---------------1
34
2.2.15 show
spanning-tree brief
Syntax
show spanning-tree brief
Purpose
To display settings for the common and internal spanning tree.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) >show spanning-tree brief
Bridge Priority................................ 32768
Bridge Identifier.............................. 80:00:00:1A:F6:00:0D:7E
Bridge Max Age................................. 20
Bridge Max Hops................................ 20
Root Port Hello Time........................... 2
Bridge Forward Delay........................... 15
Bridge Hold Time............................... 6
35
2.2.16 show
spanning-tree lag
Syntax
show spanning-tree lag <lag_ID>
Purpose
To display spanning tree settings for a LAG.
Options & Parameters
<lag_ID>
Specifies a LAG for which to display information.
Example
(FS5CX420F1087012) > show spanning-tree lag 1
Configured Hello Time.......................... 2
Actual Hello Time.............................. 2
Port Mode...................................... Enabled
Port Admin Vscale Mode......................... Auto
Port Vscale Mode............................... Edge
Port Up Time Since Counters Last Cleared....... 3 day 21 hr 35 min 2 sec
STP BPDUs Transmitted.......................... 0
STP BPDUs Received............................. 0
RSTP BPDUs Transmitted......................... 0
RSTP BPDUs Received............................ 0
MSTP BPDUs Transmitted......................... 0
MSTP BPDUs Received............................ 0
36
2.2.17 show
spanning-tree mst
Syntax
show spanning-tree mst { summary | { <0-64> [ detailed | lag { all summary | <lag_ID>
{ detailed | summary } } ] } | port { all summary | <slot/port> { detailed | summary } } } } }
Purpose
To display the settings for a multiple spanning tree (MST) instance, or for one or all of the switch
ports within that instance.
Default
Shows overview information for the specified MST instance.
Options & Parameters
summary
When entered without specifying an MST instance, summary
displays summary information for all MST IDs. (See page 44)
<0-64>
Specifies a multiple spanning tree (MST) instance. Enter an
MST identifier to show information for a specific MST
instance by selecting the detailed option, or for a switch port
or LAG within that instance by specifying the port or LAG.
<0-64> detailed
Displays detailed information for the specified MST instance.
(See page 37)
<0-64> lag
Displays LAG-specific information; requires additional
options. (See page 40)
<0-64> port
Displays port-specific information; requires additional options.
(See page 42)
Example
See sections below for additional examples.
default:
(FS5CX420F1087012) # show spanning-tree mst 0
Designated Root................................ 80:00:00:1A:F6:00:09:46
Root Path Cost................................. 0
Designated Bridge.............................. 80:00:00:1A:F6:00:09:46
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------1/1
Disabled
Manual forwarding Disabled
1/2
Disabled
Manual forwarding Disabled
37
1/3
Disabled
Manual forwarding Disabled
1/4
Disabled
Manual forwarding Disabled
1/19
Enabled LAG Mb Manual forwarding Disabled
1/20
Enabled LAG Mb Manual forwarding Disabled
1/21
Enabled LAG Mb Manual forwarding Disabled
1/22
Enabled LAG Mb Manual forwarding Disabled
1/23
Enabled LAG Mb Manual forwarding Disabled
1/24
Enabled LAG Mb Manual forwarding Disabled
LAG 2
Enabled
Forwarding
Root
38
2.2.18 show
spanning-tree mst detailed
Syntax
show spanning-tree mst <0-64> detailed
Purpose
To display information for a specified multiple spanning tree (MST) instance.
Options & Parameters
<0-64>
Specifies a multiple spanning tree (MST) instance.
Example
(FS5CX420F1087012) > show spanning-tree mst 1 detailed
MST Instance ID................................ 1
MST Bridge Priority............................ 32768
MST Bridge Identifier.......................... 80:01:00:1A:F6:00:0D:7E
Time Since Topology Change..................... 0 day 0 hr 28 min 55 sec
Topology Change Count.......................... 504
Topology Change in progress.................... FALSE
Designated Root................................ 00:01:00:1A:F6:00:09:46
Root Path Cost................................. 1000
Root Port Identifier........................... 80:1B
No FIDs or VLANs associated with this instance.
39
2.2.19 show
spanning-tree mst lag
Syntax
show spanning-tree mst <0-64> lag { all summary | <lag_ID> { detailed | summary } }
Purpose
To display the settings for one or all of the LAGs within a specified multiple spanning tree (MST)
instance.
Options & Parameters
<0-64>
Specifies a multiple spanning tree (MST) instance.
all summary
Displays LAG settings for all LAGs in the specified MST
instance.
<lag_ID> detailed
Displays detailed LAG settings for the specified LAG in the
specified MST instance.
< lag_ID> summary
Displays summary LAG settings for the specified LAG in the
specified MST instance.
Examples
all summary:
(FS5CX420F1087012) > show spanning-tree mst 1 lag all summary
STP
Port
Mode Type
STP
Port
State
Role
--------- -------- ------- ----------------- ---------LAG 1
Enabled
Discarding
Designated
LAG 2
Enabled
Forwarding
Root
LAG 3
Enabled
Discarding
Designated
detailed:
(FS5CX420F1087012) > show spanning-tree mst 1 lag 1 detailed
MST Instance ID................................ 1
Port Identifier................................ 80:92
Port Priority.................................. 128
Port Forwarding State.......................... Discarding
Port Role...................................... Alternate
Auto-calculate Port Path Cost.................. Enabled
40
Port Path Cost................................. 10000
Designated Root................................ 00:01:00:1A:F6:00:03:D4
Designated Port Cost........................... 0
Designated Bridge.............................. 00:01:00:1A:F6:00:03:D4
Designated Port Identifier..................... 00:92
summary:
(FS5CX420F1087012) > show spanning-tree mst 1 lag 1 summary
MST Instance ID................................ 1
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------LAG 1
Enabled
Discarding
Alternate
41
2.2.20 show
spanning-tree mst port
Syntax
show spanning-tree mst <0-64> port { all summary | <slot/port> { detailed | summary } }
Purpose
To display the settings for one or all of the switch ports within a specified multiple spanning tree
(MST) instance.
Options & Parameters
<0-64>
Specifies a multiple spanning tree (MST) instance.
all summary
Displays port settings for all ports in the specified MST
instance.
<slot/port> detailed
Displays detailed port settings for the specified port in the
specified MST instance.
<slot/port> summary
Displays summary port settings for the specified port in the
specified MST instance.
Examples
all summary:
(FS5CX420F1087012) > show spanning-tree mst 1 port all summary
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------1/1
Disabled
Manual forwarding Disabled
1/2
Disabled
Manual forwarding Disabled
1/3
Disabled
Manual forwarding Disabled
1/4
Disabled
Manual forwarding Disabled
[...]
1/24
Enabled LAG Mb Manual forwarding Disabled
LAG 1
Enabled
Disabled
LAG 2
Enabled
Forwarding
Disabled
Root
detailed:
(FS5CX420F1087012) > show spanning-tree mst 1 port 1/2 detailed
42
MST Instance ID................................ 1
Port Identifier................................ 80:02
Port Priority.................................. 128
Port Forwarding State.......................... Manual forwarding
Port Role...................................... Disabled
Auto-calculate Port Path Cost.................. Enabled
Port Path Cost................................. 0
Designated Root................................ 80:01:00:1A:F6:00:0D:7E
Designated Port Cost........................... 0
Designated Bridge.............................. 80:01:00:1A:F6:00:0D:7E
Designated Port Identifier..................... 00:00
summary:
(FS5CX420F1087012) > show spanning-tree mst 1 port 1/2 summary
MST Instance ID................................ 1
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------1/2
Disabled
Manual forwarding Disabled
43
2.2.21 show
spanning-tree mst summary
Syntax
show spanning-tree mst summary
Purpose
To display summary information for all multiple spanning tree (MST) instances.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show spanning-tree mst summary
MST Instance ID................................ 1
No FIDs or VLANs associated with this instance.
MST Instance ID................................ 2
No FIDs or VLANs associated with this instance.
[...]
MST Instance ID................................ 23
No FIDs or VLANs associated with this instance.
MST Instance ID................................ 24
No FIDs or VLANs associated with this instance.
44
2.2.22 show
spanning-tree port
Syntax
show spanning-tree port <slot/port>
Purpose
To display spanning tree values on a per port basis.
Options & Parameters
<slot/port>
Specifies the port for which to show spanning tree values.
Example
(FS5CX420F1087012) > show spanning-tree port 1/2
Configured Hello Time.......................... 2
Actual Hello Time.............................. 2
Port Mode...................................... Disabled
Port Admin Vscale Mode......................... Auto
Port Vscale Mode............................... Edge
Port Up Time Since Counters Last Cleared....... 3 day 21 hr 43 min 26 sec
STP BPDUs Transmitted.......................... 0
STP BPDUs Received............................. 0
RSTP BPDUs Transmitted......................... 0
RSTP BPDUs Received............................ 0
MSTP BPDUs Transmitted......................... 1
MSTP BPDUs Received............................ 0
45
2.2.23 show
spanning-tree summary
Syntax
show spanning-tree summary
Purpose
To display summary of spanning tree settings.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show spanning-tree summary
Spanning Tree Adminmode........... Enabled
Spanning Tree Version............. IEEE 802.1s
Configuration Name................ ****
Configuration Revision Level...... ****
Configuration Digest Key.......... ****
Configuration Format Selector..... 0
MST Instances..................... 1,2,3,4,5,6,7,8
,9,10,11,12,13,14,15,16
,17,18,19,20,21,22,23,24
46
2.2.24 show
spanning-tree vlan
Syntax
show spanning-tree vlan <1-4094>
Purpose
To display the type of spanning-tree associated with a specified VLAN.
Options & Parameters
<1-4094>
Specifies a valid VLAN identifier.
Example
(FS5CX420F1087012) > show spanning-tree vlan 1
VLAN Identifier................................ 1
Associated Instance............................ CST
47
2.2.25 show
system
Syntax
show system { cardtypes-supported | io-card [1-6] | fan [1-4] | info | | mibs-supported |
power-supply [1-2] | status | version }
Purpose
To display chassis components and system information.
Options & Parameters
cardtypes-supported
Displays the card type(s) supported by the system. (See
page 49)
io-card [1-6]
Displays the status and details of all IO cards or of a
specified individual IO card. (See page 50)
fan [1-7]
Displays the status of all the fan units or a specified fan unit.
(See page 52)
info
Displays overall chassis information. (See page 53)
mibs-supported
Displays the list of supported Management Information Bases
(MIBs). (See page 54)
power-supply [1-2]
Displays the state and status of all power supply units or of a
specified power supply unit. (See page 54)
status
Displays the status of the components in the chassis. (See
page 57)
version [detailed]
Displays the version details of the chassis as a whole. (See
page 58)
Examples
See below for examples.
48
2.2.26 show
system cardtypes-supported
Syntax
show system cardtypes-supported
Purpose
To display the card type(s) supported by the system.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show system cardtypes-supported
CID
Card Description
--- -------------------------------8 10GE 24-Port Card
10 Power CX4 10GE 4-Port Card
11 SFP+ 10GE 4-Port Card
49
2.2.27 show
system io-card
Syntax
show system io-card [1-6]
Purpose
To display the status and details of all IO cards or of a specified individual IO card.
Defaults
Shows status and basic information for all IO cards.
Options & Parameters
[1-6]
Specifies an individual IO card. If none is specified,
command shows status and basic information for all IO cards.
Example
Default:
(FS5CX420F1087012) > show system io-card
Power
Slot
Status
Order Number /
State
Powered
Card Description
Up
----- ----------- ------- -------------------------------- ------1
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
2
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
3
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
4
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
5
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
6
Operational Enable WV-10G4-SFP+
SFP+ 10GE 4-Port Card
For a specified io card:
(FS5CX420F1087012) > show system io-card 3
Slot.............................. 3
Slot Status....................... Operational
Power State....................... Enable
50
Yes
Inserted Card:
Order Number................... WV-10G4-SFP+
Card Description............... SFP+ 10GE 4-Port Card
Manufacturer................... Fortinet
Slot Revision.................. 2
Chassis Serial Number.......... 0860001
51
2.2.28 show
system fan
Syntax
show system fan [1-7]
Purpose
To display the status of all the fan units or a specified fan unit.
Defaults
Shows status of all fan units.
Options & Parameters
[1-7]
Specifies an individual fan unit. If none is specified, command shows status of all
fan units.
Notes
To display fan speed, specify an individual fan unit.
Examples
default:
(FS5CX420F1087012) > show system fan
Air Flow Direction
Ports to Fans
Fan Unit
State
Fan Unit 1 - Operational
Fan Unit 2 - Operational
Fan Unit 3 - Operational
Fan Unit 4 - Operational
Fan Unit 5 - Operational
Fan Unit 6 - Operational
Fan Unit 7 - Operational
for a specific fan:
(FS5CX420F1087012) > show system fan 1
Fan Unit 1:
Operational
Controller:
3
Speed:
11760 RPM 11040 RPM
52
2.2.29 show
system info
Syntax
show system info
Purpose
To display overall chassis information.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show system info
System Description........................ FortiSwitch Ethernet Fabric Switch
System Name...............................
System Location...........................
System Contact............................
System Object ID.......................... 1.3.6.1.4.1.26390.5
System Up Time............................ 1 days 8 hrs 48 mins 2 secs
System Time............................... Fri Apr 10 23:04:03 2009
53
2.2.30 show
system mibs-supported
Syntax
show system mibs-supported
Purpose
To display the list of supported MIBs.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) > show system mibs-supported
MIBs Supported:
RFC 1907 - SNMPv2-MIB
The MIB module for SNMPv2 entities
RFC 2819 - RMON-MIB
Remote Network Monitoring Management
Information Base
WOVEN-REF-MIB
Reference MIB
SNMP-COMMUNITY-MIB
This MIB module defines objects to help
support coexistence between SNMPv1, SNMPv2,
and SNMPv3.
SNMP-FRAMEWORK-MIB
SNMP-MPD-MIB
The SNMP Management Architecture MIB
The MIB for Message Processing and
Dispatching
SNMP-NOTIFICATION-MIB
SNMP-TARGET-MIB
The Notification MIB Module
The Target MIB Module
SNMP-USER-BASED-SM-MIB
The management information definitions for
the SNMP User-based Security Model.
SNMP-VIEW-BASED-ACM-MIB
The management information definitions for
the View-based Access Control Model for SNMP.
USM-TARGET-TAG-MIB
SNMP Research, Inc.
WOVEN-POWER-ETHERNET-MIB
Power Ethernet Extensions MIB
POWER-ETHERNET-MIB
LAG-MIB
Power Ethernet MIB
The Link Aggregation module for managing
IEEE 802.3ad
RFC 1213 - RFC1213-MIB
Management Information Base for Network
Management of TCP/IP-based internets: MIB-II
RFC 1493 - BRIDGE-MIB
Definitions of Managed Objects for Bridges
(dot1d)
RFC 2674 - P-BRIDGE-MIB
The Bridge MIB Extension module for managing
54
Priority and Multicast Filtering, defined by
IEEE 802.1D-1998.
RFC 2674 - Q-BRIDGE-MIB
The VLAN Bridge MIB module for managing
Virtual Bridged Local Area Networks
RFC 2737 - ENTITY-MIB
RFC 2863 - IF-MIB
Entity MIB (Version 2)
The Interfaces Group MIB using SMIv2
RFC 3635 - Etherlike-MIB
Definitions of Managed Objects for the
Ethernet-like Interface Types
FASTPATH-SWITCHING-MIB
FASTPATH Switching - Layer 2
FASTPATH-INVENTORY-MIB
Unit and Slot configuration.
FASTPATH-PORTSECURITY-PRIVATE-MIB Port Security MIB.
IEEE8021-PAE-MIB
Port Access Entity module for managing IEEE
802.1X.
FASTPATH-RADIUS-AUTH-CLIENT-MIB
RADIUS-ACC-CLIENT-MIB
FastPath Radius MIB
RADIUS Accounting Client MIB
RADIUS-AUTH-CLIENT-MIB
RADIUS Authentication Client MIB
TACACS-AUTH-CLIENT-MIB
TACACS+ Authentication Client MIB
FASTPATH-MGMT-SECURITY-MIB
The Private MIB for FastPath Mgmt
Security
FASTPATH-QOS-MIB
FASTPATH-QOS-ACL-MIB
FASTPATH Flex QOS Support
FASTPATH Flex QOS ACL
55
2.2.31 show
system power-supply
Syntax
show system power-supply [1-2]
Purpose
To display the state and status of all power supply units or of a specified power supply unit.
Defaults
Shows information for all power supply units.
Options & Parameters
[1-2]
Specifies an individual power supply unit. If none is
specified, command shows status of all power supply units.
Examples
(FS5CX420F1087012) > show system power-supply
Power Supply Unit
State
Power Supply Unit 1 - Not Present
Power Supply Unit 2 - Operational
(FS5CX420F1087012) > show system power-supply 2
Power Supply Unit 2: Operational
Manufacturer: ASTEC
Module: G056
Revision: R03
Serial Number: 0000121
56
2.2.32 show
system status
Syntax
show system status
Purpose
To display the status of the components in the chassis.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show system status
Fan Unit 1: ....... Operational
Fan Unit 2: ....... Operational
Fan Unit 3: ....... Operational
Fan Unit 4: ....... Operational
Fan Unit 5: ....... Operational
Fan Unit 6: ....... Operational
Fan Unit 7: ....... Operational
Power Supply 1: ... Not Present
Power Supply 2: ... Operational
57
2.2.33 show
system version
Syntax
show system version [ detailed ]
Purpose
To display the version details of the chassis as a whole.
Default
Displays basic information for the chassis.
Options & Parameters
detailed
Displays detailed version information for the chassis as a
whole.
Example
default:
(FS5CX420F1087012) > show system version
Switch: 1
System Description............................. FortiSwitch Ethernet Fabric Switch
Machine Model.................................. FortiSwitch-500
Chassis Serial Number.......................... 0855004
Model Part Number.............................. 800-90003-20
HW Version..................................... 20-F
Software Order Code............................ WV-500-WFOS
Manufacturer................................... Fortinet
Burned In MAC Address.......................... 00:1A:F6:00:0D:7E
Software Release Version....................... 2.0.1
detailed:
(FS5CX420F1087012) > show system version detailed
Switch: 1
System Description............................. Ethernet Fabric Switch
Machine Model.................................. FortiSwitch-500
Chassis Serial Number.......................... 0855004
FRU Number..................................... N/A
Model Part Number.............................. 800-90003-20
HW Version..................................... 20-F
58
Software Order Code............................ WV-500-WFOS
Manufacturer................................... Fortinet
Burned In MAC Address.......................... 00:1A:F6:00:0D:7E
Additional Packages............................ None
Software Revision.............................. 5625
Architecture................................... powerpc
Software Release Version....................... v4.0,build0202,091015
Bootloader (Default)........................... DefaultBlock, v2.1, build #26M
Bootloader (Latest)............................ MainBlock v2.1, build #26M (Feb 9 2009 - 17:32:37) ***
FortiSwitch-500 ***
59
2.2.34 show
telnet
Syntax
show telnet
Purpose
To display outbound telnet configuration information.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) > show telnet
Outbound Telnet Login Timeout (minutes)........ 5
Maximum Number of Outbound Telnet Sessions..... 5
Allow New Outbound Telnet Sessions............. Yes
60
2.2.35 telnet
Syntax
telnet <ip_address> [port <0-65535>][debug][line][noecho]
Purpose
To telnet to a remote host.
Defaults
Connects to the host IP address on TCP port 23 with debug and line modes disabled and local
echo enabled by default.
Options & Parameters
<ip_address>
Specifies the IP address of the host.
port <0-65535>
Connects to the specified TCP port of the host. If this option
is not included, the command defaults to port 23.
debug
Enables telnet debugging mode.
line
Enables telnet linemode.
noecho
Disables local echo.
Notes
If multiple options are entered (e.g., port, debug, line and noecho), they must be entered in
order.
Example
(FS5CX420F1087012) >telnet 10.10.10.10 port 2055 line
This establishes a telnet session with the host at IP address 10.10.10.10 on port 2055 with
linemode enabled.
61
3 Enable Mode
3.1 Overview
The Enable Mode provides a full set of show commands, some controls for the switch as a whole,
and access to Config Mode and File Mode.
3.1.1 Access
This mode is accessed by using the enable command in Default Mode (requires password), by
using the exit command in Config Mode or File Mode, or by using the end command in the other
configuration modes.
3.1.2 Exit
To exit from this mode, use the exit command to return to Default Mode.
3.1.3 Commands
Command
Purpose
ascii-art
Enable ASCII art.
clear
Clear counters and logs.
clock
Set the realtime clock.
cls
Clear the screen.
configure
Enter Config Mode.
debug
Enter Debug Mode.
disconnect
Close active remote session(s).
exit
Exit to Default Mode.
file
Enter File Mode.
help
Display line-editing commands.
logout
Exit this session. Any unsaved changes are
lost.
paging
Enable paging of the CLI display.
ping
Send ICMP echopackets to a specified IP
address.
62
reload
Reset the switch.
show
Show configured data.
sleep
Disable the CLI for a specified number of
seconds.
tech-support save-info
Save system details for Fortinet tech support.
telnet
Telnet to a remote host.
traceroute
Trace route to destination.
63
3.1.4 clear
Syntax
clear { counters { <slot/port> | all | lag } | fdb-table learned { <slot/port> | all } | logging
buffered | radius statistics | trap-log }
Purpose
To clear counters and logs.
Options & Parameters
counters
Clears statistics counters. (See page 65)
fdb-table learned
Clear the learned MAC entries. (See page 66)
logging buffered
Clear the buffered log. (See page 67)
radius statistics
Clear the Remote Authentication Dial-In User Service
(RADIUS) statistics. (See page 68)
trap-log
Clear the SNMP trap log. (See page 69)
Example
See subsequent sections for specific examples.
64
3.1.5 clear
counters
Syntax
clear counters { <slot/port> | all | lag }
Purpose
To clear statistics counters from all ports or a specified port or LAG.
Options & Parameters
<slot/port>
Specifies a port in slot/port format.
all
Clears statistics for all ports.
lag
Clears all LAG-specific counters.
Example
(FS5CX420F1087012) # clear counters 1/2
Are you sure you want to clear the port stats? (y/n) y
Port Stats Cleared.
65
3.1.6 clear
fdb-table learned
Syntax
clear fdb-table learned { <slot/port> | all }
Purpose
To clear the Forwarding Database (FDB) of learned MAC entries for all ports or for a specified
port.
Options & Parameters
<slot/port>
Specifies a port in slot/port format.
all
Clears learned MAC entries from all ports.
Notes
This command clears learned addresses from the FDB table, and is used primarily for debugging.
To clear static addresses, use the no form of the fdb-table static command in Config-LAG Mode
or Config-Port Mode. (See page 218)
Example
(FS5CX420F1087012) # clear fdb-table learned 1/3
Are you sure you want to clear the specified / all learned MAC entries? (y/n) n
Fdbtable MAC Entries Not Cleared.
66
3.1.7 clear
logging buffered
Syntax
clear logging buffered
Purpose
To clear the buffered log.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # clear logging buffered
Are you sure you want to clear the buffered log? (y/n) n
Buffered Log Not Cleared!
67
3.1.8 clear
radius statistics
Syntax
clear radius statistics
Purpose
To clear the Remote Authentication Dial-In User Service (RADIUS) server statistics.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # clear radius statistics
Are you sure you want to clear all RADIUS statistics? (y/n) n
RADIUS statistics Not Cleared.
68
3.1.9 clear
trap-log
Syntax
clear trap-log
Purpose
To clear the trap log.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # clear trap-log
Are you sure you want to clear the Trap Log? (y/n) n
Trap Log Not Cleared.
69
3.1.10 clock
Syntax
clock time <hh:mm:ss> month <1-12> day <1-31> year <year>
Purpose
To set the realtime clock.
Options & Parameters
time <hh:mm:ss>
Specifies the current time.
month <1-12>
Specifies the current month.
day <1-31>
Specifies the current day.
year <year>
Specifies the current year (four-digits).
Notes
All “options” are required, and must be entered in the specified order.
Example
(FS5CX420F1087012) # clock time 18:35:50 month 6 day 4 year 2007
70
3.1.11 cls
Syntax
cls
Purpose
To clear the screen.
Options & Parameters
This command has no options or parameters.
71
3.1.12 configure
Syntax
configure
Purpose
To enter Config Mode.
Options & Parameters
This command has no options or parameters.
Notes
Config Mode allows configuration of switch parameters and gives access to Config-LAG and
Config-Port modes.
72
3.1.13 disconnect
Syntax
disconnect { <0-15> | all }
Purpose
To close all active remote sessions or a specified active remote session.
Options & Parameters
<0-15>
Specifies a session ID to close.
all
Closes all active remote sessions.
Example
(FS5CX420F1087012) # disconnect 3
73
3.1.14 exit
Syntax
exit
Purpose
To exit from the current mode to its parent mode. In Enable Mode, this command returns the
user to Default Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # exit
74
3.1.15 file
Syntax
file
Purpose
To enter File Mode. Gives access to File Mode commands.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # file
(FS5CX420F1087012) (File)#
75
3.1.16 help
Syntax
help
Purpose
To display the function of special editing keys.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) > help
HELP:
Special keys:
<DEL>, <BS>... delete previous character
Ctrl-A ...... go to beginning of line
Ctrl-E ...... go to end of line
Ctrl-F ...... go forward one character
Ctrl-B ...... go backward one character
Ctrl-D ...... delete current character
Ctrl-U, X .... delete to beginning of line
Ctrl-K ...... delete to end of line
Ctrl-W ...... delete previous word
Ctrl-T ...... transpose previous character
Ctrl-P ...... go to previous line in history buffer
Ctrl-R ...... rewrites or pastes the line
Ctrl-N ...... go to next line in history buffer
Ctrl-Y ...... print last deleted character
Ctrl-Q ...... enables serial flow
Ctrl-S ...... disables serial flow
Ctrl-Z ...... return to root command prompt
Up Arrow ..... go to previous line in history buffer
Down Arrow ... go to next line in history buffer
Right Arrow... go forward one character
Left Arrow ... go backward one character
<TAB>, <SPACE> command-line completion
Exit
...... go to next lower command prompt
?
...... list choices
76
3.1.17 logout
Syntax
logout
Purpose
To exit this session.
Options & Parameters
This command has no options or parameters.
Notes
User is prompted to save any unsaved changes to the switch configuration. In order to save
running configuration changes, the user must cancel the logout procedure and use the copy
running-config command. (See copy “
Notes & Examples” on page 199)
Example
(FS5CX420F1087012) > logout
Warning: the system has unsaved configuration changes.
Would you like to logout now? (y/n) y
77
3.1.18 paging
Syntax
paging
Purpose
To enable paging of the CLI display.
Defaults
Paging is enabled by default.
Options & Parameters
This command has no options or parameters.
Notes
•
When enabled, paging displays large CLI output one page (24 lines) at a time.
•
When disabled (no paging), large volumes of CLI output scroll off the screen.
Example
(FS5CX420F1087012) > paging
78
3.1.19 ping
Syntax
ping <ip_address>
Purpose
To test the accessibility of a specified IP address by sending ICMP echo packets.
Options & Parameters
<ip_address>
Specifies the host’s IP address.
Example
(FS5CX420F1087012) >ping 10.10.10.30
Send count=3, Receive count=3 from 10.10.10.30
79
3.1.20 reload
Syntax
reload
Purpose
To reset the switch without power cycling.
Defaults
Resets the switch to the settings in the startup-config file.
Options & Parameters
This command has no options or parameters.
Notes
The reload command terminates all network connections and loads the settings from the startupconfig file.
User is prompted to confirm reload before the command is executed.
Examples
(FS5CX420F1087012) # reload
Are you sure you would like to reset the system? (y/n) y
80
3.1.21 show
The show commands display information about the options and settings of the switch. A limited
set is available in Default Mode (see Show Commands in Default Mode on page 24); the
complete set (including all Default Mode show commands) is available here in Enable Mode.
Table 5: Show Commands in Enable Mode
Command
Behavior
show arp
Display the Address Resolution Protocol (ARP) cache. (See
page 83)
show authentication
Display ordered methods for authentication lists or the users
assigned to a specified authentication login list. (See page
84)
show clock
Display the UTC time and date. (See page 85)
show cos dot1p-mapping
Display class-of-service (802.1p) priority mapping
information. (See page 86)
show fabric-control
Display the fabric bandwidth allocation. (See page 87)
show fdb-table
Display MAC address table information from the Forwarding
Database (FDB). (See page 89)
show garp
Display Generic Attribute Registration Protocol (GARP)
information. (See )
show gvrp
Display GARP VLAN Registration Protocol (GVRP)
parameters for one or all ports. (See page 92)
show history
Display the last commands entered in the CLI. (See page
94)
show ipfix
Display the Internet Protocol Flow Information Export (IPFIX)
configuration. (See page 95)
show lag
Display LAG static capability and summary information for
the device. (See page 96)
show logging
Display logging parameters. (See page 101)
show login-session
Display information about the current login session. (See
page 103)
show mgmt-ip
Display the in-band service configuration. (See page 104)
show monitor
Display port mirror settings. (See page 106)
show port
Display port mode, status and settings for all ports or for a
81
specified port. (See page 107)
show radius
Display Remote Authentication Dial In User Service
(RADIUS) configuration information for the switch or for
configured RADIUS servers. (See page 111)
show running-config
Display elements of the running configuration that differ from
the default settings. (See page 113)
show serial
Display EIA-232 parameters and serial port inactivity
timeout. (See page 115)
show snmpd
Display Simple Network Management Protocol (SNMP)
community and trap flag details. (See page 116)
show snmp-trap
Display Simple Network Management Protocol (SNMP) trap
receiver entries. (See page 117)
show sntp
Display Simple Network Time Protocol (SNTP) settings.
(See page 117)
show spanning-tree
Display spanning tree information. (See page 120)
show startup-config
Display the configuration details saved in the startup
configuration file. (See page 136)
show system
Display Chassis components and System information. (See
Error! Bookmark not defined.)
show task
Display sleep average information for a card. (See page
137)
show telnet
Display outbound telnet configuration information. (See
page 137)
show users
Display account and authentication information for system
users. (See page 151)
show vlan
Display information about a specific VLAN or a list of all
configured VLANS. (See page 152)
82
3.1.22 show
arp
Syntax
show arp
Purpose
To display Address Resolution Protocol (ARP) cache.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # show arp
MAC Address
IP Address
Port
------------------- ---------------- -----------00:04:96:27:C8:55 172.16.0.1
00:A0:D1:E4:9B:20 172.16.0.88
Management
Management
83
3.1.23 show
authentication
Syntax
show authentication [ users <list_name> ]
Purpose
To display ordered methods for authentication lists or the users assigned to a specified
authentication login list.
Defaults
Shows ordered methods for all lists.
Options & Parameters
users
Displays users assigned to a specified authentication login
list.
<list_name>
Specifies an existing authentication list.
Notes
Authentication lists are created in Configuration Mode using the authentication command. (See
authentication login on page 160)
Examples
(FS5CX420F1087012) # show authentication
Authentication Login List Method 1
Method 2
------------------------- --------
--------
defaultList
local
--------
Method 3
undefined undefined
(FS5CX420F1087012) # show authentication users location1
User Name
Component
---------- ---------------default
System Login
84
3.1.24 show
clock
Syntax
show clock
Purpose
To display ordered methods for authentication lists or the users assigned to a specified
authentication login list.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # show clock
System Time : Mon Apr 13 12:23:46 2009
85
3.1.25 show
cos dot1p-mapping
Syntax
show cos dot1p-mapping [slot/port]
Purpose
To display class-of-service (802.1p) priority mapping information.
Defaults
Shows mapping of 802.1p priority to FortiSwitch OS queues.
Options & Parameters
[slot/port]
Specifies a port in slot/port format for which to display 802.1p
priority mapping information. If mapping is not configurable
by port, all ports will display identical information.
Example
(FS5CX420F1087012) # >show cos dot1p-mapping 1/1
User Priority
-------------
Traffic Class
-------------
0
1
1
1
2
0
3
1
4
2
5
2
6
3
7
3
86
3.1.26 show
fabric-control
Syntax
show fabric-control { mac-svlan | multicast | partition [1-1000] | policy [slot/port] | spine |
valid-svlan }
Purpose
To display the fabric bandwidth allocation.
Options & Parameters
mac-svlan
Displays the number of SVLANs associated with each MAC.
multicast
Displays all registered multicast addresses along with their
associated VLANs and SVLANs.
partition [1-1000]
Displays the fabric partition configuration. Shows general
information for all partitions by default; the optional partition
number (1-1000) specifies a partition for which to show
detailed information.
policy [slot/port]
Displays the fabric policy; by default, shows policy
information for all ports. The optional port argument (in
slot/port format) specifies a port for which to show detailed
policy information.
spine
Tells whether the switch is a spine switch (default) or an edge
switch, and provides SVLAN information about the switch.
Note: if the switch is an edge switch (spine mode is
disabled), then the rest of the fields are meaningless.
Stand-alone FortiSwitch switches are always configured in
spine mode; FortiSwitch switches are configured in edge
mode only when they are connected and configured into a
fabric.
valid-svlan
Displays IDs of all SVLANs present in the switch.
Notes
For further information about FortiSwitch fabric concepts, see fabric-control on page 164.
Examples
mac-svlan:
(FS5CX420F1087012) # show fabric-control mac-svlan
Number of SVLANs associated with each MAC............... 6
multicast:
(FS5CX420F1087012) # show fabric-control multicast
Multicast Address VLAN SVLAN
87
------------------- ------ ------partition:
(FS5CX420F1087012) # show fabric-control partition 1
Partition
Class
SVLAN
---------- ------- ------1
Default 1001, 1002, 1003, 1004
policy:
(FS5CX420F1087012) # show fabric-control policy 1/2
Port Policy Partition VLAN
---- ------ --------- ---1/2
0
1
1-4094,
spine:
(FS5CX420F1087012) # show fabric-control spine
Spine Mode .....................Disable
Spine ID .......................1
Num Spine SVLANs Allocated......6
Spine SVLANs ...................0 - 0
Static SVLANs ..................1001 - 1024
valid-svlan:
(FS5CX420F1087012) # show fabric-control valid-svlan
Spine
-------------
SVLAN
---------
1
1001, 1002, 1003, 1004, 1005, 1006,
2
1013, 1014, 1015, 1016, 1017, 1018,
88
3.1.27 show
fdb-table
Syntax
show fdb-table { aging-time | gmrp | learned { <mac_address> | all } | multicast [mac_address]
| static { <mac_address> | all } | stats }
Purpose
To display MAC address table information from the Forwarding Database (FDB).
Options & Parameters
aging-time
Displays forwarding database address aging timeout values.
gmrp
Displays GMRP entries in the Multicast Forwarding Database
(MFDB) table.
igmp-snoop
Displays IGMP snooping entries in the MFDB table.
learned { <mac_address> | all }
Displays learned MAC addresses: <mac_address> specifies
a 6 byte MAC address (separated by colons) for which to
display information; all displays information for all learned
MAC addresses.
multicast [mac_address]
Displays multicast forwarding database table information.
Shows information for all ports by default; the optional
mac_address argument specifies a 6 byte MAC address
(separated by colons) for which to display information.
static { <mac_address> | all }
Displays static MAC filter information: <mac_address>
specifies a 6 byte MAC address (separated by colons) for
which to display information; all displays information for all
learned MAC addresses.
stats
Displays MFDB statistics.
Examples
aging-time:
(FS5CX420F1087012) # show fdb-table aging-time
Address Aging Timeout:300
gmrp:
(FS5CX420F1087012) # show fdb-table gmrp
There are currently no GMRP entries in the table.
learned:
(FS5CX420F1087012) #show fdb-table learned all
89
Mac Address
Port
IfIndex
Status
----------------- --------- ------- -----------00:1A:F6:00:0D:7C
cpu
25
Management
00:1E:68:37:EF:62
LAG 1
26
Learned
00:1E:68:37:EF:83
LAG 1
26
Learned
00:1E:68:37:EF:A7
LAG 1
26
Learned
00:1E:68:37:EF:BC
LAG 1
26
Learned
00:1E:68:37:EF:E3
LAG 1
26
Learned
00:1E:68:37:F0:94
LAG 1
26
Learned
00:30:48:8E:0E:79
LAG 1
26
Learned
multicast:
(FS5CX420F1087012) #show fdb-table multicast
There are currently no entries in the table.
static:
(FS5CX420F1087012) # show fdb-table static all
MAC Filter List is Empty
stats:
(FS5CX420F1087012) # show fdb-table stats
Most Address Entries Ever Used................. 47
Address Entries Currently in Use............... 41
Max MFDB Table Entries......................... 256
Most MFDB Entries Since Last Reset............. 0
Current Entries................................ 0
90
3.1.28 show
garp
Syntax
show garp [ statistics { port <slot/port> | lag <lag_ID> } ]
Purpose
To display Generic Attribute Registration Protocol (GARP) applications information.
Defaults
Displays the status of GMRP and GVRP Admin Modes by default.
Options & Parameters
statistics
Displays GARP applications PDU statistics.
port
Displays spanning tree values on a per-port basis.
<slot/port>
Specifies a port for which to display information.
lag
Displays spanning tree values on a per-LAG basis.
<lag_ID>
Specifies a LAG for which to display information.
Example
default:
(FS5CX420F1087012) # show garp
GMRP Admin Mode................................ Disable
GVRP Admin Mode................................ Disable
statistics port:
(FS5CX420F1087012) # show garp statistics port 1/3
GVRP PDUs received............................. 0
GVRP PDUs Transmitted.......................... 0
GVRP Failed Registratons...................... 0
statistics lag:
(FS5CX420F1087012) # show garp statistics lag 1
GVRP PDUs received............................. 536
GVRP PDUs Transmitted.......................... 518
GVRP Failed Registrations...................... 0
91
3.1.29 show
gvrp
Syntax
show gvrp configuration { <slot/port> | all | lag <lag_ID> }
Purpose
To display GARP VLAN Registration Protocol (GVRP) parameters for a specified port or LAG or
for all ports.
Options & Parameters
<slot/port>
Specifies a port in slot/port format for which to display
information.
all
Displays GVRP information for all ports.
lag
Displays GVRP values on a per-LAG basis.
<lag_ID>
Specifies a LAG for which to display information.
Example
(FS5CX420F1087012) # show gvrp configuration all
GVRP Admin Mode................................ Disable
Join
Port
Leave
Timer
Timer
LeaveAll
Port
Timer
GVRP Mode
(centisecs) (centisecs) (centisecs)
----------- ----------- ----------- ----------- ----------1/1
20
60
1000
Disabled
1/2
20
60
1000
Disabled
1/3
20
60
1000
Disabled
1/4
20
60
1000
Disabled
1/5
20
60
1000
Disabled
1/6
20
60
1000
Disabled
1/7
20
60
1000
Disabled
1/8
20
60
1000
Disabled
1/9
20
60
1000
Disabled
1/10
20
60
1000
Disabled
1/11
20
60
1000
Disabled
1/12
20
60
1000
Disabled
1/13
20
60
1000
Disabled
1/14
20
60
1000
Disabled
92
1/15
20
60
1000
Disabled
1/16
20
60
1000
Disabled
1/17
20
60
1000
Disabled
1/18
20
60
1000
Disabled
1/19
20
60
1000
Disabled
1/20
20
60
1000
Disabled
1/21
20
60
1000
Disabled
1/22
20
60
1000
Disabled
1/23
20
60
1000
Disabled
1/24
20
60
1000
Disabled
LAG 1
20
60
1000
Disabled
LAG 2
20
60
1000
Disabled
93
3.1.30 show
history
Syntax
show history [count]
Purpose
To display the last commands entered in the CLI.
Defaults
Displays the last 10 commands.
Options & Parameters
<count>
Specifies the number of commands to display.
Example
(FS5CX420F1087012) #show history
1 show vlan
2 show fdb-table
3 show mac-addr
4 configure
5 vlan
6 exit
7 telnet
8 enable
9 show cos
10 show spanning-tree
94
3.1.31 show
ipfix
Syntax
show ipfix
Purpose
To display the Internet Protocol Flow Information Export (IPFIX) configuration.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) #show ipfix
IPFIX Collector Address
Port
---------------------------------------10.10.10.23
3023
10.10.10.24
2022
Port
IPFIX State
----------------------------------1/1
Enable
1/2
Enable
1/3
Disable
1/4
Enable
95
3.1.32 show
lag
Syntax
show lag { <lag_ID> [ lacp | stats | vlan ] | all | brief }
Purpose
To display Link Aggregation Group (LAG) information.
Options & Parameters
<lag_ID>
<lag_ID> specifies a LAG group number for which to show
information.
lacp
Shows Link Aggregation Control Protocol (LACP) information
for the specified LAG.
stats
Shows LAG statistics for the specified LAG.
vlan
Shows VLAN configuration information for the specified LAG.
all
Displays general information for all LAGs.
brief
Displays LAG static capability and summary information for
the switch as a whole. This form of the command is also
available in Default Mode.
Notes
The brief option of show lag is also available in Default Mode.
Examples
for a specified LAG:
(FS5CX420F1087012) # show lag 1
Link
LAG
ID
LAG
Adm. Trap STP
Name
Mbr
Port
Link Mode Mode Mode Protocol Ports
Port
Speed Active
------ --------------- ------ ---- ---- ------ -------- ------ --------- -----1
DEFAULT
Up
En. En. En.
1/2
None
1/1
10G Full True
10G Full True
for a specified LAG with the LACP option:
(FS5CX420F1087012) # show lag 1 lacp
Port
Port
LACP System
State
Priority
System ID
Admin
Oper
Actor LACP
Key
Key
State
------ ------- ---------- ----------------- ---------- ---------- ------------
96
1/1
Down
32768
00:1A:F6:00:08:C4 0x00000092 0x00000092 0x00000005
1/2
Down
32768
00:1A:F6:00:08:C4 0x00000092 0x00000092 0x00000005
1/3
Down
32768
00:1A:F6:00:08:C4 0x00000092 0x00000092 0x00000005
1/4
Down
32768
00:1A:F6:00:08:C4 0x00000092 0x00000092 0x00000005
Partner
Port
Partner
Partner
System
Port
Priority
Partner
Partner ID
Partner
Admin Key
LACP
Oper Key
State
------ --------- ---------- ----------------- ----------- ---------- ---------1/1
0
0
00:00:00:00:00:00 0x00000000 0x00000000 0x00000005
1/2
98
32768
1/3
0
0
00:00:00:00:00:00 0x00000000 0x00000000 0x00000005
1/4
0
0
00:00:00:00:00:00 0x00000000 0x00000000 0x00000005
LACP PDUs
Port Sent
00:1A:F6:00:04:6B 0x00000000 0x00000092 0x00000037
Marker
Recv
Sent
Marker Response
Recv
Sent
Recv
LACP PDUs LACP PDUs
Error
Dropped
------ ------- ------- ------- ------- --------- --------- ----------- -----------
1/1
0
0
0
0
0
0
0
0
1/2
0
0
0
0
0
0
0
0
1/3
0
0
0
0
0
0
0
0
1/4
0
0
0
0
0
0
0
0
for a specified LAG with the VLAN option:
(FS5CX420F1087012) # show lag 1 vlan
Port
Port
Acceptable
Default
VLAN ID Frame Types GVRP Priority
--------- ------- ------------ ------- -------LAG 1
1
Admit All
Enable
0
all:
(FS5CX420F1087012) # show lag all
Link
LAG
ID
LAG
Name
Adm. Trap STP Mbr
Port
Link Mode Mode Mode Ports
Port
Speed Active
------ --------------- ------ ---- ---- ------ ------ --------- -----1
DEFAULT
Up
En. En. En.
1/2
1/1
10G Full True
10G Full False
97
2
DEFAULT
Up
1/3
10G Full True
1/4
10G Full True
1/5
10G Full True
1/6
10G Full True
En. En. En.
1/7
10G Full True
1/8
10G Full True
1/9
10G Full True
1/10 10G Full True
1/11 10G Full True
1/12 10G Full True
98
brief:
(FS5CX420F1087012) # show lag brief
LAG ID
LAG Name
Link State Mbr Ports Active Ports
------ ----------------- ---------- --------- -----------1
DEFAULT
Up
1/1,1/2, 1/1,1/3,1/4,
1/3,1/4, 1/5,1/6
1/5,1/6
2
DEFAULT
Up
1/7,1/8, 1/7,1/8,1/9,
1/9,1/10, 1/10,1/11,
1/11,1/12 1/12
statistics:
(FS5CX420F1087012) # show lag 1 stats
Total Packets Received (Octets)................ 0
Total Oversize Packets Received................ 0
Packets RX and TX 64 Octets.................... 0
Packets RX and TX 65-127 Octets................ 0
Packets RX and TX 128-255 Octets............... 0
Packets RX and TX 256-511 Octets............... 0
Packets RX and TX 512-1023 Octets.............. 0
Packets RX and TX 1024-1518 Octets............. 0
Packets RX and TX 1519-1522 Octets............. 0
Packets RX and TX 1523-2047 Octets............. 0
Packets RX and TX 2048-4095 Octets............. 0
Packets RX and TX 4096-9216 Octets............. 0
Total Packets Received Without Errors.......... 0
Unicast Packets Received....................... 0
Multicast Packets Received..................... 0
Broadcast Packets Received..................... 0
Total Packets Received with MAC Errors......... 0
Jabbers Received............................... 0
Fragments/Undersize Received................... 0
Alignment Errors............................... 0
FCS Errors..................................... 0
Overruns....................................... 0
Total Packets Transmitted (Octets)............. 0
Total Packets Transmitted Successfully......... 0
Unicast Packets Transmitted.................... 0
Multicast Packets Transmitted.................. 0
Broadcast Packets Transmitted.................. 0
99
Total Transmit Errors.......................... 0
FCS Errors..................................... 0
Tx Oversized................................... 0
Underrun Errors................................ 0
Total Transmit Packets Discarded............... 0
Single Collision Frames........................ 0
Multiple Collision Frames...................... 0
Excessive Collision Frames..................... 0
Time Since Counters Last Cleared............... 0 day 9 hr 11 min 45 sec
100
3.1.33 show
logging
Syntax
show logging [ buffered | hosts | trap-logs ]
Purpose
To display logging parameters.
Options & Parameters
buffered
Displays buffered (in-memory) log entries.
hosts
Displays logging hosts.
trap-logs
Displays trap records.
Examples
Default:
(FS5CX420F1087012) # show logging
Logging Client Local Port
: 514
CLI Command Logging
Console Logging
: disabled
: disabled
Console Logging Severity Filter
: alert
Buffered Logging
: enabled
Syslog Logging
: disabled
Log Messages Received
: 272
Log Messages Dropped
:0
Log Messages Relayed
:0
Log Messages Ignored
:0
Buffered:
(FS5CX420F1087012) # show logging buffered
Buffered (In-Memory) Logging
: enabled
Buffered Logging Wrapping Behavior : On
Buffered Log Count
: 270
101
<13> Jun 5 19:12:19 0.0.0.0-1 TRAPMGR[282482864]: traputil.c(706) 145 %% Link U
p: Unit: 1 Slot: 6 Port: 2
<13> Jun 5 19:12:19 0.0.0.0-1 TRAPMGR[282482864]: traputil.c(706) 146 %% Link U
p: Unit: 1 Slot: 6 Port: 1
<13> Jun 5 19:12:19 0.0.0.0-1 TRAPMGR[282482864]: traputil.c(706) 147 %% Link U
p: Unit: 1 Slot: 6 Port: 3
[etcetera]
Hosts:
(FS5CX420F1087012) # show logging hosts
Logging Host List Empty
Trap Logs:
(FS5CX420F1087012) # show logging trap-logs
Number of Traps Since Last Reset............... 215
Trap Log Capacity.............................. 256
Number of Traps Since Log Last Viewed.......... 215
Log System Up Time
Trap
--- ------------------------ ------------------------------------------------0 0 days 00:30:03
Multiple Users: Unit: 1 Slot: 32 Port: 1
1 0 days 00:27:21
Spanning Tree Topology Change: 32, Unit: 1
2 0 days 00:27:20
Spanning Tree Topology Change: 31, Unit: 1
3 0 days 00:27:19
Spanning Tree Topology Change: 30, Unit: 1
4 0 days 00:27:19
Spanning Tree Topology Change: 29, Unit: 1
5 0 days 00:27:18
Spanning Tree Topology Change: 28, Unit: 1
[etcetera]
102
3.1.34 show
login-session
Syntax
show login-session
Purpose
To display information about the current login session.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # show login-session
ID
User Name
Connection From Idle Time
Session Time Session Type
-- --------------- --------------- ------------ ------------ -----------01 admin
10.10.20.141
00:00:00
103
00:32:22
Telnet
3.1.35 show
mgmt-ip
Syntax
show mgmt-ip { inband | service-port | sshd | telnetd }
Purpose
To display management interface configuration information.
Options & Parameters
inband
Displays configuration information for in-band connectivity.
service-port
Displays service port configuration information.
sshd
Displays IP secure shell (SSH) information.
telnetd
Displays telnet configuration information.
Notes
The sshd and telnetd options are available only in Enable Mode.
Examples
Inband:
(FS5CX420F1087012) # show mgmt-ip inband
IP Address..................................... 0.0.0.0
Subnet Mask.................................... 0.0.0.0
Default Gateway................................ 0.0.0.0
Burned In MAC Address.......................... 00:1A:F6:00:03:61
Locally Administered MAC Address............... 00:00:00:00:00:00
MAC Address Type............................... Burned In
Network Configuration Protocol Current......... None
Management VLAN ID............................. 1
Service-Port:
(FS5CX420F1087012) # show mgmt-ip service-port
IP Address..................................... 172.16.0.116
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 172.16.0.1
ServPort Configured Protocol Current........... DHCP
Burned In MAC Address.......................... 00:1A:F6:00:03:61
104
SSHD:
SSH Configuration
Administrative Mode: .......................... Disabled
Protocol Levels: .............................. Versions 1 and 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 5
SSH Timeout: .................................. 5
Telnetd:
(FS5CX420F1087012) # show mgmt-ip telnetd
Remote Connection Login Timeout (minutes)...... 5
Maximum Number of Remote Connection Sessions... 5
Allow New Telnet Sessions...................... Yes
105
3.1.36 show
monitor
Syntax
show monitor
Purpose
To display port mirror settings.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # show monitor
Monitor Port Source Port(Mode)
---------- ----------------------------1/11
1/2(rx), 1/5(tx), 1/6(rx), 1/7(both)
1/12
1/1(rx)
106
3.1.37 show
port
Syntax
show port { <slot/port> [ flow-control | rate-limit | stats [summary] | vlan ] | all }
Purpose
To display port mode, status and settings for all ports or for a specified port.
Options & Parameters
<slot/port>
Specifies a port for which to display information.
flow-control
Displays flow-control status for the specified port.
rate-limit
Displays rate-limit parameters for the specified port.
stats
Displays detailed Ethernet statistics for the specified port.
vlan
Displays VLAN configuration for the specified port.
all
Displays summary information for all ports.
Examples
all:
(FS5CX420F1087012) # show port all
Admin Physical Physical Link Link
Port Type
Mode
Mode
LACP
Status Status Trap
Flow
Mode
Mode
------ ------ ------- ---------- ---------- ------ ------- ------- ------1/1
Enable 10G Full 10G Full Up
Enable Enable Disable
1/2
Enable 10G Full 10G Full Up
Enable Enable Disable
1/3
Enable 10G Full 10G Full Up
Enable Enable Disable
1/4
Enable 10G Full 10G Full Up
Enable Enable Disable
1/5
Enable 10G Full
Down Enable Enable Disable
1/6
Enable 10G Full
Down Enable Enable Disable
1/7
Enable 10G Full
Down Enable Enable Disable
1/8
Enable 10G Full
Down Enable Enable Disable
1/9
Enable 10G Full
Down Enable Enable Disable
1/10
Enable 10G Full
Down Enable Enable Disable
1/11
Enable 10G Full
Down Enable Enable Disable
1/12
Enable 10G Full
Down Enable Enable Disable
1/13 LAG Mb Enable 10G Full
Down Enable Enable Disable
1/14 LAG Mb Enable 10G Full
Down Enable Enable Disable
107
1/15 LAG Mb Enable 10G Full
Down Enable Enable Disable
1/16 LAG Mb Enable 10G Full
Down Enable Enable Disable
1/17 LAG Mb Enable 10G Full
Down Enable Enable Disable
1/18 LAG Mb Enable 10G Full
Down Enable Enable Disable
1/19 LAG Mb Enable 10G Full 10G Full Up
Enable Disable Disable
1/20 LAG Mb Enable 10G Full 10G Full Up
Enable Disable Disable
1/21 LAG Mb Enable 10G Full 10G Full Up
Enable Disable Disable
1/22 LAG Mb Enable 10G Full 10G Full Up
Enable Disable Disable
1/23 LAG Mb Enable 10G Full 10G Full Up
Enable Disable Disable
1/24 LAG Mb Enable 10G Full 10G Full Up
Enable Disable Disable
LAG 1
Enable
Down Enable N/A
LAG 2
Enable
Up
Enable N/A
N/A
N/A
flow control:
(FS5CX420F1087012) # show port 1/1 flow-control
802.3x Flow Control Mode....................... Disable
rate-limit:
(FS5CX420F1087012) # show port 1/1 rate-limit
Rate Limit Priority : None
stats:
(FS5CX420F1087012) # show port 1/1 stats
Total Packets Received (Octets)................ 0
Packets Received > 1522 Octets................. 0
Packets RX and TX 64 Octets.................... 0
Packets RX and TX 65-127 Octets................ 0
Packets RX and TX 128-255 Octets............... 0
Packets RX and TX 256-511 Octets............... 0
Packets RX and TX 512-1023 Octets.............. 0
Packets RX and TX 1024-1518 Octets............. 0
Packets RX and TX 1519-1522 Octets............. 0
Packets RX and TX 1523-2047 Octets............. 0
Packets RX and TX 2048-4095 Octets............. 0
108
Packets RX and TX 4096-9216 Octets............. 0
Total Packets Received Without Errors.......... 0
Unicast Packets Received....................... 0
Multicast Packets Received..................... 0
Broadcast Packets Received..................... 0
Total Packets Received with MAC Errors......... 0
Jabbers Received............................... 0
Fragments/Undersize Received................... 0
Alignment Errors............................... 0
FCS Errors..................................... 0
Overruns....................................... 0
Total Received Packets Not Forwarded........... 0
Local Traffic Frames........................... 0
802.3x Pause Frames Received................... 0
Unacceptable Frame Type........................ 0
Multicast Tree Viable Discards................. 0
Reserved Address Discards...................... 0
Broadcast Storm Recovery....................... 0
CFI Discards................................... 0
Upstream Threshold............................. 0
Total Packets Transmitted (Octets)............. 0
Max Frame Size................................. 1518
Total Packets Transmitted Successfully......... 0
Unicast Packets Transmitted.................... 0
Multicast Packets Transmitted.................. 0
Broadcast Packets Transmitted.................. 0
Total Transmit Errors.......................... 0
FCS Errors..................................... 0
Tx Oversized................................... 0
Underrun Errors................................ 0
109
Total Transmit Packets Discarded............... 0
Single Collision Frames........................ 0
Multiple Collision Frames...................... 0
Excessive Collision Frames..................... 0
Port Membership Discards....................... 0
802.3x Pause Frames Transmitted................ 0
GVRP PDUs received............................. 0
GVRP PDUs Transmitted.......................... 0
GVRP Failed Registrations...................... 0
GMRP PDUs Received............................. 0
GMRP PDUs Transmitted.......................... 0
GMRP Failed Registrations...................... 0
STP BPDUs Transmitted.......................... 0
STP BPDUs Received............................. 0
RSTP BPDUs Transmitted......................... 0
RSTP BPDUs Received............................ 0
MSTP BPDUs Transmitted......................... 0
MSTP BPDUs Received............................ 0
EAPOL Frames Transmitted....................... 0
EAPOL Start Frames Received.................... 0
Time Since Counters Last Cleared............... 0 day 0 hr 59 min 0 sec
stats:
(FS5CX420F1087012) # show port 1/12 vlan
Port
Port
Acceptable
Default
VLAN ID Frame Types GVRP Priority
--------- ------- ------------ ------- -------1/12
1
Admit All
Enable
0
110
3.1.38 show
radius
Syntax
show radius [ accounting [ statistics <ip_address> ] | servers | statistics [ip_address] ]
Purpose
To display Remote Authentication Dial In User Service (RADIUS) configuration information for the
switch or for configured RADIUS servers.
Defaults
Shows summary RADIUS information for the switch.
Options & Parameters
accounting [ statistics
<ip_address> ]
Displays the configured RADIUS accounting mode and
server. The statistics option shows statistics for the
configured RADIUS accounting server.
servers
Displays overview information about the configured RADIUS
server(s).
statistics [ip_address]
Displays statistics for the configured RADIUS server.
Examples
default:
(FS5CX420F1087012) # show radius
Current Server IP Address...................... N/A
Number of Configured Servers................... 0
Number of Retransmits.......................... 4
Timeout Duration............................... 5
RADIUS Accounting Mode......................... Disable
accounting:
(FS5CX420F1087012) # show radius accounting
RADIUS Accounting Mode......................... Disable
IP Address.....................................
Port........................................... N/A
Secret Configured.............................. N/A
servers:
(FS5CX420F1087012) # show radius servers
111
No RADIUS servers configured.
statistics:
(FS5CX420F1087012) # show radius statistics 192.168.1.203
Server IP Address.............................. 192.168.1.203
Round Trip Time................................ 0.00
Access Requests................................ 0
Access Retransmissions......................... 0
Access Accepts................................. 0
Access Rejects................................. 0
Access Challenges.............................. 0
Malformed Access Responses..................... 0
Bad Authenticators............................. 0
Pending Requests............................... 0
Timeouts....................................... 0
Unknown Types.................................. 0
Packets Dropped................................ 0
112
3.1.39 show
running-config
Syntax
show running-config [all]
Purpose
To display running configuration information for the switch.
Defaults
Displays the elements of the running configuration that differ from the default settings.
Options & Parameters
all
Displays the complete details of the configuration currently
running on the switch.
Example
(FS5CX420F1087012) # show running-config
!Current Configuration:
!
!System Description "FortiSwitch Ethernet Fabric Switch (FortiSwitch-500)"
!System Description v4.0,build0202,091015
!
no paging
configure
prompt "FortiSwitch-500-102-L2"
mgmt-ip telnetd timeout 160
mgmt-ip service-port ip 172.18.22.102 255.255.252.0 172.18.20.1
vlan
exit
logging host 172.18.22.9 port 514 debug
logging syslog
snmp-trap "public" 172.18.22.9
users password admin
bm93Zm1=
!Required for passwd
113
!Required for passwd
ipfix collector 172.18.22.9 port 2055 all
serial timeout 160
spanning-tree configuration name "FortiSwitch"
snmpd community "public"
snmpd community mode "public"
no fabric-control spine mode
fabric-control spine svlan 6
fabric-control svlan-id 1001 1024
port 1/1
no spanning-tree port-mode
mtu 10232
exit
port 1/2
no spanning-tree port-mode
mtu 10232
exit
[etc.]
114
3.1.40 show
serial
Syntax
show serial
Purpose
To display EIA-232 parameters and serial port inactivity timeout.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) #show serial
Serial Port Login Timeout (minutes)............ 5
Baud Rate (bps)................................ 115200
Character Size (bits).......................... 8
Flow Control................................... Disable
Stop Bits...................................... 1
Parity......................................... none
115
3.1.41 show
snmpd
Syntax
show snmpd { snmp-community | trap-flags }
Purpose
To display Simple Network Management Protocol (SNMP) community and trap flag details.
Options & Parameters
snmp-community
Displays SNMP community entries.
trap-flags
Displays the trap flag settings of the switch. An “enable”
setting causes the switch to generate the associated trap.
Examples
snmp-community:
(FS5CX420F1087012) # show snmpd snmp-community
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ----------------- ----------- -------bigmuddy
tula
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Read Only Enable
Read/Write Enable
trap-flags:
(FS5CX420F1087012) # show snmpd trap-flags
Authentication Flag............................ Enable
Link Up/Down Flag.............................. Enable
Multiple Users Flag............................ Enable
Spanning Tree Flag............................. Enable
Broadcast Storm Flag........................... Enable
116
3.1.42 show
snmp-trap
Syntax
show snmp-trap
Purpose
To display Simple Network Management Protocol (SNMP) trap entries.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # show snmp-trap
SNMP Trap Status: Enabled
SNMP Trap Name
IP Address
SNMP Version
------------------- ----------------- -------------- -------gomer
192.168.1.206
snmpv2
Enable
gomer
192.168.2.205
snmpv2
Enable
pyle
192.168.1.206
snmpv2
Enable
pyle
192.168.2.205
snmpv2
Enable
117
Status
3.1.43 show
sntp
Syntax
show sntp [ client | server ]
Purpose
To display Simple Network Time Protocol (SNTP) settings.
Defaults
Displays SNTP last SNTP update time and other status details.
Options & Parameters
client
Displays SNTP client settings.
server
Displays SNTP server settings and lists configured servers.
Examples
default:
(FS5CX420F1087012) # show sntp
Last Update Time:
Jan 1 00:00:00 1970
Last Unicast Attempt Time:
Jan 1 00:00:00 1970
Last Attempt Status:
Other
Broadcast Count:
0
client:
(FS5CX420F1087012) # show sntp client
Client Supported Modes:
unicast broadcast
SNTP Version:
Port:
4
123
Client Mode:
unicast
Unicast Poll Interval:
6
Poll Timeout (seconds):
Poll Retry:
5
1
server:
(FS5CX420F1087012) # show sntp server
Server IP Address:
172.18.0.8
118
Server Type:
Server Stratum:
ipv4
2
Server Reference Id:
Server Mode:
NTP Srv: 209.132.176.4
Server
Server Maximum Entries:
Server Current Entries:
3
2
SNTP Servers
-----------IP Address: 172.18.0.8
Address Type: IPV4
Priority: 1
Version: 4
Port: 123
Last Update Time: Dec 2 22:49:37 2008
Last Attempt Time: Dec 1 23:34:39 2008
Last Update Status: Success
Total Unicast Requests: 1
Failed Unicast Requests: 0
IP Address: 69.25.96.13
Address Type: IPV4
Priority: 1
Version: 4
Port: 123
Last Attempt Time: Jan 1 00:00:00 1970
Last Update Status: Other
Total Unicast Requests: 0
Failed Unicast Requests: 0
119
3.1.44 show
spanning-tree
Syntax
show spanning-tree [ brief | lag <lag_ID> | mst { summary | { <0-4094> { detailed | lag
{ <lag_ID> { detailed | summary } | all summary } | port { all summary | <slot/port> { detailed |
summary } } } } } | port <slot/port> | summary | vlan <vlan_ID> ]
Purpose
To display spanning tree information.
Defaults
Displays Spanning Tree Protocol (STP) settings for the chassis as a whole.
Options & Parameters
brief
Displays settings for the common and internal spanning tree.
(See page 122)
lag
Displays spanning tree information for a specified LAG. (See
page 123)
mst
Displays overview information for a specified Multiple
Spanning Tree (MST) instance. (See page 124)
mst summary
Displays information for all MST instances. (See page 132)
mst <0-64> detailed
Displays detailed information for a specified MST instance.
(See page 126)
mst <0-64> port
Displays spanning tree settings for an MST instance on a
per-port basis. (See page 129)
port
Displays spanning tree values on a per-port basis. (See
page 133)
summary
Displays spanning tree settings and lists MST instances.
(See page 134)
vlan
Displays spanning tree settings for a specified VLAN. (See
page 135)
Notes
Because of the complexity of this command’s options, it is broken up here into multiple sections.
120
Example
default:
(FS5CX420F1087012) #show spanning-tree
Bridge Priority................................ 32768
Bridge Identifier.............................. 80:00:00:1A:F6:00:03:DE
Time Since Topology Change..................... 0 day 0 hr 14 min 39 sec
Topology Change Count.......................... 16
Topology Change in progress.................... FALSE
Designated Root................................ 80:00:00:1A:F6:00:03:D4
Root Path Cost................................. 0
Root Port Identifier........................... 80:13
Bridge Max Age................................. 20
Bridge Max Hops................................ 20
Bridge Forwarding Delay........................ 15
Hello Time..................................... 2
Bridge Hold Time............................... 3
CST Regional Root.............................. 80:00:00:1A:F6:00:03:D4
Regional Root Path Cost........................ 2000
Associated FIDs
---------------
Associated VLANs
----------------
1
1
10
10
20
20
1000
1000
2000
2000
121
3.1.45 show
spanning-tree brief
Syntax
show spanning-tree brief
Purpose
To display settings for the common and internal spanning tree.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) #show spanning-tree brief
Bridge Priority................................ 32768
Bridge Identifier.............................. 80:00:00:15:ED:00:02:00
Bridge Max Age................................. 20
Bridge Max Hops................................ 20
Bridge Hello Time.............................. 2
Bridge Forward Delay........................... 15
Bridge Hold Time............................... 3
122
3.1.46 show
spanning-tree lag
Syntax
show spanning-tree lag <lag_ID>
Purpose
To display spanning tree settings for a LAG.
Options & Parameters
<lag_ID>
Specifies a LAG for which to display information.
Example
(FS5CX420F1087012) # show spanning-tree lag 1
Hello Time..................................... 2
Port Mode...................................... Enabled
Port Vscale Mode............................... Edge
Port Up Time Since Counters Last Cleared....... 0 day 10 hr 11 min 47 sec
STP BPDUs Transmitted.......................... 0
STP BPDUs Received............................. 0
RSTP BPDUs Transmitted......................... 0
RSTP BPDUs Received............................ 0
MSTP BPDUs Transmitted......................... 43
MSTP BPDUs Received............................ 61
123
3.1.47 show
spanning-tree mst
Syntax
show spanning-tree mst { summary | { <0-64> [ detailed | lag { all summary | <lag_ID>
{ detailed | summary } } ] } | port { all summary | <slot/port> { detailed | summary } } } } }
Default
Shows overview information for the specified MST instance.
Purpose
To display the settings for a multiple spanning tree (MST) instance, or for one or all of the switch
ports within that instance.
Options & Parameters
summary
When entered without specifying an MST instance, summary
displays summary information for all MST IDs. (See page
132)
<0-64>
Specifies a multiple spanning tree (MST) instance. Enter an
MST identifier to show information for a specific MST
instance by selecting the detailed option, or for a switch port
or LAG within that instance by specifying the port or LAG.
<0-64> detailed
Displays detailed information for the specified MST instance.
(See page 126)
<0-64> lag
Displays LAG-specific information; requires additional
options. (See page 127)
<0-64> port
Displays port-specific information; requires additional options.
(See page 129)
Example
See sections below for additional examples.
default:
(FS5CX420F1087012) # show spanning-tree mst 0
Designated Root................................ 80:00:00:1A:F6:00:09:3E
Root Path Cost................................. 0
Designated Bridge.............................. 80:00:00:1A:F6:00:09:3E
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------1/1
Disabled
Manual forwarding Disabled
124
1/2
Disabled
Manual forwarding Disabled
1/3
Disabled
Manual forwarding Disabled
1/4
Disabled
Manual forwarding Disabled
1/13
Enabled LAG Mb Manual forwarding Disabled
1/14
Enabled LAG Mb Manual forwarding Disabled
1/15
Enabled LAG Mb Manual forwarding Disabled
1/16
Enabled LAG Mb Manual forwarding Disabled
1/17
Enabled LAG Mb Manual forwarding Disabled
1/18
Enabled LAG Mb Manual forwarding Disabled
1/19
Enabled LAG Mb Manual forwarding Disabled
1/20
Enabled LAG Mb Manual forwarding Disabled
1/21
Enabled LAG Mb Manual forwarding Disabled
1/22
Enabled LAG Mb Manual forwarding Disabled
1/23
Enabled LAG Mb Manual forwarding Disabled
1/24
Enabled LAG Mb Manual forwarding Disabled
LAG 1
Enabled
Forwarding
Root
LAG 2
Enabled
Forwarding
Designated
125
3.1.48 show
spanning-tree mst detailed
Syntax
show spanning-tree mst <0-64> detailed
Purpose
To display information for a specified multiple spanning tree (MST) instance.
Options & Parameters
<0-64>
Specifies a multiple spanning tree (MST) instance.
Example
(FS5CX420F1087012) # show spanning-tree mst 1 detailed
MST Instance ID................................ 1
MST Bridge Priority............................ 32768
MST Bridge Identifier.......................... 80:01:00:1A:F6:00:03:61
Time Since Topology Change..................... 0 day 0 hr 47 min 14 sec
Topology Change Count.......................... 2
Topology Change in progress.................... FALSE
Designated Root................................ 80:01:00:1A:F6:00:03:61
Root Path Cost................................. 0
Root Port Identifier........................... 00:00
No FIDs or VLANs associated with this instance.
126
3.1.49 show
spanning-tree mst lag
Syntax
show spanning-tree mst <0-64> lag { all summary | <lag_ID> { detailed | summary } }
Purpose
To display the settings for one or all of the LAGs within a specified multiple spanning tree (MST)
instance.
Options & Parameters
<0-64>
Specifies a multiple spanning tree (MST) instance.
all summary
Displays LAG settings for all LAGs in the specified MST
instance.
<lag_ID> detailed
Displays detailed LAG settings for the specified LAG in the
specified MST instance.
< lag_ID> summary
Displays summary LAG settings for the specified LAG in the
specified MST instance.
Examples
all summary:
(FS5CX420F1087012) # show spanning-tree mst 1 lag all summary
STP
Port
Mode Type
STP
Port
State
Role
--------- -------- ------- ----------------- ---------LAG 1
Enabled
Discarding
Designated
LAG 2
Enabled
Forwarding
Root
LAG 3
Enabled
Discarding
Designated
detailed:
(FS5CX420F1087012) # show spanning-tree mst 1 lag 1 detailed
MST Instance ID................................ 1
Port Identifier................................ 80:92
Port Priority.................................. 128
Port Forwarding State.......................... Discarding
Port Role...................................... Alternate
Auto-calculate Port Path Cost.................. Enabled
127
Port Path Cost................................. 10000
Designated Root................................ 00:01:00:1A:F6:00:03:D4
Designated Port Cost........................... 0
Designated Bridge.............................. 00:01:00:1A:F6:00:03:D4
Designated Port Identifier..................... 00:92
summary:
(FS5CX420F1087012) # show spanning-tree mst 1 lag 1 summary
MST Instance ID................................ 1
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------LAG 1
Enabled
Discarding
Alternate
128
3.1.50 show
spanning-tree mst port
Syntax
show spanning-tree mst <0-64> port { all summary | <slot/port> { detailed | summary } }
Purpose
To display the settings for one or all of the switch ports within a specified multiple spanning tree
(MST) instance.
Options & Parameters
<0-64>
Specifies a multiple spanning tree (MST) instance.
all summary
Displays port settings for all ports in the specified MST
instance.
<slot/port> detailed
Displays detailed port settings for the specified port in the
specified MST instance.
<slot/port> summary
Displays summary port settings for the specified port in the
specified MST instance.
Examples
all summary:
(FS5CX420F1087012) # show spanning-tree mst 1 port all summary
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------1/1
Disabled
Manual forwarding Disabled
1/2
Disabled
Manual forwarding Disabled
1/3
Disabled
Manual forwarding Disabled
1/4
Disabled
Manual forwarding Disabled
1/5
Disabled
Disabled
Disabled
1/6
Disabled
Disabled
Disabled
1/7
Disabled
Disabled
Disabled
1/8
Disabled
Disabled
Disabled
1/9
Disabled
Disabled
Disabled
1/10
Disabled
Disabled
Disabled
1/11
Disabled
Disabled
Disabled
1/12
Disabled
Disabled
Disabled
1/13
Enabled LAG Mb Manual forwarding Disabled
129
1/14
Enabled LAG Mb Manual forwarding Disabled
1/15
Enabled LAG Mb Manual forwarding Disabled
1/16
Enabled LAG Mb Manual forwarding Disabled
1/17
Enabled LAG Mb Manual forwarding Disabled
1/18
Enabled LAG Mb Manual forwarding Disabled
1/19
Enabled LAG Mb Manual forwarding Disabled
1/20
Enabled LAG Mb Manual forwarding Disabled
1/21
Enabled LAG Mb Manual forwarding Disabled
1/22
Enabled LAG Mb Manual forwarding Disabled
1/23
Enabled LAG Mb Manual forwarding Disabled
1/24
Enabled LAG Mb Manual forwarding Disabled
LAG 1
Enabled
Forwarding
Root
LAG 2
Enabled
Forwarding
Designated
detailed:
(FS5CX420F1087012) # show spanning-tree mst 1 port 1/2 detailed
MST Instance ID................................ 1
Port Identifier................................ 80:26
Port Priority.................................. 128
Port Forwarding State.......................... Disabled
Port Role...................................... Disabled
Auto-calculate Port Path Cost.................. Enabled
Port Path Cost................................. 0
Designated Root................................ 80:01:00:1A:F6:00:03:61
Designated Port Cost........................... 0
Designated Bridge.............................. 80:01:00:1A:F6:00:03:61
Designated Port Identifier..................... 00:00
130
summary:
(FS5CX420F1087012) # show spanning-tree mst 1 port 1/2 summary
MST Instance ID................................ 1
STP
Port
Mode Type
STP
State
Port
Role
--------- -------- ------- ----------------- ---------1/2
Enabled PC Mbr Disabled
Disabled
131
3.1.51 show
spanning-tree mst summary
Syntax
show spanning-tree mst summary
Purpose
To display summary information for all multiple spanning tree (MST) instances.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) # show spanning-tree mst summary
MST Instance ID................................ 1
No FIDs or VLANs associated with this instance.
MST Instance ID................................ 2
No FIDs or VLANs associated with this instance.
MST Instance ID................................ 3
No FIDs or VLANs associated with this instance.
[...]
MST Instance ID................................ 31
No FIDs or VLANs associated with this instance.
MST Instance ID................................ 32
No FIDs or VLANs associated with this instance.
132
3.1.52 show
spanning-tree port
Syntax
show spanning-tree port <slot/port>
Purpose
To display spanning tree values on a per port basis.
Options & Parameters
<slot/port>
Specifies the port for which to show spanning tree values.
Example
(FS5CX420F1087012) # show spanning-tree port 1/1
Hello Time..................................... 2
Port Mode...................................... Enabled
Port Up Time Since Counters Last Cleared....... 0 day 1 hr 34 min 30 sec
STP BPDUs Transmitted.......................... 0
STP BPDUs Received............................. 0
RSTP BPDUs Transmitted......................... 0
RSTP BPDUs Received............................ 0
MSTP BPDUs Transmitted......................... 2
MSTP BPDUs Received............................ 2829
133
3.1.53 show
spanning-tree summary
Syntax
show spanning-tree summary
Purpose
To display summary of spanning tree settings.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) # show spanning-tree summary
Spanning Tree Adminmode........... Enabled
Spanning Tree Version............. IEEE 802.1s
Configuration Name................ ****
Configuration Revision Level...... ****
Configuration Digest Key.......... ****
Configuration Format Selector..... 0
MST Instances..................... 1,2,3,4,5,6,7,8
,9,10,11,12,13,14,15,16
,17,18,19,20,21,22,23,24
,25,26,27,28,29,30,31,32
,33,34,35,36,37,38,39,40
,41,42,43,44,45,46,47,48
,49,50,51,52,53,54,55,56
,57,58,59,60,61,62,63,64
134
3.1.54 show
spanning-tree vlan
Syntax
show spanning-tree vlan <1-4094>
Purpose
To display the type of spanning-tree associated with a specified VLAN.
Options & Parameters
<1-4094>
Specifies a valid VLAN identifier.
Example
(FS5CX420F1087012) # show spanning-tree vlan 500
VLAN Identifier................................ 500
Associated Instance............................ CST
135
3.1.55 show
startup-config
Syntax
show startup-config
Purpose
To display the configuration details saved in the startup configuration file.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) # show startup-config
!Current Configuration:
!
!System Description "FortiSwitch Ethernet Fabric Switch (FortiSwitch-500)"
!System Description v4.0,build0202,091015
!
no paging
configure
prompt "FortiSwitch-500-102-L2"
mgmt-ip telnetd timeout 160
mgmt-ip service-port ip 172.18.22.102 255.255.252.0 172.18.20.1
vlan
exit
logging host 172.18.22.9 port 514 debug
logging syslog
snmp-trap "public" 172.18.22.9
users password admin
bm93Zm1=
!Required for passwd
!Required for passwd
ipfix collector 172.18.22.9 port 2055 all
serial timeout 160
[etc.]
136
3.1.56 show
system
Syntax
show system { cardtypes-supported | io-card [1-6] | fan [1-4] | info | | mibs-supported |
power-supply [1-2] | status | version }
Purpose
To display chassis components and system information.
Options & Parameters
cardtypes-supported
Displays the card type(s) supported by the system. (See
page 49)
io-card [1-6]
Displays the status and details of all IO cards or of a
specified individual IO card. (See page 50)
fan [1-7]
Displays the status of all the fan units or a specified fan unit.
(See page 52)
info
Displays overall chassis information. (See page 53)
mibs-supported
Displays the list of supported Management Information Bases
(MIBs). (See page 54)
power-supply [1-2]
Displays the state and status of all power supply units or of a
specified power supply unit. (See page 54)
status
Displays the status of the components in the chassis. (See
page 57)
version [detailed]
Displays the version details of the chassis as a whole. (See
page 58)
Examples
See below for examples.
137
3.1.57 show
system cardtypes-supported
Syntax
show system cardtypes-supported
Purpose
To display the card type(s) supported by the system.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show system cardtypes-supported
CID
Card Description
--- -------------------------------8 10GE 24-Port Card
10 Power CX4 10GE 4-Port Card
11 SFP+ 10GE 4-Port Card
138
3.1.58 show
system io-card
Syntax
show system io-card [1-6]
Purpose
To display the status and details of all IO cards or of a specified individual IO card.
Defaults
Shows status and basic information for all IO cards.
Options & Parameters
[1-6]
Specifies an individual IO card. If none is specified,
command shows status and basic information for all IO cards.
Example
Default:
(FS5CX420F1087012) > show system io-card
Power
Slot
Status
Order Number /
State
Powered
Card Description
Up
----- ----------- ------- -------------------------------- ------1
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
2
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
3
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
4
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
5
Operational Enable WV-10G4-SFP+
Yes
SFP+ 10GE 4-Port Card
6
Operational Enable WV-10G4-SFP+
SFP+ 10GE 4-Port Card
For a specified io card:
(FS5CX420F1087012) > show system io-card 3
Slot.............................. 3
Slot Status....................... Operational
Power State....................... Enable
139
Yes
Inserted Card:
Order Number................... WV-10G4-SFP+
Card Description............... SFP+ 10GE 4-Port Card
Manufacturer................... Fortinet
Slot Revision.................. 2
Chassis Serial Number.......... 0860001
140
3.1.59 show
system fan
Syntax
show system fan [1-7]
Purpose
To display the status of all the fan units or a specified fan unit.
Defaults
Shows status of all fan units.
Options & Parameters
[1-7]
Specifies an individual fan unit. If none is specified, command shows status of all
fan units.
Notes
To display fan speed, specify an individual fan unit.
Examples
default:
(FS5CX420F1087012) > show system fan
Air Flow Direction
Ports to Fans
Fan Unit
State
Fan Unit 1 - Operational
Fan Unit 2 - Operational
Fan Unit 3 - Operational
Fan Unit 4 - Operational
Fan Unit 5 - Operational
Fan Unit 6 - Operational
Fan Unit 7 - Operational
for a specific fan:
(FS5CX420F1087012) > show system fan 1
Fan Unit 1:
Operational
Controller:
3
Speed:
11760 RPM 11040 RPM
141
3.1.60 show
system info
Syntax
show system info
Purpose
To display overall chassis information.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show system info
System Description........................ FortiSwitch Ethernet Fabric Switch
System Name...............................
System Location...........................
System Contact............................
System Object ID.......................... 1.3.6.1.4.1.26390.5
System Up Time............................ 1 days 8 hrs 48 mins 2 secs
System Time............................... Fri Apr 10 23:04:03 2009
142
3.1.61 show
system mibs-supported
Syntax
show system mibs-supported
Purpose
To display the list of supported MIBs.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) > show system mibs-supported
MIBs Supported:
RFC 1907 - SNMPv2-MIB
The MIB module for SNMPv2 entities
RFC 2819 - RMON-MIB
Remote Network Monitoring Management
Information Base
WOVEN-REF-MIB
Reference MIB
SNMP-COMMUNITY-MIB
This MIB module defines objects to help
support coexistence between SNMPv1, SNMPv2,
and SNMPv3.
SNMP-FRAMEWORK-MIB
SNMP-MPD-MIB
The SNMP Management Architecture MIB
The MIB for Message Processing and
Dispatching
SNMP-NOTIFICATION-MIB
SNMP-TARGET-MIB
The Notification MIB Module
The Target MIB Module
SNMP-USER-BASED-SM-MIB
The management information definitions for
the SNMP User-based Security Model.
SNMP-VIEW-BASED-ACM-MIB
The management information definitions for
the View-based Access Control Model for SNMP.
USM-TARGET-TAG-MIB
SNMP Research, Inc.
WOVEN-POWER-ETHERNET-MIB
FortiSwitch Power Ethernet Extensions MIB
POWER-ETHERNET-MIB
LAG-MIB
Power Ethernet MIB
The Link Aggregation module for managing
IEEE 802.3ad
RFC 1213 - RFC1213-MIB
Management Information Base for Network
Management of TCP/IP-based internets: MIB-II
RFC 1493 - BRIDGE-MIB
Definitions of Managed Objects for Bridges
(dot1d)
RFC 2674 - P-BRIDGE-MIB
The Bridge MIB Extension module for managing
143
Priority and Multicast Filtering, defined by
IEEE 802.1D-1998.
RFC 2674 - Q-BRIDGE-MIB
The VLAN Bridge MIB module for managing
Virtual Bridged Local Area Networks
RFC 2737 - ENTITY-MIB
RFC 2863 - IF-MIB
Entity MIB (Version 2)
The Interfaces Group MIB using SMIv2
RFC 3635 - Etherlike-MIB
Definitions of Managed Objects for the
Ethernet-like Interface Types
FASTPATH-SWITCHING-MIB
FASTPATH Switching - Layer 2
FASTPATH-INVENTORY-MIB
Unit and Slot configuration.
FASTPATH-PORTSECURITY-PRIVATE-MIB Port Security MIB.
IEEE8021-PAE-MIB
Port Access Entity module for managing IEEE
802.1X.
FASTPATH-RADIUS-AUTH-CLIENT-MIB
RADIUS-ACC-CLIENT-MIB
FastPath Radius MIB
RADIUS Accounting Client MIB
RADIUS-AUTH-CLIENT-MIB
RADIUS Authentication Client MIB
TACACS-AUTH-CLIENT-MIB
TACACS+ Authentication Client MIB
FASTPATH-MGMT-SECURITY-MIB
The Private MIB for FastPath Mgmt
Security
FASTPATH-QOS-MIB
FASTPATH-QOS-ACL-MIB
FASTPATH Flex QOS Support
FASTPATH Flex QOS ACL
144
3.1.62 show
system power-supply
Syntax
show system power-supply [1-2]
Purpose
To display the state and status of all power supply units or of a specified power supply unit.
Defaults
Shows information for all power supply units.
Options & Parameters
[1-2]
Specifies an individual power supply unit. If none is
specified, command shows status of all power supply units.
Examples
(FS5CX420F1087012) > show system power-supply
Power Supply Unit
State
Power Supply Unit 1 - Not Present
Power Supply Unit 2 - Operational
(FS5CX420F1087012) > show system power-supply 2
Power Supply Unit 2: Operational
Manufacturer: ASTEC
Module: G056
Revision: R03
Serial Number: 0000121
145
3.1.63 show
system status
Syntax
show system status
Purpose
To display the status of the components in the chassis.
Options & Parameters
This command has no additional options or parameters.
Example
(FS5CX420F1087012) > show system status
Fan Unit 1: ....... Operational
Fan Unit 2: ....... Operational
Fan Unit 3: ....... Operational
Fan Unit 4: ....... Operational
Fan Unit 5: ....... Operational
Fan Unit 6: ....... Operational
Fan Unit 7: ....... Operational
Power Supply 1: ... Not Present
Power Supply 2: ... Operational
146
3.1.64 show
system version
Syntax
show system version [ detailed ]
Purpose
To display the version details of the chassis as a whole.
Default
Displays basic information for the chassis.
Options & Parameters
detailed
Displays detailed version information for the chassis as a
whole.
Example
default:
(FS5CX420F1087012) > show system version
Switch: 1
System Description............................. FortiSwitch Ethernet Fabric Switch
Machine Model.................................. FortiSwitch-500
Chassis Serial Number.......................... 0855004
Model Part Number.............................. 800-90003-20
HW Version..................................... 20-F
Software Order Code............................ WV-500-WFOS
Manufacturer................................... Fortinet
Burned In MAC Address.......................... 00:1A:F6:00:0D:7E
Software Release Version....................... 2.0.1
detailed:
(FS5CX420F1087012) > show system version detailed
Switch: 1
System Description............................. FortiSwitch Ethernet Fabric Switch
Machine Model.................................. FortiSwitch-500
Chassis Serial Number.......................... 0855004
FRU Number..................................... N/A
Model Part Number.............................. 800-90003-20
HW Version..................................... 20-F
147
Software Order Code............................ WV-500-WFOS
Manufacturer................................... Fortinet
Burned In MAC Address.......................... 00:1A:F6:00:0D:7E
Additional Packages............................ None
Software Revision.............................. 5625
Architecture................................... powerpc
Software Release Version....................... v4.0,build0202,091015
Bootloader (Default)........................... DefaultBlock, v2.1, build #26M
Bootloader (Latest)............................ MainBlock v2.1, build #26M (Feb 9 2009 - 17:32:37) ***
FortiSwitch-500 ***
148
3.1.65 show
task
Syntax
show task sleep-average
Purpose
To display the sleep average information for the switch.
Options & Parameters
On the FortiSwitch-500, the show task command has a single, required option (sleep-average).
Example
(FS5CX420F1087012) # show task sleep-average
Task ID
Task Name
-------
---------
1030
sshd
1029
hapiLinkStatusTask
1028
sshdEvTask
1027
ssltTask
Number of voluntary context switches
-----------------------------------134238
14686
14
12
[...]
967
bcmCNTR.0
966
bcmL2X.0
964
_interrupt_thread
963
bcmDPC
5573561
8001267
96745775
1
62 tasks currently active in the system.
149
3.1.66 show
telnet
Syntax
show telnet
Purpose
To display outbound telnet configuration information.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) > show telnet
Outbound Telnet Login Timeout (minutes)........ 5
Maximum Number of Outbound Telnet Sessions..... 5
Allow New Outbound Telnet Sessions............. Yes
150
3.1.67 show
users
Syntax
show users [authentication]
Purpose
To display account and authentication information for system users.
Defaults
Displays general user account information.
Options & Parameters
Displays all users with assigned authentication login lists and
the lists assigned to them.
authentication
Examples
default:
(FS5CX420F1087012) # show users
SNMPv3
SNMPv3
SNMPv3
User Name User Access Mode Access Mode Authentication Encryption
---------- ---------------- ----------- -------------- ---------admin
Read/Write
Read/Write None
None
guest
Read Only
Read Only
None
None
authentication:
(FS5CX420F1087012) # show users authentication
Authentication Login Lists
User
----------
System Login
----------------
802.1x
-------------
admin
defaultList
defaultList
guest
defaultList
defaultList
default
defaultList
defaultList
151
3.1.68 show
vlan
Syntax
show vlan { <1-4094> | brief }
Purpose
To display information about a specific VLAN or a list of all configured VLANS.
Options & Parameters
<1-4094>
Displays detailed information about the specified VLAN.
brief
Displays all configured VLANS, their names and types.
Examples
specific VLAN:
(FS5CX420F1087012) # show vlan 1
VLAN ID: 1
VLAN Name: Default
VLAN Type: Default
Interface Current Configured Tagging
---------- -------- ----------- -------1/1
Include Include
Untagged Untagged
1/2
Include Include
Untagged Untagged
1/3
Include Include
Untagged Untagged
1/4
Include Include
Untagged Untagged
1/5
Include Include
Untagged Untagged
1/6
Include Include
Untagged Untagged
1/7
Include Include
Untagged Untagged
1/8
Include Include
Untagged Untagged
1/9
Include Include
Untagged Untagged
1/10
Include Include
Untagged Untagged
1/11
Include Include
Untagged Untagged
1/12
Include Include
Untagged Untagged
LAG 1
Include Include
Untagged Untagged
LAG 2
Include Include
Untagged Untagged
brief:
152
(FS5CX420F1087012) # show vlan brief
VLAN ID VLAN Name
VLAN Type
------- -------------------------------- --------1
Default
Default
153
3.1.69 sleep
Syntax
sleep <1-600>
Purpose
To pause the CLI for a specified number of seconds. Mainly used for troubleshooting using CLI
scripts.
Options & Parameters
<1-600>
Specifies the number of seconds.
Notes
It is sometimes useful to insert a sleep statement between two commands in a CLI script to allow
the previous command some time to conclude before executing the next command.
This command has no effect on other running processes; its only effect is to pause the CLI
process and prevent further command execution for the specified number of seconds.
Example
(FS5CX420F1087012) # sleep 30
154
3.1.70 tech-support
save-info
Syntax
tech-support save-info
Purpose
To save system status information for use by Fortinet technical support.
Options & Parameters
This command has no additional options or parameters.
Notes
This command creates a file which captures system and configuration status information to assist
Fortinet technical support in diagnosing and troubleshooting issues with the switch. Once the file
is created, retrieve it using FTP or TFTP and send it to Fortinet technical support.
Example
(FS5CX420F1087012) # tech-support save-info
The resulting file will appear in the main directory of the internal disk, with a file name of the
format TAC_CHASSIS-support-date-time.
155
3.1.71 telnet
Syntax
telnet <ip_address> [port <0-65535>][debug][line][noecho]
Purpose
To telnet to a remote host.
Defaults
Connects to the host IP address on TCP port 23 with debug and line modes disabled and local
echo enabled by default.
Options & Parameters
<ip_address>
Specifies the IP address of the host.
port <0-65535>
Connects to the specified TCP port of the host. If this option
is not included, the command defaults to port 23.
debug
Enables telnet debugging mode.
line
Enables telnet linemode.
noecho
Disables local echo.
Notes
If multiple options are entered (e.g., port, debug, line and noecho), they must be entered in
order.
Example
(FS5CX420F1087012) >telnet 10.10.10.10 port 2055 line
This establishes a telnet session with the host at IP address 10.10.10.10 on port 2055 with
linemode enabled.
156
3.1.72 traceroute
Syntax
traceroute <ip_address> [0-65535]
Purpose
To trace the routes that packets take through the network hop by hop.
Defaults
The default port value is 3343.
Options & Parameters
<ip_address>
Specifies the destination IP address.
[0-65535]
Specifies the destination port. If not specified, the default
port value is 3343.
Example
(FS5CX420F1087012) # traceroute 172.16.0.118
Tracing route over a maximum of 20 hops
1
*
*
*
2
*
*
*
3
*
*
*
4
*
*
*
[etc.]
157
4 Config Mode
4.1 Overview
The Config Mode provides configuration commands for the switch as a whole, plus access to the
other configuration modes.
4.1.1 Access
This mode is accessed by using the config command in Enable Mode or by using the exit
command in the other configuration modes.
4.1.2 Exit
To exit from this mode, use the exit or end command to return to enable Mode.
4.2 Commands
Command
Purpose
authentication
Configure an authentication list.
cos
Configure Class of Service parameters.
end
Exit to Enable Mode.
exit
Exit to Enable Mode.
fabric-control
Configure the bandwidth allocation of the fabric.
fdb-table
Configure forwarding database parameters.
garp
Configure Generic Attribute Registration Protocol parameters.
gvrp
Set GARP VLAN Registration Protocol parameters.
ipfix
Configure IPFIX parameters.
lag
Enter Config-LAG Mode to create and configure a new LAG or to
configure an existing LAG.
logging
Logging Configuration.
mgmt-ip
Configure management IP protocols and parameters.
port
Enter into Config-Port Mode.
158
prompt
Change the system prompt.
radius
Configure RADIUS parameters.
serial
Configure EIA-232 parameters and inactivity timeout.
snmpd
Set Simple Network Management Protocol daemon (SNMPd)
options and parameters.
snmp-trap
Enable trap flags that apply to the switch.
sntp
Configure Simple Network Time Protocol parameters.
spanning-tree
Set the spanning tree operational mode.
users
Manage users and user accounts.
vlan
Enter Config-VLAN Mode to configure VLAN parameters.
159
4.2.1 authentication
login
Syntax
authentication login <list_name> [local] [radius] [reject] [tacacs]
Purpose
To create, delete and/or configure an authentication list with up to three authentication methods.
Defaults
In the absence of a custom list, the system by default uses local authentication only. If no
method is supplied for a newly created list, the default method is local.
Options & Parameters
Notes
<list_name>
Specifies the name of the authentication login list. If the
name is not currently in use, this creates a new list using that
name.
local
Specifies use of a locally stored ID and password for
authentication.
radius
Specifies use of a Remote Authentication Dial In User
Service (RADIUS) server for user authentication.
reject
When entered as the primary authentication method, reject
prevents authentication of the users on the specified list.
tacacs
Specifies use of a Terminal Access Controller Access-Control
System (TACACS) server for user authentication. Note:
TACACS servers are not supported by the switch in the
current release.
•
Use the show authentication command in Enable Mode to display existing
authentication list(s).
•
Use no authentication login and the list name to delete an existing list.
•
Up to three authentication methods can be specified for the list.
Example
(FS5CX420F1087012) (Config)# authentication login list1 radius reject
160
4.2.2 cos
dot1p-mapping
Syntax
cos dot1p-mapping <0-7> <0-3>
Purpose
To map an 802.1p priority to an internal traffic class.
Defaults
The default 802.1p mappings for the FortiSwitch OS are as follows:
User Priority
Traffic Class
0
1
1
0
2
0
3
1
4
2
5
2
6
3
7
3
Options & Parameters
<0-7>
Specifies the 802.1p priority to map.
<0-3>
Specifies the traffic class to which the 802.1p priority is
mapped.
Notes
The “no” form of this command is no cos; it restores the 802.1p mappings to the manufacturer’s
default (shown above).
Example
(FS5CX420F1087012) (Config)# cos dot1p-mapping 0 1
161
4.2.3 end
Syntax
end
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Notes
The end command exits to Enable Mode from all higher modes. In Config Mode its behavior is
identical to exit.
To exit directly to Default Mode, use ctrl-z.
Example
(FS5CX420F1087012) (Config)# end
162
4.2.4 exit
Syntax
exit
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config)# exit
163
4.2.5 fabric-control
Syntax
fabric-control { mac-svlan <2|3|4|6|12|24> | multicast <mac_address> <1-4094> <1001-1768>
| partition <2-1000> priority {a|b|c} svlan <1001-1768> ... <1001-1768> | spine { id <1-2> |
mode | svlan <6|12> } | svlan-id <1001-1768> <1001-1768> }
Purpose
To configure the bandwidth allocation of the fabric.
Defaults
•
The spine ID of a switch is set to 1 by default.
•
Spine mode is disabled by default (i.e., the switch is configured as an edge switch as
opposed to a spine switch).
•
Each spine has 6 SVLANs allocated to it by default.
•
Each MAC has 3 SVLANs associated with it by default.
Options & Parameters
mac-svlan <2|3|4|6|12|24>
Specifies the number of SVLANs that are to be associated
with each MAC. The default value is 3; the “no” form of this
command (no fabric-control mac-svlan) restores the value
to 3.
partition <2-1000> priority
{a|b|c} svlan <1001-1768> ...
<1001-1768>
Configures the fabric partition settings of the switch. (See
fabric-control partition on page 167)
spine id <1-2>
Configures the spine ID of the switch; if not set explicitly, the
default value is 1.
The spine ID determines the range of SVLANs which will be
native to this switch if it is operating in spine mode.
spine mode
Enables or disables the spine mode of the switch. When
spine mode is enabled, the switch is a spine switch; when it
is disabled, the switch is an edge switch.
spine svlan <6|12>
Sets the number of SVLANs used by the switch to 6 or 12; if
not set explicitly, the default value is 6 SVLANs per spine.
(See below.)
svlan-id <1001-1768> <10011768>
Identifies the full range of SVLANs which the switch is
expected to recognize and pass traffic on. This is an
essential command in the configuration of a multi-chassis
fabric. (See below.)
Notes
The FortiSwitch-500 allows users to aggregate switches into a scalable fabric, and to carve out
bandwidth for provisioning purposes. When participating in a fabric, each FortiSwitch Ethernet
Fabric Switch can operate in either spine mode or non-spine (edge) mode. Spine mode, the
default for the FortiSwitch-1000, allows the switch to aggregate traffic from multiple FortiSwitch
switches, creating Service VLANs (SVLANs) which are used internally for optimized traffic routing.
164
(SVLANs – transparent VLANs used within the switch – are distinguished from user-configured
VLANs.) In non-spine (edge) mode (the default for the FortiSwitch-500), the switch assigns
packets entering the fabric to available SVLANs but it creates no new SVLANs of its own,
allowing more FortiSwitch switches to be connected without unduly increasing the complexity of
the fabric.
When running under spine mode, the FortiSwitch-500 has a spine ID of either 1 or 2 (if not set
explicitly, the ID is 1 by default); when two or more FortiSwitch switches are connected in a fabric
and more than one is operating in spine mode, they must carry different, consecutive spine IDs.
When a switch is configured in spine mode, 12 internal VLANs, named Service VLANs (SVLANs),
are automatically allocated to that spine switch. The spine switch can be configured to use either
all 12 SVLANs or only 6 of them (by default, it is configured to use only 6). The SVLANs are
numbered automatically in groups of 12 based on the spine ID of the switch: spine ID 1 creates
SVLANs 1001-1012, ID 2 creates 1013-1024, etc. For the fabric to pass traffic correctly, each
switch in the fabric must be made aware of the full range of SVLANs operating in the fabric – this
is accomplished using the fabric-control svlan-id command.
When configured as a spine, the switch is programmed as the root bridge of the spanning trees
associated with the SVLANs allocated to it. (When the spine ID is set using the fabric-control
spine ID command, it also sets the bridge priority of MST instances associated with that spine's
allocated SVLANs to 0 to ensure root bridge identification.)
To view available SVLANs, use the show fabric-control valid-svlan command. (See page 87)
Examples
mac-svlan:
(FS5CX420F1087012) (Config)# fabric-control mac-svlan 12
This specifies that 12 SVLANs are to be associated with each MAC.
partition:
(See fabric-control partition on page 167.)
spine id:
(FS5CX420F1087012) (Config)# fabric-control spine id 2
This sets the spine ID number of this switch to 2.
spine mode:
(FS5CX420F1087012) (Config)# fabric-control spine mode
This enables spine mode for this switch.
spine svlan:
(FS5CX420F1087012) (Config)# fabric-control spine svlan 12
This configures the switch to use all 12 of the SVLANs allocated to it. (Only the first 6 are used
by default.)
svlan-id:
(FS5CX420F1087012) (Config)# fabric-control svlan-id 1001 1024
165
This configures the switch to participate in a 2-spine fabric utilizing SVLANs 1001 through 1024.
“no” form of the svlan-id option:
(FS5CX420F1087012) (Config)# no fabric-control svlan-id 1013 1024
This clears SVLANs 1013 through 1024 from this switch’s SVLAN list. Note that the “no” form of
this command cannot be used to remove “native” SVLANs from the switch (those which are
assigned automatically based on the switch’s spine ID if the switch is in spine mode).
166
4.2.6 fabric-control
partition
Syntax
fabric-control partition <2-1000> priority {a|b|c} svlan <1001-1768> ... <1001-1768>
Purpose
To create and configure partitions in the fabric.
Defaults
The priority class of the partition is 0 by default (below a, b and c).
Options & Parameters
<2-1000>
Specifies the partition ID. If there is no existing partition with
the specified ID, this creates a new one.
priority { a | b | c }
Configures the priority class of the specified partition (see
below).
svlan <1001-1768> ... <10011768>
Specifies the SVLANs which belong to this partition up to a
maximum of 20. IDs must be between 1001 and 1768.
Notes
The FortiSitch OS also allows users to allocate bandwidth to specific traffic types. This can be
achieved by configuring partitions in the fabric. Each partition consists of different combinations of
SVLANs. The switch can distribute traffic to partitions based on a packet’s input port and VLAN
tag. Each partition can be further divided into 4 classes – default class (0), A, B, and C, based on
either the IEEE 802.1p or DiffServ priority fields. Class A maps to 802.1p priority values 2 and 3,
class B to 4 and 5, and class C to 6 and 7.
Note: if partitions are configured in the fabric, all FortiSwitch switches participating in the fabric
must have identical partition configuration settings.
Example
(FS5CX420F1087012) (Config)# fabric-control partition 2 priority a svlan 1001 1002 1003
This creates a partition and assigns it ID #2, sets its priority class to “a” and associates SVLANs
1001, 1002 and 1003 with it.
167
4.2.7 fdb-table
aging-time
Syntax
fdb-table aging-time <10-1000000>
Purpose
To configure the Forwarding Database (FDB) table address aging time (in seconds).
Defaults
The aging time is 300 seconds by default.
Options & Parameters
<10-1000000>
Specifies the address aging timeout in seconds.
Example
(FS5CX420F1087012) (Config)# fdb-table aging-time 1000
168
4.2.8 garp
timer
Syntax
garp timer {join <10-100> | leave <20-600> | leave-all <200-6000> }
Purpose
To configure the Generic Attribute Registration Protocol (GARP) timer attributes.
Defaults
•
The default GVRP join time is 20 centiseconds.
•
The default GVRP leave time is 60 centiseconds.
•
The default interval for the generation of leave-all packets is 1000 centiseconds.
Options & Parameters
join <10-100>
Specifies the GVRP join time – the interval between
transmission of GARP packets registering membership for a
VLAN or multicast group – in centiseconds.
leave <20-600>
Specifies the GVRP leave time – the interval between
receiving an unregister request for a VLAN or a multicast
group and deleting the VLAN entry – in centiseconds.
leave-all <200-6000>
Specifies the frequency with which “leave-all” packets –
packets deleting all registration entries – are generated.
Notes
All forms of the garp timer command only have an effect when GVRP is enabled.
The “no” form of this command resets the specified time to the default:
no garp timer join resets the GVRP join time to 20 centiseconds
no garp timer leave resets the GVRP leave time to 60 centiseconds
no garp timer leave-all resets the “leave-all” generation interval to 1000 centiseconds
Examples
(FS5CX420F1087012) (Config)# garp timer join 30
(FS5CX420F1087012) (Config)# garp timer leave 200
(FS5CX420F1087012) (Config)# garp timer leave-all 2000
169
4.2.9 gvrp
Syntax
gvrp {admin-mode | port-mode}
Purpose
To enable or disable GARP VLAN Registration Protocol (GVRP) on the switch as a whole or on
all ports.
Defaults
GVRP admin-mode is disabled by default.
GVRP port-mode is disabled by default on all ports.
Options & Parameters
admin-mode
Enables GARP VLAN Registration Protocol (GVRP) on the
switch as a whole. Use “no” form of the command to disable
on the switch.
port-mode
Enables GVRP on all switch ports. For GVRP to function, it
must also be enabled on the switch as a whole using the
gvrp admin-mode command above. Use the “no” form of
this command to disable GVRP on every port. To enable
GVRP only on certain ports or LAGs, use the gvrp portmode command in Config-LAG Mode (see page 220) or in
Config-Port Mode (see page 239).
Examples
(FS5CX420F1087012) (Config)# gvrp admin-mode
(FS5CX420F1087012) (Config)# gvrp port-mode
170
4.2.10 ipfix
Syntax
ipfix {collector <ip_address> [{port <0-65535> | format <9> } [{all | <slot/port> }] ] | report-timer
<5-60> }
Purpose
To configure the Internet Protocol Flow Information eXport (IPFIX) parameters of the switch.
Defaults
The default behavior of this command is to enable IPFIX on all ports. The defaults for the
parameters it configures are as follows:
•
IPFIX is disabled on all switch ports by default.
•
Switch exports flow data to service port 2055 by default.
•
There are no collectors established by default.
•
IPFIX format is set to version 9 by default.
•
The IPFIX report duration is 15 seconds by default.
Options & Parameters
collector <ip_address>
Adds a collector to the specified IP address.
port <0-65535>
Specifies the layer 4 UDP service port number to which the
new collector will send data traffic. The default value is 2055.
format <9>
Specifies the IPFIX format as a Netflow version number. This
is a placeholder for future functionality; the default value is 9,
and in this release the only available format is 9.
{ all | <slot/port> }
Specifies the switch ports on which to enable IPFIX data
transfer. Enable all ports by entering all or enable a specific
port by identifying it in slot/port format.
report-timer <5-60>
Specifies the IPFIX report duration in seconds.
Notes
•
Note: The FortiSwitch-500 exports IPFIX data to service port 2055 by default, while
some IPFIX collecting process listen on port 4739.
all: Enabling data transfer on all service ports (see examples under "collector" below)
allows the operator to configure monitoring at the collector end.
Examples
collector:
(FS5CX420F1087012) (Config)# ipfix collector 172.16.0.151 port 2055 all
report-timer:
(FS5CX420F1087012) (Config)# ipfix report-timer 35
171
4.2.11 lag
Syntax
lag <lag_ID>
Purpose
To create a new Link Aggregation Group (LAG) or enter Config-LAG Mode to configure a
specified LAG.
Options & Parameters
<lag_ID>
Notes
Specifies the LAG to be configured. If the specified LAG
does not exist, a LAG with no associated ports is created.
(Use the add-port command in Config-LAG Mode to add
ports to a LAG; see page 214) On the FortiSwitch-500, up to
12 LAGs (with LAG IDs 1-12) may be created.
•
For clarity, the FortiSwitch-500 CLI uses a LAG ID number rather than allowing the
lowest port in the LAG to stand in for the LAG as a whole.
•
The lag command is used to create or remove a LAG, and also to access Config-LAG
Mode to configure the attributes of an existing LAG or add or delete member ports.
•
Before the LAG can be configured, it must be created with this command; creating the
LAG also enters Config-LAG Mode for the newly-created LAG.
•
Existing LAGs can be removed by using the no form of this command.
•
To determine whether a LAG already exists, use the show lag command. (See page 30
or page 96)
Example
(FS5CX420F1087012) (Config)# lag 1
(FS5CX420F1087012) (Config-LAG 1)#
172
4.2.12 logging
Syntax
logging {buffered [wrap] | cli-command | console [ <severity_level> | <0-7> ] | host
<ip_address> [port_ID] [ <severity_level> | <0-7> ] | syslog [port <port_ID>]}
Purpose
To configure event logging settings.
Defaults
•
Buffered logging and CLI command logging are enabled by default; all other logging
configurations are disabled by default.
•
The default severity level is 7 (debug) for remote (syslog) logging, 6 (informational) for
buffered logging, and 1 (alert) for console logging.
•
The default logging port for remote (syslog) logging is 514.
Options & Parameters
Notes
buffered [wrap]
Enables buffered logging on the switch itself. The wrap
option enables line-wrapping on log entries that exceed the
size of the line buffer. Use no logging buffered to disable
buffered logging, and clear logging to clear the contents of
the buffered log.
cli-command
Enables CLI command logging (logging of all commands
executed via the command line interface).
console [severity_level]
Enables logging on the serial console attached to the switch.
See below for description of severity levels.
Note: even at lower severity levels, sending logging output to
the console can make it difficult to regain control of the switch
if no other mode of access (e.g., telnet) is available.
host <ip_address> [port_ID]
[severity_level]
Specifies the host device and port for the configured syslog
server that is receiving syslog messages relayed from the
switch. If no port is specified, the default is 514. See below
for description of severity levels.
syslog [ port <port_ID> ]
Enables relaying of logging messages to the remote server.
The port option allows the user to specify which port is being
monitored; if no port is specified, the default is 514.
[ <severity_level> | <0-7> ]
Specifies the logging severity level either as text or as a
number; lower levels output fewer events to the console or
remote logging server. The levels are as follows:
0: emergency, 1: alert, 2: critical, 3: error, 4: warning, 5:
notice, 6: info, 7: debug
Note: severity levels can be entered by name or by number.
•
Both logging host and logging syslog port can specify the logging port; logging
messages are sent from the port most recently specified.
•
Buffered logging stores up to 1000 lines of log messages and is reset when the switch
boots.
173
•
Console logging outputs directly to the console, which can make it difficult to regain
control of the switch.
•
Severity levels can be entered as numbers or text.
Examples
buffered:
(FS5CX420F1087012) (Config)# logging buffered wrap
cli-command:
(FS5CX420F1087012) (Config)# logging cli-command
console:
(FS5CX420F1087012) (Config)# logging console debug
or
(FS5CX420F1087012) (Config)# logging console 7
host:
(FS5CX420F1087012) (Config)# logging host 172.16.0.116 port 55322
syslog:
(FS5CX420F1087012) (Config)# logging syslog port 55322
174
4.2.13 mgmt-ip
Syntax
mgmt-ip { inband { bootp | dhcp | disable | ip <ip_address> <netmask> <gateway> | macaddress <mac_address> | mac-type { burnedin | local } }| service-port { bootp | dhcp |
disable | ip { <ip_address> <netmask> <gateway> } } | sshd [ max-sessions <0-5> | protocol
<1-2> [1-2] | timeout <1-160> ] | telnetd { max-sessions <0-5> | timeout <1-160> } }
Purpose
To configure management IP protocols and parameters.
Defaults
See sub-commands for details.
Options & Parameters
inband
Configures in-band connectivity. (See page 176)
service-port
Configures the out-of-band management port. (See page
177)
sshd
Configures IP Secure Shell (SSH) parameters. (See page
178)
telnetd
Configures telnet connection parameters for incoming telnet
sessions. (See page 179) The telnet and show telnet
commands are used for outgoing telnet sessions.
175
4.2.14 mgmt-ip
inband
Syntax
mgmt-ip inband { dhcp | disable | ip <ip_address> <netmask> | mac-address <mac_address>
| mac-type { burnedin | local } }
Purpose
To configure in-band connectivity to the switch.
Defaults
•
The MAC type is set to burned-in by default.
•
In-band management is disabled by default.
Options & Parameters
dhcp
Specifies Dynamic Host Configuration Protocol (DHCP) as
the in-band port configuration protocol.
disable
Disables the current in-band management port.
ip <ip_address> <netmask>
<gateway>
Specifies the IP address to set for in-band management.
mac-address <mac_address>
Configures a locally administered MAC address for in-band
switch management.
mac-type {burnedin | local}
Specifies whether the switch uses the burned in (burnedin)
or locally administered (local) MAC address for the in-band
management port.
Examples
dhcp:
(FS5CX420F1087012) (Config)# mgmt-ip inband dhcp
disable:
(FS5CX420F1087012) (Config)# mgmt-ip inband disable
ip:
(FS5CX420F1087012) (Config)# mgmt-ip inband ip 172.16.0.115 255.255.255.0 0.0.0.0
mac-address:
(FS5CX420F1087012) (Config)# mgmt-ip inband mac-address 00-08-74-4C-7F-1D
mac-type:
(FS5CX420F1087012) (Config)# mgmt-ip inband mac-type burnedin
176
4.2.15 mgmt-ip
service-port
Syntax
mgmt-ip service-port { dhcp | disable | ip { <ip_address> <netmask> <gateway> } }
Purpose
To configure the out-of-band management port.
Defaults
Out-of-band management is set to DHCP by default.
Options & Parameters
dhcp
Specifies Dynamic Host Configuration Protocol (DHCP) as
the service port configuration protocol.
disable
Disables the current service port.
ip <ip_address> <netmask>
<gateway>
Specifies the IP address to set for out-of-band management.
Examples
dhcp:
(FS5CX420F1087012) (Config)# mgmt-ip service-port dhcp
disable:
(FS5CX420F1087012) (Config)# mgmt-ip service-port disable
ip:
(FS5CX420F1087012) (Config)# mgmt-ip service-port ip 172.16.0.115 255.255.255.0 0.0.0.0
177
4.2.16 mgmt-ip
sshd
Syntax
mgmt-ip sshd [ max-sessions <0-5> | protocol <1-2> [1-2] | timeout <1-160> ]
Purpose
To configure the IP Secure Shell (SSH) parameters for incoming SSH sessions.
Defaults
The default behavior of this command is to enable Secure Shell (SSH) access to the switch. The
defaults for the parameters it configures are as follows:
•
SSH access to the switch is turned on by default.
•
SSH protocol level is set to 1 and 2 by default.
•
The maximum number of SSH sessions is set to 5 by default.
•
The SSH login inactivity timeout is set to 5 minutes by default.
Options & Parameters
max-sessions <0-5>
Configures the number of remote SSH connections allowed.
protocol <1-2> [1-2]
Specifies the SSH protocol level (version). An optional
second SSH protocol level may also be specified.
timeout <0-160>
Specifies the SSH login inactivity timeout in minutes.
Examples
default:
(FS5CX420F1087012) (Config)# mgmt-ip sshd
max-sessions:
(FS5CX420F1087012) (Config)# mgmt-ip sshd max-sessions 5
protocol:
(FS5CX420F1087012) (Config)# mgmt-ip sshd protocol 1 2
timeout:
(FS5CX420F1087012) (Config)# mgmt-ip sshd timeout 160
178
4.2.17 mgmt-ip
telnetd
Syntax
mgmt-ip telnetd { max-sessions <0-15> | timeout <1-160> }
Purpose
To configure incoming telnet connection parameters.
Defaults
The default behavior of this command is to enable incoming telnet access to the switch. The
defaults for the parameters it configures are as follows:
•
Telnet access to the switch is disabled by default.
•
The maximum number of remote telnet connections is set to 5 by default.
•
The telnet login inactivity timeout is set to 5 minutes by default.
Options & Parameters
max-sessions <0-15>
Configures the number of remote telnet connections allowed.
timeout <1-160>
Configures the telnet login inactivity timeout in minutes.
Setting the timeout to 0 causes a session to remain active
indefinitely.
Notes
This command configures incoming telnet connections. The show telnet and telnet commands
are used for outbound telnet connections from the switch.
Examples
default:
(FS5CX420F1087012) (Config)# mgmt-ip telnetd
max-sessions:
(FS5CX420F1087012) (Config)# mgmt-ip telnetd max-sessions 5
timeout:
(FS5CX420F1087012) (Config)# mgmt-ip telnetd timeout 160
179
4.2.18 port
Syntax
port { <slot/port> | range <slot/port> <slot/port> }
Purpose
To enter Config-Port Mode to configure a specified port or range of ports.
Options & Parameters
<slot/port>
Specifies the port to be configured.
range <slot/port> <slot/port>
Specifies a range of ports to be configured; port variables
identify the first and last ports in the range to be configured.
Example
default:
(FS5CX420F1087012) (Config)# port 1/1
range:
(FS5CX420F1087012) (Config)# port range 1/1 1/12
180
4.2.19 prompt
Syntax
prompt <prompt_string>
Purpose
To change the system prompt.
Options & Parameters
<prompt_string>
Specifies the new system prompt. The prompt string can be
up to 64 case-sensitive characters in length.
Notes
Creating distinctive CLI system prompts can help to distinguish among switches when controlling
several by remote access.
Example
(FS5CX420F1087012) (Config)# prompt FortiSwitch_lab
181
4.2.20 radius
Syntax
radius { accounting mode | server { host { acct | auth } <ip_address> [0-65535] | key { acct |
auth } <ip_address> | msg-auth <ip_address> | primary <ip_address> | retransmit <1-15> |
timeout <1-30> } }
Purpose
To configure parameters for the Remote Authentication Dial In User Service (RADIUS) servers.
Defaults
•
RADIUS accounting mode is disabled by default.
•
The connection port for the RADIUS authentication server is set to 1813 by default.
•
The connection port for the RADIUS accounting server is set to 1813 by default.
•
The retransmit value is set to 4 by default.
•
The RADIUS server timeout is set to 5 seconds by default.
Options & Parameters
accounting mode
Enables the Remote Authentication Dial In User Service
(RADIUS) accounting function.
server host { acct | auth }
<ip_address> [0-65535]
Specifies the RADIUS server host parameters; use acct or
host to specify the accounting server or the authentication
server. The optional port value specifies the UPD port to use
when connecting to the RADIUS server; the default is 1812
for an authentication server and 1813 for an accounting
server.
server key { acct | auth }
<ip_address>
Configures the RADIUS key; use acct or host to specify the
accounting server or the authentication server.
server msg-auth <ip_address>
Enables the message authenticator attribute for the specified
server.
server primary <ip_address>
Sets the server at the specified IP address as the primary
RADIUS server.
server retransmit <1-15>
Sets the retransmit value for the RADIUS server; default is 4.
server timeout <1-30>
Specifies the RADIUS server timeout value in seconds;
default is 5.
Examples
accounting mode:
(FS5CX420F1087012) (Config)# radius accounting mode
server host:
(FS5CX420F1087012) (Config)# radius server host acct 172.16.0.114 553211
182
server key:
(FS5CX420F1087012) (Config)# radius server key acct 172.16.0.114
server msg-auth:
(FS5CX420F1087012) (Config)# radius server msg-auth 172.16.0.114
server primary:
(FS5CX420F1087012) (Config)# radius server primary 172.16.0.114
server retransmit:
(FS5CX420F1087012) (Config)# radius server retransmit 7
server timeout:
(FS5CX420F1087012) (Config)# radius server timeout 30
183
4.2.21 serial
Syntax
serial {baudrate <115200> | timeout <0-160> }
Purpose
To configure the serial connection’s baud rate and inactivity timeout.
Defaults
•
The baud rate is 115200 by default.
•
The port login inactivity timeout is 5 minutes by default.
Options & Parameters
baudrate <115200>
Sets the baud rate for the serial connection. Note: for this
release, the only permissible value is 115200.
timeout <0-160>
Sets the serial port login inactivity timeout in minutes.
Examples
baudrate:
(FS5CX420F1087012) (Config)# serial baudrate 115200
timeout:
(FS5CX420F1087012) (Config)# serial timeout 160
184
4.2.22 snmpd
Syntax
snmpd { community { <community_name> | ipaddr <ip_address> <community_name> |
ipmask <ip_address> <community_name> | mode <community_name> | ro <community_name>
| rw <community_name> } | contact <contact_name> | enable-traps {authentication |
bcaststorm | linkmode | multiusers | stpmode} | location <location> | sysname
<system_name> }
Purpose
To set Simple Network Management Protocol daemon (SNMPd) options and parameters.
Defaults
The default behavior of this command is to enable SNMP on the switch. The defaults for the
parameters it configures are as follows:
•
SNMP is enabled by default.
•
“Public” and “private” communities are not created by default.
•
Undefined communities are disabled by default; naming a community enables it.
•
Client IP address and netmask are set to 0.0.0.0 by default.
•
The five SNMP trap flags described below are enabled by default.
Options & Parameters
community <community_name>
Adds and names a new SNMP community. The name can be
up to 16 case-sensitive characters. (The no form of this
command deletes the specified community name from the
table.)
community ipaddr <ip_address> Sets a client IP address to limit which clients may access the
<community_name>
specified named SNMP community. A value of 0.0.0.0 (the
default) allows community access from any IP address. (The
no form of this command sets the IP address to 0.0.0.0.)
community ipmask <ip_mask>
<community_name>
Sets a client IP mask for the specified named SNMP
community. A value of 255.255.255.255 will allow access
from only one station, and will use that machine’s IP address
for the client IP address; a value of 0.0.0.0 (the default) will
allow access from any IP address. (The no form of this
command sets the IP mask to 0.0.0.0.)
community mode
<community_name>
Enables the specified SNMP community.
community ro
<community_name>
Sets access mode of the specified SNMP community to readonly (“public mode”).
community rw
<community_name>
Sets access mode of the specified SNMP community to
read/write (“private mode”).
contact <contact_name>
Enters the specified name (up to 31 characters) as the SNMP
contact.
enable-traps authentication
Enables authentication traps. (Use the no form of this
command to disable.)
185
enable-traps bcaststorm
Enables the broadcast storm trap. (Use the no form of this
command to disable.)
enable-traps linkmode
Enables the link up / link down trap flag at the switch level.
Note: use with caution; this trap can generate high volumes of
data. (Use the no form of this command to disable.)
enable-traps multiusers
Enables the sending of a trap when multiple logins are active
simultaneously. (Use the no form of this command to
disable.)
enable-traps stp-mode
Enables sending of spanning tree traps. (Use the no form of
this command to disable.)
location <location>
Enters the specified location (up to 31 characters) as the
system location (the physical location of the system).
sysname <system_name>
Enters the specified name (up to 31 characters) as the
system name.
Notes
“Public” and “private” SNMP communities are not created by default. If you are using an older
config file which includes commands related to public and private community strings, you must
include a command to create those strings first.
Examples
community:
(FS5CX420F1087012) (Config)# snmpd community BigMuddy
community ipaddr:
(FS5CX420F1087012) (Config)# snmpd community ipaddr 172.16.0.114 BigMuddy
community ipmask:
(FS5CX420F1087012) (Config)# snmpd community ipmask 255.255.255.0 BigMuddy
community mode:
(FS5CX420F1087012) (Config)# snmpd community mode BigMuddy
community ro:
(FS5CX420F1087012) (Config)# snmpd community ro BigMuddy
community rw:
(FS5CX420F1087012) (Config)# snmpd community rw BigMuddy
contact:
(FS5CX420F1087012) (Config)# snmpd contact Roger_Hoskins_650-555-7890
186
enable-traps authentication:
(FS5CX420F1087012) (Config)# snmpd enable-traps authentication
enable-traps bcaststorm:
(FS5CX420F1087012) (Config)# snmpd enable-traps bcaststorm
enable-traps linkmode:
(FS5CX420F1087012) (Config)# snmpd enable-traps linkmode
enable-traps multiusers:
(FS5CX420F1087012) (Config)# snmpd enable-traps multiusers
enable-traps stp-mode:
(FS5CX420F1087012) (Config)# snmpd enable-traps stpmode
location:
(FS5CX420F1087012) (Config)# snmpd location sunnyvale
sysname:
(FS5CX420F1087012) (Config)# snmpd sysname FortiSwitch_500_S1
187
4.2.23 snmp-trap
Syntax
snmp-trap { <trap_name> <ip_address> [ snmpversion { snmpv1 | snmpv2 } ] | ipaddr
<trap_name> <ip_address_old> <ip_address_new> | mode <name> <ip_address> |
snmpversion <trap_name> <ip_address> { snmpv1 | snmpv2 } }
Purpose
To configure and enable custom SNMP traps.
Defaults
•
No custom traps are enabled by default.
•
SNMP version 2 is used by default.
Options & Parameters
Notes
<trap_name> <ip_address>
[ snmpversion { snmpv1 |
snmpv2 } ]
Specifies the trap name and the IP address of the SNMP
server. The snmpversion option specifies the SNMP
version of the trap; the default is version 2. The value of
<trap_name> must be either one of the standard SNMP traps
listed below or the name of an SNMP community configured
on the switch.
ipaddr <trap_name>
<ip_address_old>
<ip_address_new>
Allows the operator to change the IP address of the SNMP
server. This is used only when the IP address of the server
has changed.
mode <trap_name>
<ip_address>
Enables the SNMP trap of the specified name and SNMP
server IP address.
snmpversion <trap_name>
<ip_address> { snmpv1 |
snmpv2 }
Configures the SNMP version for the specified trap.
•
Five traps are enabled by default (see snmpd on page 185). This command allows for
the creation of up to five additional custom traps.
•
The <trap_name> parameter specifies the type of trap flag to be enabled. It must be
either a standard SNMP trap name as described in RFC 1157 or the name of a
configured SNMP community. Using a standard trap name will add a flag for that trap;
using an SNMP community name will send uptime information about the specified
community.
Acceptable trap names:
•
coldStart
•
warmStart
•
linkUp
•
linkDown
•
egpNeighborLoss
188
•
the name of a configured SNMP community
Examples
default:
(FS5CX420F1087012) (Config)# snmp-trap test1 172.16.0.144 snmp-version snmpv1
This adds an SNMP trap to monitor uptime of community “test1” in format SNMPv1. Note: this
assumes that an SNMP community named “test1” has been configured on the switch.
ipaddr:
(FS5CX420F1087012) (Config)# snmp-trap ipaddr test1 172.16.0.113 172.16.0.114
This changes the IP address to which the SNMP trap set above is sent.
mode:
(FS5CX420F1087012) (Config)# snmp-trap mode test1 172.16.0.114
This enables the SNMP trap added under “default” above.
snmpversion:
(FS5CX420F1087012) (Config)# snmp-trap snmp-version test1 172.16.0.114 snmpv1
This specifies that the SNMP trap added under “default” above is using SNMP version 1 (used
primarily for compatibility with trap receivers which do not support SNMP version 2).
189
4.2.24 sntp
Syntax
sntp { broadcast client poll-interval <6-10> | client { mode { broadcast | unicast } | port <165535> } | server <ip_address> [1-3] [version] [1-65535] | unicast client {poll-interval <6-10> |
poll-retry <0-10> | poll-timeout <1-30> } }
Purpose
To configure a Simple Network Time Protocol (SNTP) server and its parameters.
Defaults
•
Broadcast client poll-interval is 6 by default.
•
Unicast client poll-interval is 6 by default.
•
The SNTP client port ID is set to 123 by default.
•
The unicast client poll retry value is set to 1 by default.
•
The unicast client poll timeout is set to 5 seconds by default.
Options & Parameters
broadcast client poll interval
<6-10>
Sets the poll interval (in seconds) for SNTP broadcast clients
as a power of two (e.g., a value of 6 is a poll interval of 2^6 or
64 seconds).
client mode { broadcast |
unicast }
Sets the SNTP client mode to broadcast or unicast.
client port <1-65535>
Sets the SNTP client port ID value. The default is 123.
server <ip_address> [1-3] [1-4]
[1-65535]
Configures the SNTP server; <ip_address> specifies the
address of the SNTP server, [1-3] sets the SNTP server
priority, [1-4] sets the SNTP version and [1-65535] sets the
SNTP server port ID.
Examples
broadcast client poll interval:
(FS5CX420F1087012) (Config)# sntp broadcast client poll-interval 6
client mode:
(FS5CX420F1087012) (Config)# sntp client mode broadcast
client port:
(FS5CX420F1087012) (Config)# sntp client port 55013
server:
(FS5CX420F1087012) (Config)# sntp server 172.16.0.155 3 2
190
4.2.25 spanning-tree
Syntax
spanning-tree {bpdu-migration-check { <slot/port> | all} | configuration {name <name> |
revision <0-65535> } | force-version {802.1d | 802.1s | 802.1w}| forward-time <4-30> | hellotime <1-10> | max-age <6-40> | max-hops <1-127> | mst {instance <1-64> | <0-64> {priority
<0-61440> | vlan <1-4094> } } }
Purpose
To enable and configure Spanning-Tree Protocol (STP).
Defaults
The default behavior of this command is to enable Spanning-Tree Protocol (STP) on the switch.
The defaults for the parameters it configures are as follows:
•
MSTP is enabled on the switch by default.
•
MST region name is set to Fortinet by default.
•
BPDU migration check is disabled by default.
•
Forward time is set to 15 seconds by default.
•
Hello time is set to 2 seconds by default.
•
Maximum bridge age (max-age) is set to 20 seconds by default.
•
Maximum hops is set to 20 by default.
•
Bridge priority is set to 32768 by default.
Options & Parameters
bpdu-migration-check
{ <slot/port> | all }
Force the specified port (or all ports) to transmit RSTP or
MSTP BPDUs. Note: This operation is available only in
bridges that support RSTP or MSTP.
configuration {name <name> |
revision <0-65535> }
Name specifies the name of the MST region in which the
switch is operating (maximum of 32 characters); revision sets
the configuration identifier revision level.
The default MST region name is Fortinet (appropriate for a
single chassis, which can have any name for its MST region).
See notes below.
If configuring a multi-chassis fabric, use this command to
change the MST region name to FortiSwitch.
In most cases, the revision number is not to be changed.
force-version {802.1d | 802.1s |
802.1w}
Sets the force protocol version parameter, determining which
variety of spanning-tree is to be used by the switch. 802.1d
enables STP, 802.1s enables MSTP, and 802.1w enables
RSTP.
forward-time <4-30>
Sets the bridge forward delay time in seconds. Value must be
greater than or equal to (bridge max age / 2) + 1.
hello-time <1-10>
Sets the hello time in seconds. Value must be less than or
191
equal to (bridge max age / 2) - 1.
max-age <6-40>
Sets the bridge max age in seconds. Value must be less than
or equal to 2*(bridge forward delay time - 1).
max-hops <1-127>
Sets the MSTP maximum hops parameter for the common
and internal spanning tree.
mst instance <1-64>
Creates an MST instance with the specified identifier. The
bridge priority is set to 32768 on leaf switches, or
automatically determined based on the spine ID for spine
switches.
mst <0-64> priority <0-61440>
Sets the bridge priority for a specified MST instance. Used
primarily for troubleshooting and debugging; appropriate
bridge priority is set automatically based on spine settings.
mst <0-64> vlan <1-4094>
Adds the specified VLAN to the specified MST instance.
Notes
•
The default MST region name is “Fortinet” – appropriate for a single switch. In order for
the switch to participate in a fabric, the MST region name must be changed to
“FortiSwitch” (case sensitive).
•
The FortiSwitch-500 uses STP version 802.1s (MSTP) by default; to use STP or RSTP,
the operator must use the appropriate spanning-tree force-version command.
•
Interface-level spanning-tree configuration is done in Config-LAG Mode and Config-Port
Mode.
•
Specifying an MST identifier of 0 indicates that there is only a single spanning tree in
operation.
Examples
bpdu-migration-check:
(FS5CX420F1087012) (Config)# spanning-tree bpdu-migration-check 2/1
configuration:
(FS5CX420F1087012) (Config)# spanning-tree configuration name FortiSwitch
This sets the MST region name to “FortiSwitch” in order to prepare this switch to participate in a
multi-chassis fabric deployment.
force-version:
(FS5CX420F1087012) (Config)# spanning-tree force-version 802.1d
forward-time:
(FS5CX420F1087012) (Config)# spanning-tree forward-time 20
hello-time:
(FS5CX420F1087012) (Config)# spanning-tree hello-time 12
192
max-age:
(FS5CX420F1087012) (Config)# spanning-tree max-age 35
max-hops:
(FS5CX420F1087012) (Config)# spanning-tree max-hops 65
mst instance:
(FS5CX420F1087012) (Config)# spanning-tree mst instance 1
mst priority:
(FS5CX420F1087012) (Config)# spanning-tree mst 13 priority 0
This sets the bridge priority for MST instance 13 to a value of 0. Note that this would usually be
done only for troubleshooting or debugging purposes.
mst vlan:
(FS5CX420F1087012) (Config)# spanning-tree mst 1 vlan 1
193
4.2.26 users
Syntax
users {access-mode <user_name> {readonly | readwrite} | default-login <list_name> | login
<user_name> <list_name> | name <user_name> | password <user_name> | snmpv3 {accessmode <user_name> {readonly | readwrite} | authentication <user_name> {none | md5 | sha} |
encryption <user_name> { none | des <key> } } } }
Purpose
To create and configure user login accounts for access to the switch.
Defaults
SNMPv3 access mode is set to read-write by default for “admin” and to read-only by default for all
other users.
Options & Parameters
access-mode <user_name>
{readonly | readwrite}
Sets the access mode for the specified user.
default-login <list_name>
Sets the default authentication list for non-configured users.
login <user_name> <list_name>
Sets the authentication list for the specified user.
name <user_name>
Adds a new user with the specified name.
password <user_name>
Sets or re-sets the login password for the specified user.
User is prompted to enter old and new passwords; for no
password, press enter.
snmpv3 access-mode
<user_name> {readonly |
readwrite}
Sets the Simple Network Management Protocol version 3
(SNMPv3) access mode for the specified user.
snmpv3 authentication
<user_name> {none | md5 |
sha}
Sets the SNMPv3 authentication mode for the specified user.
snmpv3 encryption
<user_name> { none | des
<key> }
Sets encryption mode for the specified user. If setting the
mode to Data Encryption Standard (DES), an encryption key
must be supplied.
Note: authentication must be enabled for the specified user
before encryption can be set.
Examples
access-mode:
(FS5CX420F1087012) (Config)# users access-mode bob readonly
default-login:
(FS5CX420F1087012) (Config)# users default-login defaultLoginList
194
login:
(FS5CX420F1087012) (Config)# users login bob bobsLoginList
name:
(FS5CX420F1087012) (Config)# users name bob
passwd:
(FS5CX420F1087012) (Config)# users passwd bob
Enter old password:
Enter new password:***
Confirm new password:***
Password Changed!
snmpv3 access-mode:
(FS5CX420F1087012) (Config)# users snmpv3 access-mode bob readonly
snmpv3 authentication:
(FS5CX420F1087012) (Config)# users snmpv3 authentication bob md5
snmpv3 encryption:
(FS5CX420F1087012) (Config)# users snmpv3 encryption bob des 0E329232EA6D0D73
195
4.2.27 vlan
Syntax
vlan
Purpose
To enter Config-VLAN Mode in order to create or configure a VLAN.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config)# vlan
196
5 Debug Mode
5.1 Overview
The Debug Mode provides commands for debugging purposes and low-level visibility into switch
functions.
NOTE: Many Debug Mode commands have the potential to DAMAGE THE SYSTEM, and
should be used ONLY under direct guidance from a Fortinet support technician.
For further information, please contact Fortinet technical support.
5.1.1 Access
This mode is accessed by using the debug command in Enable Mode.
5.1.2 Exit
To exit from this mode, use the exit or end command to return to Enable Mode.
5.2 Commands
bcm-test
Debug the switching chip.
end
Exit to Enable Mode.
exit
Exit to Enable Mode.
filter-msg
Filter the debug messages.
port-map
Display the port map for the switching chip.
vsp
VSP debug command.
197
6 File Mode
6.1 Overview
The File Mode provides commands for image updating and file transfer.
6.1.1 Access
This mode is accessed by using the file command in Enable Mode.
6.1.2 Exit
To exit from this mode, use the exit or end command to return to Enable Mode.
6.2 Commands
Command
Purpose
copy
Copy files/images from/to internal or external
disks.
delete
Delete files from the internal or external disks.
dir
Display the contents of the internal or external
disks.
end
Exit to Enable Mode.
exit
Exit to Enable Mode.
ftp
Upload/download files from an FTP server.
script
Apply/show/validate configuration scripts.
system
Update the system image
tftp
Upload/download files from a TFTP server.
update
Update bootloader images.
verify system image
Verify checksum of image file.
198
6.2.1 copy
Syntax
copy { [path/] <source_file_name> | default-config | running-config | startup-config } { [path/]
<destination_file_name> | startup-config }
Purpose
To copy files or images to and from the internal or external disk. If no path is specified, the
files/images are copied from and to the internal disk.
Options & Parameters
[path/]
Specifies a file path for the source or destination file. If none
is specified, the source and destination paths are both
assumed to be the internal disk.
disk
Specifies the internal disk as the file path. (Not usually
necessary, since the default file path is the internal disk.)
extdisk
Specifies the external disk as the file path. (See examples
below.)
<source_file_name>
The name of the file being copied.
<destination_file_name>
The name of the file to which data is being copied.
default-config
Specifies the factory default configuration settings file as the
source to copy from. Note: default-config cannot be used as
the destination.
running-config
Specifies the currently running configuration (saved or not) as
the source to copy from. Note: you cannot use runningconfig for the destination.
startup-config
Specifies the startup configuration file as the source or the
destination (see examples below). Note: when changes
made to the running configuration are saved on exit from the
CLI, these changes are saved to the startup configuration file
on the internal disk.
Notes & Examples
Each FortiSwitch-500 has two storage locations: the internal disk (specified by disk in the CLI)
and the external disk (specified by extdisk in the CLI). Because the external disk can be easily
removed, the configuration file used by the switch at startup is stored on the internal disk. By
default, the copy command uses the internal disk as both its default source path and its default
destination path.
Also please note that as of the date of this publication, the external disk is not yet
supported.
default example:
(FS5CX420F1087012) (File)# copy newbootfile bootfile.062707
199
This will copy the file “newbootfile” on the internal disk into the file “bootfile.062707,” also on the
internal disk.
copying from external to internal disk:
(FS5CX420F1087012) (File)# copy extdisk/monkeyfile disk/monkeyfile
This copies a file called “monkeyfile” from the external disk to the internal disk.
While the copy command is primarily used for copying u-boot image files, system image files,
core dump files, trace files, syslog files, etc. between the internal and external disks, the
command can also be used for the following.
To reset the startup configuration to the manufacturer default configuration:
(FS5CX420F1087012) (File)# copy default-config startup-config
This copies the settings from the default configuration file to the startup configuration file on the
internal disk.
to copy the currently running configuration to a file:
(FS5CX420F1087012) (File)# copy running-config startup-config
This copies the running configuration to the startup configuration file on the internal disk.
(FS5CX420F1087012) (File)# copy running-config config061907
This copies the running configuration to a file called “config061907” on the internal disk.
To copy files to or from an external location (using a network address or other locator), use the
ftp or tftp commands. (See page 205 and page 209)
200
6.2.2 delete
Syntax
delete [path/] <file_name>
Purpose
To delete files; files can be deleted from the internal or external disk.
Defaults
Deletes the specified file from the internal disk.
Options & Parameters
[path/]
Specifies the file path of the file to be deleted;
extdisk/<file_name> specifies that the file is to be deleted
from the external disk; otherwise the default location is the
internal disk.
<file_name>
Specifies the file to be deleted.
Example
(FS5CX420F1087012) (File)# delete oldDefault.scr
This will delete the file “oldDefault.scr” from the internal disk.
201
6.2.3 dir
Syntax
dir [ disk | LOG | CORE | extdisk ]
Purpose
To display the contents of the internal or external disk.
Defaults
The contents of the internal disk are displayed by default.
Options & Parameters
disk
Displays the contents of the internal disk.
LOG
Displays the contents of the LOG directory of the internal
disk.
CORE
Displays the contents of the CORE directory of the internal
disk.
extdisk
Displays the contents of the external disk. Note: as of the
date of this publication, the external disk is not yet supported.
standby:disk
Displays the contents of the internal disk.
standby:extdisk
Displays the contents of the external disk. Note: as of the
date of this publication, the external disk is not yet supported.
Example
(FS5CX420F1087012) (File)# dir extdisk
Fri Feb 27 15:07
Wed Mar 11 13:49
2594 E2_single_chassis.scr
1403 NCI.scr
Thu Mar 26 08:15 25546792 fsos.fortiswitch500.img
Wed Mar 18 16:15
1432 hybrid-1S2E
Fri Mar 27 14:39 25546792 fsos.fortiswitch500v4.01.img
Thu Mar 26 19:17
1663 soaking.scr
Thu Apr 9 09:02
1663 soak.5625.scr
Thu Apr 9 08:49 25546792 fsos.fortiswitch500v4.02.img
Thu Apr 9 08:59
744 radius.scr
Disk Usage: total 864964K|available 670580K|used 194384K(22%)
Dir Operation Completed!
202
6.2.4 end
Syntax
end
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (File)# end
203
6.2.5 exit
Syntax
exit
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (File)# exit
204
6.2.6 ftp
Syntax
ftp <ip_address> [1-65535]
Purpose
To connect to a File Transfer Protocol (FTP) server in order to upload or download files.
Defaults
The FTP connection uses destination TCP port 21 by default.
Options & Parameters
<ip_address>
Specifies the valid host IP address for the FTP server.
[1-65535]
Specifies the destination TCP port on the FTP server. If no
port number is entered, the default is port 21.
Example
(FS5CX420F1087012) (File)# ftp 10.10.50.52 1021
Connected to 10.10.50.52.
220 (vsFTPd 2.0.5)
Name (10.10.50.52:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
205
6.2.7 script
Syntax
script { apply | show | validate } [path/] <script_name.scr>
Purpose
To apply, view or evaluate a configuration script stored on an attached disk.
Defaults
If no file path is supplied, script is assumed to be on the internal disk.
Options & Parameters
apply
Applies the specified configuration script.
show
Shows the contents of the specified configuration script.
validate
Validates the specified configuration script.
[path/]
Specifies the file path to the script file;
extdisk/<script_name.scr> specifies that the script file is on the
external disk; otherwise the default location is the internal disk.
<script_name.scr>
Specifies the script to be acted upon. The extension .scr is
optional.
Notes
If the script to be acted upon does not reside on the internal disk, a file path (e.g., extdisk/) must
be supplied.
Running a configuration script adds to the running configuration rather than replacing it. To
replace the running configuration with a configuration script, first reset the configuration to
manufacturer defaults by using the command sequence copy default-config startup-config and
resetting the switch using the reload command, then use script to run the script.
Examples
apply:
(FS5CX420F1087012) (File)# script apply mincfg.scr
show:
(FS5CX420F1087012) (File)# script show single-chassis.scr
1 : !Current Configuration:
2:!
3 : !System Description "FortiSwitch Ethernet Fabric Switch (FortiSwitch-500)"
4 : !System Description v4.0,build0202,091015
5:!
6 : no paging
7 : configure
206
8 : snmpd sysname "Leaf-2-r9"
9 : prompt "Leaf-2-r9"
[etc.]
validate:
(FS5CX420F1087012) (File)# script validate mincfg.scr
configure
mgmt-ip sshd
vlan
exit
Configuration script 'mincfg.scr' validated.
207
6.2.8 system
image
Syntax
system image [path/] <file_name>
Purpose
To update the system image.
Options & Parameters
[path/]
Specifies the file path to the system image file.
extdisk/<file_name> specifies that the image file is on the
external disk; otherwise the default location is the internal
disk.
<file_name>
Specifies the file from which the system image is to be
updated.
Notes
When upgrading system files in a fabric, all system images on all switches should be from the
same build; Fortinet recommends upgrading all system images when performing a system
upgrade on a fabric.
To update the boot-loader image (BIOS) for a switch, use the update command. (See page 210)
(Note that boot-loader images are rarely updated in the field.)
Example
(FS5CX420F1087012) (File)# system image wfos.1-3-0.fc.img
208
6.2.9 tftp
Syntax
tftp {get <ip_address>:/<file_path>/<file_name> [target_file] | put <file_name>
<ip_address>:/<file_path>/[target_file] }
Purpose
To upload or download files to or from a Trivial File Transfer Protocol (TFTP) server.
Options & Parameters
get
Downloads the specified file from the specified TFTP server.
put
Uploads the specified file to the specified TFTP server.
<ip_address>
Specifies the valid host IP address for the TFTP server.
<file_path>
Specifies the file path.
<file_name>
Specifies the file name.
[target_file]
Specifies the optional target file name. If none is specified,
the name of the source file is used.
Examples
get:
(FS5CX420F1087012) (File)# tftp get 172.67.0.115:/scripts/20070621Default.scr newDefault.scr
This goes to the “scripts” directory at the specified IP address and downloads a file called
“20070621Default.scr” into a file called “newDefault.scr” on the internal disk.
put:
(FS5CX420F1087012) (File)# tftp put newDefault.scr 172.67.0.115:/scripts/
This copies a file called “newDefault.scr” from the internal disk to a file of the same name in the
“scripts” directory at the specified IP address.
209
6.2.10 update
boot-loader
Syntax
update boot-loader [path/] <image_name>
Purpose
To update the boot loader image.
Options & Parameters
[path/]
Specifies the file path to the boot loader image file.
extdisk/<file_name> specifies that the image file is on the
external disk; otherwise the default location is the internal
disk.
<image_name>
Specifies the file name of the image file from which to update.
Notes
Caution: Before using the system image or update boot-loader command, be sure that you
are loading the appropriate image file; boot-loader images are rarely updated in the field.
Also note when upgrading system files in a fabric that all system images on all switches should
be from the same build; Fortinet recommends upgrading all system images when performing a
system upgrade.
Example
(FS5CX420F1087012) (File)# update boot-loader extdisk ubootimage.img
This updates the boot loader (BIOS) image from a file named “ubootimage.img” on the external
disk.
210
6.2.11 verify
Syntax
verify { boot-loader image | system image } [path/] <file_name>
Purpose
To verify the checksum of an image file.
Options & Parameters
boot-loader image
Verifies a boot-loader image.
system image
Verifies a system image.
[path/] <file_name>
Specifies the path and file name for the image to be verified.
If no path is specified, the default location is the internal disk.
Examples
Example showing failed verification:
(FS5CX420F1087012) (File)# verify system image linux.dmsk.img
verify image: Bad data checksum 8a18fb4c 64b762ea
verify system image: Failed
Example showing successful verification:
(FS5CX420F1087012) (File)# verify system image fsos.fortiswitch500v4.01.img
Image:
fortiswitch500v4.0.1
Creation:
Fri Mar 27 19:08:38 2009
Data Size:
25546728 Bytes
Data Checksum: 0x25734CDE
Verification: Passed!
211
7 Config-LAG Mode
7.1 Overview
The Config-LAG Mode provides configuration commands for LAGs.
7.1.1 Access
This mode is accessed by using the lag command in Config Mode (and specifying a LAG ID).
7.1.2 Exit
To exit from this mode, use the exit command to return to Config Mode or the end command to
return to Enable Mode.
7.2 Commands
add-port
Add a port to this LAG.
delete-port
Delete a port from this LAG.
end
Exit to Enable Mode.
exit
Exit to Config Mode.
fdb-table static
Configure a static MAC address to the port.
garp
Configure Generic Attribute Registration
Protocol (GARP) parameters.
gvrp
Configure GARP VLAN Registration Protocol
(GVRP) parameters.
lacp
Enable/disable Link Aggregation Control
Protocol (LACP) on the LAG.
mtu
Set the default MTU size.
name
Configure a name for the port LAG.
shutdown
Disable the LAG. The configuration remains
unchanged, but no traffic is forwarded by the
LAG.
spanning-tree
Set the spanning tree operational mode.
212
vlan
Configure VLAN parameters.
vscale-mode
Configure the LAG’s vSCALE mode.
213
7.2.1 add-port
Syntax
add-port <slot/port>
Purpose
To add a port to the LAG being configured.
Options & Parameters
<slot/port>
Specifies the port to be added to the LAG in slot/port format.
Note
IMPORTANT: GVRP must be disabled on member ports before they are added to the LAG.
Adding member ports with GVRP enabled to a LAG may prevent the LAG from passing traffic.
To enable GVRP on a LAG, first disable GVRP on the member ports using the no gvrp portmode command in Config-Port Mode (see page 239), then assemble the LAG, then enable
GVRP on the LAG using the gvrp port-mode command in Config-LAG Mode (see page 220).
Example
(FS5CX420F1087012) (Config-LAG 1)#add-port 1/1
214
7.2.2 delete-port
Syntax
delete-port <slot/port>
Purpose
To remove a port from the LAG being configured.
Options & Parameters
<slot/port>
Specifies the port to be removed from the LAG in slot/port
format.
Notes
Removing all ports from a LAG does not delete the LAG itself. To remove the LAG, use the no
form of the lag command in Config Mode.
Example
(FS5CX420F1087012) (Config-LAG 1)#delete-port 1/1
215
7.2.3 end
Syntax
end
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config-LAG 1)# end
216
7.2.4 exit
Syntax
exit
Purpose
To exit to Config Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config-LAG 1)# exit
217
7.2.5 fdb-table
static
Syntax
fdb-table static <mac_address>
Purpose
To add a static MAC address to the LAG.
Options & Parameters
<mac_address>
Specifies the static MAC address to add to the FDB table for
the LAG.
Notes
To configure the FDB table aging timeout, use the fdb-table aging-time command in Config
Mode.
If a static MAC address is already configured on the switch, the CLI will reject the configuration
command. If the configured static MAC is already learned in the FDB table, the management
software will overwrite the MAC entry with the newly configured static entry.
At any point, FortiSwitch OS can only handle any MAC address at one single port. This is
different from typical Independent VLAN Learning (IVL) switches, which can configure multiple
entries of the same MAC address as long as they have the same VLAN tag.
Example
(FS5CX420F1087012) (Config-LAG 1)#fdb-table static 00:1A:F6:00:03:61
218
7.2.6 garp
timer
Syntax
garp timer {join <10-100> | leave <20-600> | leave-all <200-6000> }
Purpose
To configure the Generic Attribute Registration Protocol (GARP) timer attributes.
Defaults
•
The default GVRP join time is 20 centiseconds.
•
The default GVRP leave time is 60 centiseconds.
•
The default interval for the generation of leave-all packets is 1000 centiseconds.
Options & Parameters
join <10-100>
Specifies the GVRP join time – the interval between
transmission of GARP packets registering membership for a
VLAN or multicast group – in centiseconds.
leave <20-600>
Specifies the GVRP leave time – the interval between
receiving an unregister request for a VLAN or a multicast
group and deleting the VLAN entry – in centiseconds.
leave-all <200-6000>
Specifies the frequency with which “leave-all” packets –
packets deleting all registration entries – are generated.
Notes
All forms of the garp timer command only have an effect when GVRP is enabled.
The “no” form of this command resets the specified time to the default:
no garp timer join resets the GVRP join time to 20 centiseconds
no garp timer leave resets the GVRP leave time to 60 centiseconds
no garp timer leave-all resets the “leave-all” generation interval to 1000 centiseconds
Examples
(FS5CX420F1087012) (Config-LAG 1)#garp timer join 30
(FS5CX420F1087012) (Config-LAG 1)#garp timer leave 200
(FS5CX420F1087012) (Config-LAG 1)#garp timer leave-all 2000
219
7.2.7 gvrp
port-mode
Syntax
gvrp port-mode
Purpose
To enable or disable GARP VLAN Registration Protocol (GVRP) on this LAG.
Options & Parameters
This command has no options or parameters.
Notes
•
IMPORTANT: You must disable GVRP on the member ports before assembling
them into a LAG; failure to do so will create a LAG which cannot pass traffic.
•
In order for GVRP to work on the LAG, GVRP must be enabled on the switch by using
the gvrp admin-mode command in Config Mode. (See page 170)
Example
(FS5CX420F1087012) (Config-LAG 1)#gvrp port-mode
220
7.2.8 lacp
Syntax
lacp
Purpose
To enable Link Aggregation Control Protocol (LACP) on the LAG.
Defaults
LACP is enabled on all LAGs by default.
Options & Parameters
This command has no options or parameters.
Notes
When LACP is disabled on a LAG, the LAG becomes “static.” To disable LACP, use the no form
of the command.
Examples
default:
(FS5CX420F1087012) (Config-LAG 1)lacp
This enables LACP on LAG 1.
“no” form:
(FS5CX420F1087012) (Config-LAG 1)no lacp
This disables LACP on LAG 1.
221
7.2.9 mtu
Syntax
mtu <64-10232>
Purpose
To set the Maximum Transmission Unit (MTU) value for the LAG.
Defaults
The MTU value is set to 1522 bytes (tagged) or 1518 bytes (untagged) by default.
Options & Parameters
<64-10232>
Specifies the Maximum Transmission Unit (MTU) size in
bytes for the LAG.
Example
(FS5CX420F1087012) (Config-LAG 1)#mtu 10232
222
7.2.10 name
Syntax
name <lag_name>
Purpose
To set the name for the LAG.
Defaults
Unnamed LAGs are called “default” by default.
Options & Parameters
<lag_name>
Specifies the name to be used for the LAG. Name can be up
to 15 alphanumeric characters in length.
Notes
A LAG name is used to identify the purpose or nature of the LAG to the operator. The LAG name
appears in the output of the show lag commands. (See show lag brief on page 30 or show lag
on page 96)
Example
(FS5CX420F1087012) (Config-LAG 1)#name office7LAG
223
7.2.11 shutdown
Syntax
shutdown
Purpose
To disable the LAG.
Options & Parameters
This command has no options or parameters.
Notes
This command leaves the configuration unchanged, but prevents the LAG from forwarding traffic.
To remove the LAG entirely, use the no form of the lag command. (See page 172)
When a LAG is shut down, its admin mode is disabled and its link status is changed to “down.”
For all its member ports, link status is “down” but admin mode remains enabled.
When a LAG is shut down, users cannot add new member ports to the LAG or delete any existing
member ports from the LAG. To add or delete member ports, first enable the LAG using the “no”
form of this command.
Example
(FS5CX420F1087012) (Config-LAG 1)#shutdown
224
7.2.12 spanning-tree
Syntax
spanning-tree { edgeport | hello-time <1-10> | port-mode | mst { <0> | <1-64> } { cost { <1200000000> | auto } | external-cost { <1-200000000> | auto } | port-priority <0-240> } }
Purpose
To set and configure the spanning tree operational mode for the LAG.
Defaults
•
There is no default behavior for this command.
•
STP is enabled by default on all LAGs (port mode is enabled by default).
•
The hello time for the LAG is set to 2 seconds by default.
•
Port priority is set to 128 by default.
Options & Parameters
edgeport
Configures the LAG as an edge port.
hello-time <1-10>
Sets the hello-time for the LAG in seconds. If not specified,
default is 2.
port-mode
Enables the LAG for use by spanning trees.
mst { <0> | <1-64> }
Configures a Multiple Spanning Tree (MST) instance. Using 0
as the instance identifier configures the common and internal
spanning tree. To configure another existing MST, use its
identifier (between 1 and 64).
cost { <1-200000000> | auto }
Specifies the path cost (within the MST region) for the LAG
when used by the specified MST instance. If auto is used in
place of a numeric value, the path cost value is calculated
automatically on the basis of link speed.
external-cost { <1200000000> | auto }
Specifies the external path cost (outside the MST region) for the
LAG when used by the specified MST instance. If auto is used
in place of a numeric value, the external path cost value is
calculated automatically on the basis of link speed. Note:
spanning tree version 802.1s (MSTP) is the default; if using
version 802.1d (STP) or version 802.1w (RSTP) instead, use
the external-cost option for configuring path cost for the LAG.
port-priority <0-240>
Specifies the priority for the port used by the specified MST
instance.
Notes
•
Switch-level spanning-tree configuration is performed in Config Mode. (See spanningtree on page 191)
•
MSTP (802.1s) is the default spanning tree protocol used on the FortiSwitch-500. If you
have configured the switch to run STP or RSTP instead, use the external-cost option to
configure spanning tree path cost for the LAG.
Examples
edgeport:
225
(FS5CX420F1087012) (Config-LAG 1)#spanning-tree edgeport
hello-time:
(FS5CX420F1087012) (Config-LAG 1)#spanning-tree hello-time 10
mst:
(FS5CX420F1087012) (Config-LAG 1)#spanning-tree mst 0 external-cost auto
port-mode:
(FS5CX420F1087012) (Config-LAG 1)#spanning-tree port-mode
226
7.2.13 vlan
Syntax
vlan { acceptframe { all | vlanonly } | participation {auto <1-4094> | exclude <1-4094> |
include <1-4094> } priority <0-7> | pvid <1-4094> | tagging <1-4094> }
Purpose
To configure VLAN parameters for the LAG.
Defaults
•
The frame acceptance mode is set to “all” by default.
•
The VLAN ID is set to 1 by default.
Options & Parameters
acceptframe { all | vlanonly }
Configures the handling of untagged frames. Using all
causes the LAG to accept all untagged or priority frames
received and assign them the value of the VLAN ID for this
LAG. Using vlanonly causes the LAG to drop all frames that
do not have a VLAN tag.
participation { auto | exclude |
include } <1-4094>
Sets the participation of this LAG in the specified VLAN.
priority <0-7>
Specifies the value for untagged frames received by this
LAG.
pvid <1-4094>
Sets the VLAN ID for untagged frames received by the LAG.
tagging <1-4094>
Enables tagging for the specified VLAN. When tagging is
enabled, traffic is transmitted as tagged frames.
Examples
acceptframe:
(FS5CX420F1087012) (Config-LAG 1)#vlan acceptframe all
participation:
(FS5CX420F1087012) (Config-LAG 1)#vlan participation auto
priority:
(FS5CX420F1087012) (Config-LAG 1)#vlan priority 0
pvid:
(FS5CX420F1087012) (Config-LAG 1)#vlan pvid 3255
tagging:
227
(FS5CX420F1087012) (Config-LAG 1)#vlan tagging 4045
228
7.2.14 vscale-mode
Syntax
vscale-mode { edge | internal }
Purpose
To set the vSCALE mode for the LAG.
Defaults
•
The vSCALE mode is set to “edge” by default.
Options & Parameters
edge
Sets the LAG’s vSCALE mode to “edge.” This is the
appropriate mode for outward-facing ports on an edge (leaf)
switch.
internal
Sets the LAG’s vSCALE mode to “internal.” This is the
appropriate mode for ports on a spine switch, and for ports
on an edge switch which connect inward into the fabric.
Notes
The vSCALE mode of ports and LAGs on switches participating in a fabric is set automatically by
the system (when a FortiSwitch switch is detected at the other end of a connection, the vSCALE
mode is automatically set to “internal”). This command is used primarily for debugging and
troubleshooting purposes.
Examples
edge:
(FS5CX420F1087012) (Config-LAG 1)#vscale-mode edge
internal:
(FS5CX420F1087012) (Config-LAG 1)#vscale-mode internal
229
8 Config-Port Mode
8.1 Overview
The Config-Port Mode provides configuration commands for individual ports.
8.1.1 Access
This mode is accessed by using the port command in Config Mode (and specifying a port to be
configured).
8.1.2 Exit
To exit from this mode, use the exit command to return to Config Mode or the end command to
return to Enable Mode.
8.2 Commands
Command
Purpose
description
Enter a description for the port.
end
Exit to Enable Mode.
exit
Exit to Config Mode.
fabric-control
Configure the bandwidth allocation of the
fabric.
fdb-table
Configure static MAC addresses to the port.
flow-control
Enable 802.3x flow control on the port.
garp
Configure Generic Attribute Registration
Protocol (GARP) parameters.
gvrp
Configure GARP VLAN Registration Protocol
(GVRP) parameters.
monitor
Configure port mirroring.
mtu
Set the default MTU size.
rate-limit priority
Set the rate limit for a specified priority or for all
priorities.
shutdown
Disable a port.
230
spanning-tree
Set the spanning tree operational mode.
vlan
Configure VLAN parameters.
vscale-mode
Configure the port’s vSCALE mode.
231
8.2.1 description
Syntax
description <description>
Purpose
To create a description for the port.
Options & Parameters
<description>
Specifies the description for the port. Description text may be
up to 256 printing characters except “!” and “?” and is to be
entered in quotations marks.
Example
(FS5CX420F1087012) (Config-Port 1/1)# description "in-band management port"
232
8.2.2 end
Syntax
end
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config-Port 1/1)# end
233
8.2.3 exit
Syntax
exit
Purpose
To exit to Config Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config-Port 1/1)# exit
234
8.2.4 fabric-control
Syntax
fabric-control { partition <2-1000> vlan { <1-4094> [1-4094] | all } | priority { 802.1d |
diffserv } }
Purpose
To link a port VLAN to a fabric partition or to link frame priority to partition class.
Options & Parameters
Notes
partition <2-1000>
Specifies a partition to which to link one or more VLANs.
vlan { <1-4094> [1-4094] | all }
Specifies which VLANs are to be added to the specified
partition. Up to 20 VLANs can be added individually; all adds
all available VLANs to the partition.
The incoming traffic tagged with these VLANs is forwarded
internally using only member SVLANs of the partition.
priority { 802.1p | diffserv }
Specifies which priority field in the frame is used to delineate
the partition class (default, a, b or c).
If 802.1p is selected, then the frames priorities map to
partition classes as follows:
0, 1: default
2, 3: a
4, 5: b
6, 7: c
If diffserv is selected, then the frames priorities map to
partition classes as follows:
0-31: default
32-63: a
64-95: b
96-127: c
•
The fabric-control command in Config-Port mode is used exclusively to configure the
port in relation to the fabric; to create the partitions and configure the fabric itself, use the
fabric-control command in Config Mode.
•
In addition to the default partition, a maximum of three additional partitions can be
created on a port.
Example
(FS5CX420F1087012) (Config-Port 1/1)#fabric-control partition 2 vlan all
This adds all the available VLANs on port 1/1 to partition #2 without specifying a priority.
235
8.2.5 fdb-table
static
Syntax
fdb-table static <mac_address>
Purpose
To add a static MAC address to the port.
Options & Parameters
<mac_address>
Notes
Specifies the static MAC address to add to the FDB table for
the port.
•
To configure the FDB table aging timeout, use the fdb-table aging-time command in
Config Mode.
•
If a static MAC address is already configured in the chassis, the CLI will reject the
configuration command. If the configured static MAC is already learned in the FDB table,
the management software will overwrite the MAC entry with the newly configured static
entry.
•
At any point, FortiSwitch OS can only handle a given MAC address at one single port.
This is different from typical Independent VLAN Learning (IVL) switches, which can
configure multiple entries of the same MAC address as long as they have the same
VLAN tag.
Example
(FS5CX420F1087012) (Config-Port 1/1)#fdb-table static 00:1A:F6:00:03:61
236
8.2.6 flow-control
Syntax
flow-control
Purpose
To enable 802.3x flow control for the port.
Defaults
802.3x flow control is disabled by default.
Options & Parameters
This command has no options or parameters.
Notes
The flow-control command in Config-Port mode enables 802.3x flow control (i.e., PAUSE) for
the port only.
To show the state of flow control for a specific port, use the show port command in Enable Mode.
Example
(FS5CX420F1087012) (Config-Port 1/1)#flow-control
237
8.2.7 garp
timer
Syntax
garp timer {join <10-100> | leave <20-600> | leave-all <200-6000> }
Purpose
To configure the Generic Attribute Registration Protocol (GARP) timer attributes.
Defaults
•
The default GVRP join time is 20 centiseconds.
•
The default GVRP leave time is 60 centiseconds.
•
The default interval for the generation of leave-all packets is 1000 centiseconds.
Options & Parameters
join <10-100>
Specifies the GVRP join time – the interval between
transmission of GARP packets registering membership for a
VLAN or multicast group – in centiseconds.
leave <20-600>
Specifies the GVRP leave time – the interval between
receiving an unregister request for a VLAN or a multicast
group and deleting the VLAN entry – in centiseconds.
leave-all <200-6000>
Specifies the frequency with which “leave-all” packets –
packets deleting all registration entries – are generated.
Notes
All forms of the garp timer command only have an effect when GVRP is enabled.
The “no” form of this command resets the specified time to the default:
no garp timer join resets the GVRP join time to 20 centiseconds
no garp timer leave resets the GVRP leave time to 60 centiseconds
no garp timer leave-all resets the “leave-all” generation interval to 1000 centiseconds
Examples
(FS5CX420F1087012) (Config-Port 1/1)#garp timer join 30
(FS5CX420F1087012) (Config-Port 1/1)#garp timer leave 200
(FS5CX420F1087012) (Config-Port 1/1)#garp timer leave-all 2000
238
8.2.8 gvrp
port-mode
Syntax
gvrp port-mode
Purpose
To enable or disable GARP VLAN Registration Protocol (GVRP) on this port.
Options & Parameters
This command has no options or parameters.
Notes
In order for GVRP to work on the port, GVRP must be enabled on the switch by using the gvrp
admin-mode command in Config Mode. (See page 170)
Example
(FS5CX420F1087012) (Config-Port 1/1)#gvrp port-mode
239
8.2.9 monitor
Syntax
monitor <slot/port> { rx | tx | both }
Purpose
To enable and configure a destination for port mirroring.
Defaults
Port mirroring is disabled by default.
Options & Parameters
Notes
<slot/port>
Specifies the mirrored (source) port (in slot/port format) for a
port mirroring session. The port currently being configured is
the mirroring (destination) port. Note: source and destination
ports must be on the same card.
{ rx | tx | both }
Specifies the mirroring mode. The rx option mirrors only
traffic received, tx mirrors only traffic transmitted, and both
mirrors all traffic on the source port.
•
Port mirroring forwards a copy of each incoming or outgoing packet (or both) from one
port of a switch to another port where the packet can be studied (source and destination
ports must be on the same card). In this command, the source port (port being mirrored)
is specified, and the destination port is the port currently being configured in Config-Port
Mode.
•
Mirroring does not affect the client on the original port.
•
Maximum number of mirrors supported on the FortiSwitch-500:
o
5 mirrors per destination (i.e., one port can be configured to mirror up to five
other ports on the same switch)
o
2 destinations per switch (i.e., two different ports on a single switch can be
configured to mirror other ports)
Example
(FS5CX420F1087012) (Config-Port 1/1)#monitor 1/3 mode both
This enables mirroring of both incoming and outgoing packets on port 1/3, with the mirror
destination being port 1/1.
240
8.2.10 mtu
Syntax
mtu <64-10232>
Purpose
To set the Maximum Transmission Unit (MTU) value for the port.
Defaults
The MTU value is set to 1522 bytes (tagged) or 1518 bytes (untagged) by default.
Options & Parameters
<64-10232>
Specifies the Maximum Transmission Unit (MTU) size in
bytes for the port.
Example
(FS5CX420F1087012) (Config-Port 1/1)#mtu 10232
241
8.2.11 shutdown
Syntax
shutdown
Purpose
To disable the port.
Options & Parameters
This command has no options or parameters.
Notes
•
This command leaves the configuration unchanged, but prevents the port from forwarding
traffic.
•
When a port is shut down, its admin mode is disabled and its link status is changed to
“down.”
Example
(FS5CX420F1087012) (Config-Port 1/1)#shutdown
242
8.2.12 spanning-tree
Syntax
spanning-tree { edgeport | hello-time <1-10> | port-mode | mst { <0> | <1-64> } { cost { <1200000000> | auto } | external-cost { <1-200000000> | auto } | port-priority <0-240> } }
Purpose
To set and configure the spanning tree operational mode for the port.
Defaults
•
There is no default behavior for this command.
•
STP is enabled by default on all ports (port mode is enabled by default).
•
The hello time for the port is set to 2 seconds by default.
•
Port priority is set to 128 by default.
Options & Parameters
edgeport
Configures the port as an edge port.
hello-time <1-10>
Sets the hello-time for the port in seconds. If not specified,
default is 2.
port-mode
Enables the port for use by spanning trees.
mst { <0> | <1-64> }
Configures a Multiple Spanning Tree (MST) instance. Using 0
as the instance identifier configures the common and internal
spanning tree. To configure another existing MST, use its
identifier (between 1 and 64).
cost { <1-200000000> | auto }
Specifies the path cost (within the MST region) for the port when
used by the specified MST instance. If auto is used in place of
a numeric value, the path cost value is calculated automatically
on the basis of link speed.
external-cost { <1200000000> | auto }
Specifies the external path cost (outside the MST region) for the
port when used by the specified MST instance. If auto is used
in place of a numeric value, the external path cost value is
calculated automatically on the basis of link speed. Note:
spanning tree version 802.1s (MSTP) is the default; if using
version 802.1d (STP) or version 802.1w (RSTP) instead, use
the external-cost option for configuring path cost for the port.
port-priority <0-240>
Specifies the priority for the port used by the specified MST
instance.
Notes
•
Switch-level spanning-tree configuration is performed in Config Mode. (See spanningtree on page 191)
•
MSTP (802.1s) is the default spanning tree protocol used on the FortiSwitch-500. If you
have configured the switch to run STP or RSTP instead, use the external-cost option to
configure spanning tree path cost for the port.
Examples
edgeport:
(FS5CX420F1087012) (Config-Port 1/1)#spanning-tree edgeport
243
hello-time:
(FS5CX420F1087012) (Config-Port 1/1)#spanning-tree hello-time 10
mst:
(FS5CX420F1087012) (Config-Port 1/1)#spanning-tree mst 0 external-cost auto
port-mode:
(FS5CX420F1087012) (Config-Port 1/1)#spanning-tree port-mode
244
8.2.13 vlan
Syntax
vlan { acceptframe { all | vlanonly } | participation {auto <1-4094> | exclude <1-4094> |
include <1-4094> } priority <0-7> | pvid <1-4094> | tagging <1-4094> }
Purpose
To configure VLAN parameters for the port.
Defaults
The frame acceptance mode is set to “all” by default.
The VLAN ID is set to 1 by default.
Options & Parameters
acceptframe { all | vlanonly }
Configures the handling of untagged frames. Using all
causes the port to accept all untagged or priority frames
received and assign them the value of the VLAN ID for this
port. Using vlanonly causes the port to drop all frames that
do not have a VLAN tag.
participation { auto | exclude |
include } <1-4094>
Sets the participation of this port in the specified VLAN.
priority <0-7>
Specifies the value for untagged frames received by this port.
pvid <1-4094>
Sets the VLAN ID for untagged frames received by the port.
tagging <1-4094>
Enables tagging on this port for the specified VLAN. When
tagging is enabled, traffic is transmitted as tagged frames.
Examples
acceptframe:
(FS5CX420F1087012) (Config-Port 1/1)#vlan acceptframe all
participation:
(FS5CX420F1087012) (Config-Port 1/1)#vlan participation auto 3
priority:
(FS5CX420F1087012) (Config-Port 1/1)#vlan priority 0
pvid:
(FS5CX420F1087012) (Config-Port 1/1)#vlan pvid 3255
245
tagging:
(FS5CX420F1087012) (Config-Port 1/1)#vlan tagging 4045
246
8.2.14 vscale-mode
Syntax
vscale-mode { edge | internal }
Purpose
To set the vSCALE mode for the port.
Defaults
•
The vSCALE mode is set to “edge” by default.
Options & Parameters
edge
Sets the port’s vSCALE mode to “edge.” This is the
appropriate mode for outward-facing ports on an edge (leaf)
switch.
internal
Sets the port’s vSCALE mode to “internal.” This is the
appropriate mode for ports on a spine switch, and for ports
on an edge switch which connect inward into the fabric.
Notes
The vSCALE mode of ports and LAGs on switches participating in a fabric is set automatically by
the system (when a FortiSwitch switch is detected at the other end of a connection, the vSCALE
mode is automatically set to “internal”). This command is used primarily for debugging and
troubleshooting purposes.
Examples
edge:
(FS5CX420F1087012) (Config-Port 1/1)#vscale-mode edge
internal:
(FS5CX420F1087012) (Config-Port 1/1)#vscale-mode internal
247
9 Config-VLAN Mode
9.1 Overview
The Config-VLAN Mode provides configuration commands for VLANs.
9.1.1 Access
This mode is accessed by using the vlan command in Config Mode.
9.1.2 Exit
To exit from this mode, use the exit command to return to Config Mode or the end command to
return to Enable Mode.
9.2 Commands
end
Exit to Enable Mode.
exit
Exit to Config Mode.
participation
Configure how ports participate in a specified
VLAN.
port
Configure 802.1Q port parameters for VLANs.
vlan-id
Create a new VLAN or delete an existing
VLAN.
248
9.2.1 end
Syntax
end
Purpose
To exit to Enable Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config-VLAN)# end
249
9.2.2 exit
Syntax
exit
Purpose
To exit to Config Mode.
Options & Parameters
This command has no options or parameters.
Example
(FS5CX420F1087012) (Config-VLAN)# exit
250
9.2.3 participation
all
Syntax
participation all { auto | exclude | include } <1-4094>
Purpose
To configure how all ports participate in a specified VLAN.
Options & Parameters
auto <1-4094>
Sets participation for all ports in the specified VLAN to auto.
All ports are always members of the specified VLAN.
exclude <1-4094>
Sets participation for all ports in the specified VLAN to
“exclude.” No ports are ever members of the specified VLAN
– equivalent to “forbidden”.
include <1-4094>
Sets participation for all ports in the specified VLAN to
“include.” All ports are members of the specified VLAN.
Examples
auto:
(FS5CX420F1087012) (Config-VLAN)# participation all auto 500
exclude:
(FS5CX420F1087012) (Config-VLAN)# participation all exclude 500
include:
(FS5CX420F1087012) (Config-VLAN)# participation all include 500
251
9.2.4 port
Syntax
port { acceptframe all { all | vlanonly } | priority all <0-7> | pvid all <1-4094> | tagging all <14094> }
Purpose
To configure 802.1Q port parameters for VLANs.
Defaults
Frame acceptance mode is set to “all” by default.
VLAN ID for all ports is set to 1 by default.
Options & Parameters
acceptframe all { all |
vlanonly }
Sets the frame acceptance mode for all ports. If the option
all is selected, untagged frames or priority frames received
are accepted and assigned the value of the port VLAN ID. If
the option vlanonly is selected, only frames received with a
VLAN tag will be forwarded. All other frames will be dropped.
priority all <0-7>
Sets the priority for untagged frames received.
pvid all <1-4094>
Specifies the VLAN ID to be assigned to untagged packets
received on all ports. If not specified, the default is 1.
tagging all <1-4094>
Enables tagging on frames transmitted by all ports in the
specified VLAN. When tagging is enabled, traffic is
transmitted as tagged frames.
Examples
acceptframe:
(FS5CX420F1087012) (Config-VLAN)# port acceptframe all vlanonly
priority:
(FS5CX420F1087012) (Config-VLAN)# port priority all 0
pvid:
(FS5CX420F1087012) (Config-VLAN)# port pvid all 300
tagging:
(FS5CX420F1087012) (Config-VLAN)# port tagging all 3
252
9.2.5 vlan-id
Syntax
vlan-id { <1-4094> | <1-4094> name <new_name> | makestatic <2-4094> }
Purpose
To create or name a VLAN, to delete a VLAN, or to make a dynamic (learned) VLAN static.
Defaults
When executed with a valid VLAN ID and no other options, this command creates a static VLAN
with the specified ID by default.
Options & Parameters
<1-4094>
Specifies a valid VLAN. When used with no other options,
this creates a static VLAN with the specified ID if it does not
already exist.
<1-4094> name <new_name>
Sets the name of the specified VLAN to the specified name.
makestatic <2-4094>
Changes the specified dynamic, learned VLAN to a static
VLAN. Note: the default VLAN (VLAN 1) is always static.
Notes
•
This command is used for the creation of static VLANs; dynamic VLANs are learned
through GVRP protocol.
•
If a dynamic VLAN has already been learned via GVRP, a static VLAN with the same ID
cannot be created. Instead, use the makestatic option to make the VLAN static.
(Dynamic VLANs do not persist over a reboot and can not be configured by the operator.)
•
Use the no form of this command to delete an existing VLAN.
Examples
default:
(FS5CX420F1087012) (Config-VLAN)# vlan-id 500
name:
(FS5CX420F1087012) (Config-VLAN)# vlan-id 500 name testingVlan
makestatic:
(FS5CX420F1087012) (Config-VLAN)# vlan-id makestatic 500
no (deleting an existing VLAN):
(FS5CX420F1087012) (Config-VLAN)# no vlan-id 500
253
10 Command Index
add-port ...............................................................215
authentication login............................................159
clear .......................................................................63
clear counters .......................................................64
clear fdb-table learned .........................................65
clear logging buffered ..........................................66
clear radius statistics...........................................67
clear trap-log .........................................................68
clock.......................................................................69
cls (Default Mode).................................................18
cls (Enable Mode) .................................................70
configure ...............................................................71
copy .....................................................................200
cos dot1p-mapping.............................................160
delete ...................................................................202
delete-port ...........................................................216
description ..........................................................233
dir .........................................................................203
disconnect.............................................................72
enable ....................................................................19
end (Config Mode) ..............................................161
end (Config-LAG Mode) .....................................217
end (Config-VLAN Mode) ...................................250
end (File Mode) ...................................................204
exit..........................................................................73
exit (Config Mode) ..............................................162
exit (Config-LAG Mode) .....................................218
exit (Config-VLAN Mode) ...................................251
exit (Enable Mode) ................................................73
exit (File Mode)....................................................205
fabric-control (Config Mode) .............................163
fabric-control (Config-Port Mode).....................236
fabric-control partition (Config Mode)..............166
fdb-table aging-time ...........................................167
fdb-table static (Config-LAG Mode) ..................219
file...........................................................................74
flow-control .........................................................238
FortiGuard
Antivirus ..............................................................10
services ...............................................................10
Fortinet
Training Services;Training Services ...................10
Knowledge Base .................................................11
Knowledge Base;Knowledge Base;how-to;FAQ
notes.........................................................11
Technical Support, web site ............................... 10
ftp ........................................................................ 206
garp timer ........................................... 168, 220, 239
gvrp (Config Mode) ............................................ 169
gvrp (Config-LAG Mode) ................................... 221
gvrp (Config-Port Mode) ................................... 240
help (Enable Mode) ............................................. 75
help (Default Mode).............................................. 20
ipfix...................................................................... 170
lacp...................................................................... 222
lag ........................................................................ 171
logging ................................................................ 172
logout .............................................................. 21, 76
mgmt-ip............................................................... 174
mgmt-ip inband .................................................. 175
mgmt-ip service-port ......................................... 177
mgmt-ip sshd ..................................................... 178
mgmt-ip telnetd .................................................. 179
monitor................................................................ 241
mtu .............................................................. 223, 242
name.................................................................... 224
paging ................................................................... 77
participation all .................................................. 252
ping (Default Mode) ............................................. 22
ping (Enable Mode).............................................. 78
port (Config Mode)............................................. 180
port (Config-VLAN Mode).................................. 253
product registration............................................. 10
prompt................................................................. 181
radius .................................................................. 182
registering
with Fortinet Technical Support
Technical Support, registering with ......... 10
reload .................................................................... 79
script ................................................................... 207
serial.................................................................... 184
Show Commands
show arp............................................................. 82
show authentication ........................................... 83
show clock.......................................................... 84
Show Commands in Default Mode..................... 23
Show Commands in Enable Mode..................... 80
show cos dot1p-mapping ............................. 24, 85
show fabric-control ............................................. 86
show fdb-table .................................................... 88
show garp..................................................... 25, 90
show gvrp ........................................................... 91
show gvrp configuration ..................................... 26
show history ....................................................... 28
show ipfix............................................................ 94
Technical Documentation
documentation..........................................11
Technical Support
support .....................................................10
254
show lag (Enable Mode) ....................................95
show lag brief (Default Mode) .............................29
show logging .....................................................100
show login-session............................................102
show mgmt-ip (Default Mode).............................30
show mgmt-ip (Enable Mode) ...........................103
show monitor.....................................................105
show port...........................................................106
show radius .......................................................110
show running-config ..........................................112
show serial ..................................................31, 114
show snmpd ......................................................115
show snmp-trap.................................................116
show sntp ..........................................................117
show spanning -tree mst.............................36, 123
show spanning-tree.....................................32, 119
show spanning-tree brief.............................34, 121
show spanning-tree lag...............................35, 122
show spanning-tree mst detailed ................38, 125
show spanning-tree mst lag ........................39, 126
show spanning-tree mst port.......................41, 128
show spanning-tree mst summary ..............43, 131
show spanning-tree port .............................44, 132
show spanning-tree summary.....................45, 133
show spanning-tree vlan .............................46, 134
show startup-config ...........................................135
show system ...............................................47, 136
show system cardtypes-supported .............48, 137
show system fan .........................................51, 140
show system info.........................................52, 141
show system io-card ...................................49, 138
show system mibs-supported..................... 53, 142
show system power-supply ........................ 55, 144
show system status.................................... 56, 145
show system version.................................. 57, 146
show task ......................................................... 148
show telnet ................................................. 59, 149
show users ....................................................... 150
show vlan ......................................................... 151
shutdown .................................................... 225, 243
sleep.................................................................... 153
snmpd ................................................................. 185
snmp-trap ........................................................... 188
sntp ..................................................................... 190
spanning-tree (Config-LAG Mode) ................... 226
spanning-tree (Config-Mode)............................ 192
spanning-tree (Config-Port Mode) ................... 244
system image ..................................................... 209
tech-support save-info ...................................... 154
telnet ..................................................................... 60
tftp ....................................................................... 210
traceroute ........................................................... 156
update ................................................................. 211
users ................................................................... 195
verify ................................................................... 212
vlan (Config Mode)............................................. 197
vlan (Config-LAG Mode).................................... 228
vlan (Config-Port Mode) .................................... 246
vlan-id ................................................................. 254
vscale-mode (Config-LAG Mode) ..................... 230
vscale-mode (Config-Port Mode) ..................... 248
255