| FortiGate commands for ForitSwitch (in FortiLink) | |
| General Info | |
| Overview of all FortiSwitches Serial, Verison, IP, Status | execute switch-controller get-conn-status |
| FortiSwitch configuration (config is stored on the FortiGate) | show switch-controller managed-switch S448DP1111111 |
| Connect from the FortiGate to a FortiSwitch (use the IP from the get-conn-status command) | execute ssh admin@10.255.1.2 |
| FortiSwitch Firmware Upgrade status | execute switch-controller get-upgrade-status |
| Port Information | |
| Port Status speed/duplex and switch status information | execute switch-controller get-conn-status S448DP1111111 |
| Port info PoE, connector and available speed options | diagnose switch-controller switch-info port-properties S448DP1111111 |
| Port stats State / speed & duplex / some in &out counters | diag switch-controller switch-info port-stats S448DP1111111 |
| FortiSwitch MAC Table | diagnose switch-controller switch-info mac-table S448DP1111111 |
| show all Device Informations for one FortiSwitch Serial IP,MAC, OS, Hardware ….) | diagnose user-device-store device memory query 53 fortiswitch_id S448DP1111111 |
| FortiSwitch on FortiGate show all Devices for one MAC (port, OS) | diagnose user-device-store device memory query 2 mac f4:a8:0d:0b:11:11 |
| 802.1X state of the ports | diag switch-controller switch-info 802.1X S448DP1111111 |
| Trunk (portchannel) status on all switches (check for link failures) | diag switch-controller switch-info trunk status |
| LLDP info summary | diag switch-controller switch-info lldp neighbors-summary S448DP1111111 |
| MCLAG peer config consistency on all switches | diag switch-controller switch-info mclag peer-consistency-check |
| FortiSwitch native commands (must be executed directly on the FortiSwitch) | |
| Physical Ports Status | get switch physical-port |
| LLDP per port summary info | get switch lldp neighbors-summary |
| MAC table | diag switch mac-address list |
| Trunk info (show fortilink trunk members) | get switch trunk |
| STP info (who is root / stp forwarding state per port) | diagnose stp instance list |
| Port info state, speed, native vlan | diag switch physical-ports summary |
| Port Infos speed, state, counters | diag switch physical-ports list |
| Port Counters detail + Error | diag switch physical-ports port-stats list diag switch physical-ports port-stats non-zero |
| Port Bandwitth RX TX current state | diag switch physical-ports linerate |
| DHCP Snooping overview | get switch dhcp-snooping database-summary |
| SFP Transmit RX TX dbm (-3 – -9 dbm is ok) | get switch modules status |
| Enable sniffer on FortiSwitch port (in my example port8) and capture 100 packets –> Alternative: use a mirror port, or check the FortiSwitch documentation, there are several possibilities | config switch interface edit port8 set packet-sampler enabled set packet-sample-rate 1 #select the port you’ve enabled the packet-sampler (sp8 = port 8) end diag sniffer packet sp8 ” 4 100 l |
| Disable sniffer on FortiSwitch port (in my example port8) | config switch interface edit port8 unset packet-sample-rate set packet-sampler disabled end |
If you should need assistance with Fortinet Products don’t hesitate to contact us
office@c3it.net
