Fortinet 548B User Manual
FortiSwitch-548B
Version 5.2.0.2
Administration Guide
FortiSwitch-548B Administration Guide
Version 5.2.0.2
Revision 6
December 11, 2012
Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are
registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of
Fortinet. All other product or company names may be trademarks of their respective owners. Fortinet
reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the
most current version of the publication shall be applicable.
Regulatory compliance
FCC Class A Part 15 CSA/CUS
Table of Contents
1. Introduction ................................................................................................................ 6
1.1 Scope ................................................................................................................. 6
1.2 Documentation .................................................................................................... 6
1.3 Customer Service and Technical Support ........................................................... 6
1.4 Training ............................................................................................................... 6
2. Product Overview....................................................................................................... 8
2.1 Switch Description .............................................................................................. 8
2.2 Features ............................................................................................................. 8
2.3 Front-Panel Components .................................................................................. 10
2.4 LED Indicators .................................................................................................. 10
2.5 Rear Panel Description ..................................................................................... 10
2.6 Management Options ........................................................................................ 11
2.7 Web-based Management Interface ................................................................... 11
2.8 Command Line Console Interface Through the Serial Port or Telnet ................. 11
2.9 SNMP-Based Management .............................................................................. 11
3. Installation and Quick Startup................................................................................... 13
3.1 Package Contents............................................................................................. 13
3.2 Switch Installation ............................................................................................. 14
3.3 Installing the Switch in a Rack .......................................................................... 15
3.4 Quick Starting the Switch .................................................................................. 16
3.5 System Information Setup ................................................................................. 17
4. Console and Telnet Administration Interface ............................................................ 21
4.1 Local Console Management ............................................................................. 21
4.2 Set Up your Switch Using Console Access ....................................................... 21
4.3 Set Up your Switch Using Telnet Access ........................................................... 23
5. Web-Based Management Interface ................................ .......................................... 24
5.1 Overview ........................................................................................................... 24
5.2 How to log in ..................................................................................................... 25
5.3 Web-Based Management Menu ........................................................................ 26
6. Command Line Interface Structure and Mode-based CLI ......................................... 30
6.1 CLI Command Format ...................................................................................... 30
6.2 CLI Mode-based Topology ................................................................................ 31
7. Switching Commands .............................................................................................. 33
7.1 System Information and Statistics commands ................................................... 33
- 3 -
7.2 Device Configuration Commands...................................................................... 41
7.3 Management Commands ................................................................................ 152
7.4 Spanning Tree Commands .............................................................................. 202
7.5 System Log Management Commands ............................................................ 222
7.6 Script Management Commands ...................................................................... 229
7.7 User Account Management Commands .......................................................... 231
7.8 Security Commands ........................................................................................ 237
7.9 CDP (Cisco Discovery Protocol) Commands .................................................. 269
7.10 SNTP (Simple Network Time Protocol) Commands ........................................ 274
7.11 MAC-Based Voice VLAN Commands ............................................................. 280
7.12 LLDP (Link Layer Discovery Protocol) Commands .......................................... 284
7.13 Denial Of Service Commands ................................................................ ......... 301
7.14 VTP (VLAN Trunking Protocol) Commands ..................................................... 310
7.15 Protected Ports Commands ............................................................................ 316
7.16 Static MAC Filtering Commands ..................................................................... 318
7.17 System Utilities ............................................................................................... 321
7.18 DHCP Snooping Commands .......................................................................... 342
7.19 IP Source Guard (IPSG) Commands .............................................................. 350
7.20 Dynamic ARP Inspection (DAI) Command ...................................................... 353
7.21 Differentiated Service Command .................................................................... 360
7.22 ACL Command ............................................................................................... 389
7.23 IPv6 ACL Command ....................................................................................... 397
7.24 CoS (Class of Service) Command .................................................................. 401
7.25 Domain Name Server Relay Commands ........................................................ 408
8. Routing Commands ............................................................................................... 414
8.1 Address Resolution Protocol (ARP) Commands ............................................. 414
8.2 IP Routing Commands .................................................................................... 420
8.3 Open Shortest Path First (OSPF) Commands ................................................. 432
8.4 BOOTP/DHCP Relay Commands ................................................................... 468
8.5 Routing Information Protocol (RIP) Commands .............................................. 471
8.6 Router Discovery Protocol Commands ........................................................... 479
8.7 VLAN Routing Commands .............................................................................. 483
8.8 Virtual Router Redundancy Protocol (VRRP) Commands ............................... 484
9. IP Multicast Commands ......................................................................................... 493
9.1 Distance Vector Multicast Routing Protocol (DVMRP) Commands .................. 493
9.2 Internet Group Management Protocol (IGMP) Commands .............................. 498
9.3 MLD Commands ............................................................................................. 507
- 4 -
9.4 Multicast Commands ................................ ...................................................... 513
9.5 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands ............ 519
9.6 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands ........... 523
9.7 IGMP Proxy Commands ................................................................................. 532
9.8 MLD Proxy Commands ................................................................................... 537
10. IPv6 Commands .................................................................................................... 542
10.1 Tunnel Interface Commands ........................................................................... 542
10.2 Loopback Interface Commands ...................................................................... 544
10.3 IPv6 Routing Commands ................................................................................ 546
10.4 OSPFv3 Commands ....................................................................................... 566
10.5 RIPng Commands .......................................................................................... 597
10.6 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands ............ 602
10.7 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands ........... 605
11. Web-Based Management Interface ................................ ........................................ 614
11.1 Overview ......................................................................................................... 614
11.2 System Menu .................................................................................................. 615
11.3 Switching Menu .............................................................................................. 695
11.4 Routing Menu ................................................................................................. 784
11.5 Security Menu ................................................................................................. 839
11.6 IPv6 Menu ...................................................................................................... 861
11.7 QOS Menu ...................................................................................................... 893
11.8 IPv4 Multicast Menu ........................................................................................ 926
11.9 IPv6 Multicast Menu ........................................................................................ 951
- 5 -
1. Introduction
1.1 Scope
This document describes:
how to install the FortiSwitch-548B switch (the Switch)
how to use the CLI console to manage the Switch
how to use the web-based management interface to configure the Switch
1.2 Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the most up-to-date
versions of Fortinet publications, as well as additional technical documentation such as technical notes.
1.2.1 Fortinet Knowledge Base
The Fortinet Knowledge Base provides additional Fortinet technical documentation, such as
troubleshooting and how-to-articles, examples, FAQs, technical notes, a glossary, and more. Visit the
Fortinet Knowledge Base at http://kb.fortinet.com.
1.2.2 Comments on Fortinet Technical Documentation
Please send information about any errors or omissions in this or any Fortinet technical document to
techdoc@fortinet.com.
1.3 Customer Service and Technical Support
Fortinet Technical Support provides services designed to make sure that your Fortinet products install
quickly, configure easily, and operate reliably in your network.
To learn about the technical support services that Fortinet provides, visit the Fortinet Technical Support
web site at https://support.fortinet.com.
You can dramatically improve the time that it takes to resolve your technical support ticket by providing
your configuration file, a network diagram, and other specific information. For a list of required
information, see the Fortinet Knowledge Center article What does Fortinet Technical Support require in
order to best assist the customer?T
1.4 Training
Fortinet Training Services provides classes that orient you quickly to your new equipment, and
certifications to verify your knowledge level. Fortinet provides a variety of training programs to serve the
needs of our customers and partners world-wide.
- 6 -
To learn about the training services that Fortinet provides, visit the Fortinet Training Services web site at
http://campus.training.fortinet.com, or email them at training@fortinet.com.
- 7 -
2. Product Overview
2.1 Switch Description
FortiSwitch-548B is a layer 2 SFP+ 10-Gigabit Ethernet backbone switch designed for adaptability and
scalability. The Switch provides a management platform and uplink to backbone. Alternatively, the
Switch can utilize up to 48 10-Gigabit Ethernet ports to function as a central distribution hub for other
switches, switch groups, or routers. The built-in 1000/100/10 Ethernet port is for out of service. The
FortiSwitch-548B power system provides two power supplies. The FortiSwitch-548B SFP+ port also
provides 1-Gigabit speed by manual settings.
2.2 Features
Supports 48 SFP+ 10-Gigabit Ethernet ports
1 built-in 1000/100/10 Ethernet port for out of band switch mangement.
Support two power supplies -- Software will detect power failure and read information(what power
install on your system)
IEEE 802.3z and IEEE 802.3x compliant Flow Control for all 10-Gigabit ports
Supports 802.1D STP, 802.1S MSTP, and 802.1w Rapid Spanning Tree for redundant back up
bridge paths
Supports 802.1Q VLAN, Protocol-based VLAN, Subnet-based VLAN, MAC-based VLAN, Protected
Port, Double VLAN, Voice VLAN, GVRP, GMRP, IGMP snooping, 802.1p Priority Queues, Port
Channel, port mirroring
Supports VTP (VLAN Trunking Protocol)
Supports CDP
Supports LLDP with potential communication problems detection
Supports Port Security
Multi-layer Access Control (based on MAC address, IP address, VLAN, Protocol, 802.1p, DSCP)
Quality of Service (QoS) customized control
802.1x (port-based) access control and RADIUS Client support
TACACS+ support
Administrator-definable port security
Supports DHCP Snooping, Dynamic ARP Inspection and IP Source Guard (IPSG)
ARP support
IP Routing support
OSPF v2 and v3 support
RIP v1/v2 and RIPng support
Router Discovery Protocol support
Virtual Router Redundancy Protocol (VRRP) support
- 8 -
VLAN routing support
IP Multicast support
IGMP v1, v2, and v3 support
DVMRP support
Protocol Independent Multicast - Dense Mode (PIM-DM) support for IPv4 and IPv6
Protocol Independent Multicast - Sparse Mode (PIM-SM) support for IPv4 and IPv6
Supports DHCPv6 protocol, OSPFv3 protocol, Tunneling, loopback
Allows to configure IPv6 routing interface, routing preference
DHCP Client and Relay support
DNS Client and Relay support
Per-port bandwidth control
SNMP v.1, v.2, v.3 network management, RMON support
Supports Web-based management
CLI management support
Fully configurable either in-band or out-of-band control via RS-232 console serial connection
Telnet remote control console
TraceRoute support
Traffic Segmentation
TFTP/FTP upgrade
SysLog support
Simple Network Time Protocol support
Web GUI Traffic Monitoring
SSH Secure Shell version 1 and 2 support
SSL Secure HTTP TLS Version 1 and SSL version 3 support
Fibre Channel Over Ethernet (FCoE)
FIP Snooping
Data Center Bridge(DCB) -- Enhanced Transmission Selection(ETS, IEEE 802.1Qaz); Priority Flow
Control(PFC, IEEE 802.1Qbb); Congestion Notification(CN, IEEE 802.1Qau)
- 9 -
2.3 Front-Panel Components
The front panel of the Switch consists of 48 10-Gigabit interfaces, 2 LED indicators, 1 built-in
1000/100/10 RJ-45 Ethernet service ports, an RS-232 communication port, and 48 port LEDs.
The upper LED indicators display power status. The lower LED indicators displays the status of the
switch. An RS-232 DCE console port is for setting up and managing the Switch via a connection to a
console terminal or PC using a terminal emulation program. Each port LED has two colors: Color green
represents port link status; Color Orange represents port activity status and it will be blinking if the port
has an activity.
2.4 LED Indicators
The Status LED indicator represnts status of the switch. The Power LED indicator represent power ON
or OFF.
2.5 Rear Panel Description
The rear panel of the Switch contains Dual Redundant AC power connector and Four Fans. The four
fans can be built in back-to-front and front-to-back(depend on customer requirement).
The AC power connector is a standard three-pronged connector that supports the power cord. Plug the
female connector of the provided power cord into this socket, and the male side of the cord into a power
outlet. The Switch automatically adjusts its power setting to any supply voltage in the range from 100 ~
240 VAC at 50 ~ 60 Hz.
- 10 -
!
To access the Switch through a Web browser, the computer running the Web browser must
have IP-based network access to the Switch.
2.6 Management Options
The system may be managed by using one Service Ports through a Web Browswer,Telent, SNMP
function and using the console port on the front panel through CLI command.
2.7 Web-based Management Interface
After you have successfully installed the Switch, you can configure the Switch, monitor the LED panel,
and display statistics graphically using a Web browser, such as Mozilla FireFox (version 3.6 or higher) or
Microsoft® Internet Explorer (version 5.0 or above).
2.8 Command Line Console Interface Through the Serial Port or Telnet
You can also connect a computer or terminal to the serial console port or use Telnet to access the
Switch. The command-line-driven interface provides complete access to all switch management
features.
2.9 SNMP-Based Management
You can manage the Switch with an SNMP-compatible console program. The Switch supports SNMP
version 1.0, version 2.0, and version 3.0. The SNMP agent decodes the incoming SNMP messages and
responds to requests with MIB objects stored in the database. The SNMP agent updates the MIB objects
to generate statistics The Switch supports a comprehensive set of MIB extensions:
RFC1643 Ether-like MIB
RFC1493 Bridge
RFC 2819 RMON
RFC 2233 Interface MIB
RFC 2571 (SNMP Frameworks)
RFC 2572 (Message Processing for SNMP)
RFC 2573 (SNMP Applications)
RFC 2576 (Coexistence between SNMPs)
RFC 2618 (Radius-Auth-Client-MIB)
RFC 2620 (Radius-Acc-Client-MIB)
RFC 1724 (RIPv2-MIB)
RFC 1850 (OSPF-MIB)
RFC 1850 (OSPF-TRAP-MIB)
- 11 -
RFC 2787 (VRRP-MIB)
RFC 3289 - DIFFSERV-DSCP-TC
RFC 3289 - DIFFSERV-MIB
QOS-DIFFSERV-EXTENSIONS-MIB
QOS-DIFFSERV-PRIVATE-MIB
RFC 2674 802.1p
RFC 2932 (IPMROUTE-MIB)
Fortinet Enterprise MIB
ROUTING-MIB
MGMD-MIB
RFC 2934 PIM-MIB
DVMRP-STD-MIB
IANA-RTPROTO-MIB
MULTICAST-MIB
FASTPATH-ROUTING6-MIB
IEEE8021-PAE-MIB
INVENTORY-MIB
MGMT-SECURITY-MIB
QOS-ACL-MIB
QOS-COS-MIB
RFC 1907 - SNMPv2-MIB
RFC 2465 - IPV6-MIB
RFC 2466 - IPV6-ICMP-MIB
TACACS-MIB
USM-TARGET-TAG-MIB
IGMP/MLD Snooping
IGMP/MLD Layer2 Multicast
QoS – IPv6 ACL
Voice VLAN
Guest VLAN
LLDP MED
RFC 2925 (DISMAN-TRACEROUTE-MIB)
RFC 2080 (RIPng)
OSPFV3-MIB
- 12 -
3. Installation and Quick Startup
3.1 Package Contents
Before you begin installing the Switch, confirm that your package contains the following items:
One FortiSwitch-548B Layer 2 10-Gigabit Managed Switch
Mounting kit: 2 mounting brackets and screws
Four rubber feet with adhesive backing
One AC power cord
This User’s Guide with Registration Card
CLI Reference
CD-ROM with User’s Guide and CLI Reference
- 13 -
3.2 Switch Installation
Installing the Switch Without the Rack
1. Install the Switch on a level surface that can safely support the weight of the Switch and its attached
cables. The Switch must have adequate space for ventilation and for accessing cable connectors.
2. Set the Switch on a flat surface and check for proper ventilation. Allow at least 5 cm (2 inches) on
each side of the Switch and 15 cm (6 inches) at the back for the power cable.
3. Attach the rubber feet on the marked locations on the bottom of the chassis.
The rubber feet are recommended to keep the unit from slipping.
- 14 -
3.3 Installing the Switch in a Rack
You can install the Switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below.
1. Use the supplied screws to attach a mounting bracket to each side of the Switch.
2. Align the holes in the mounting bracket with the holes in the rack.
3. Insert and tighten two screws through each of the mounting brackets.
- 15 -
3.4 Quick Starting the Switch
1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access
to the FortiSwitch-548B Series Switch locally. From a remote workstation,the device must be
configured with IP information (IP address, subnet mask, and default gateway).
2. Turn the Power ON.
3. Allow the device to load the software until the login prompt appears. The device initial state is called
the default mode.
4. When the prompt asks for operator login, do the following:
Type the word admin in the login area. Since a number of the Quick Setup commands require
administrator account rights, FORTINET suggests logging into an administrator account.
Do not enter a password because there is no password in the default mode.
Press the <Enter> key
The CLI Privileged EXEC mode prompt will be displayed.
Use “configure” to switch to the Global Config mode from Privileged EXEC.
Use “exit” to return to the previous mode.
- 16 -
Command
Details
show hardware
Allows the user to see the HW & SW version
the device contains
System Description - switch's model name
show version
Allows the user to see Serial Number, Part
Number, and Model name
See SW loader, bootrom and operation
version
See HW version
Command
Details
show Interface status { <slot/port> |
all}
Displays the Ports slot/port
Type - Indicates if the port is a special type of
port
Admin Mode - Selects the Port Control
Administration State
Physical Mode - Selects the desired port
speed and duplex mode
Physical Status - Indicates the port speed and
duplex mode
Link Status - Indicates whether the link is up
or down
Link Trap - Determines whether or not to send
a trap when link status changes
LACP Mode - Displays whether LACP is
enabled or disabled on this port
Flow Mode - Indicates the status of flow
control on this port
Cap. Status - Indicates the port capabilities
during auto-negotiation
Command
Details
show users
Displays all users that are allowed to access
the switch
User Access Mode - Shows whether the user
is able to change parameters on the switch
3.5 System Information Setup
3.5.1 Quick Start up Software Version Information
Table 2-1. Quick Start up Software Version Information
3.5.2 Quick Start up Physical Port Data
Table 2-2. Quick Start up Physical Port
3.5.3 Quick Start up User Account Management
Table 2-3. Quick Start up User Account Management
- 17 -
(Read/Write) or is only able to view (Read
Only).
As a factory default, admin has Read/Write
access and guest has Read Only access.
There can only be one Read/Write user and
up to 5 Read Only users.
show loginsession
Displays all login session information
username <username> {passwd |
nopasswd}
Allows the user to set passwords or change
passwords needed to login
A prompt will appear after the command is
entered requesting the old password. In the
absence of an old password leave the area
blank. The operator must press enter to
execute the command.
The system then prompts the user for a new
password then a prompt to confirm the new
password. If the new password and the
confirmed password match a message will be
displayed.
The user password should not be more than
eight characters in length.
copy running-config startup-config
[filename]
This will save passwords and all other
changes to the device.
If you do not save config, all configurations will
be lost when a power cycle is performed on
the switch or when the switch is reset.
Command
Details
show ip interface
Displays the Network Configurations
IP Address - IP Address of the interface
Default IP is 192.168.2.1
Subnet Mask - IP Subnet Mask for the
interface. Default is 255.255.255.0
Default Gateway - The default Gateway for
this interface
Default value is 0.0.0.0
Burned in MAC Address - The Burned in MAC
Address used for inband connectivity
Network Configurations Protocol Current Indicates which network protocol is being
used. Default is none
3.5.4 Quick Start up IP Address
To view the network parameters the operator can access the device by the following three methods.
Simple Network Management Protocol - SNMP
Telnet
Web Browser
Table 2-4. Quick Start up IP Address
- 18 -
Management VLAN Id - Specifies VLAN id
Web Mode - Indicates whether HTTP/Web is
enabled.
Java Mode - Indicates whether java mode is
enabled.
ip address
(Config)#interface vlan 1
(if-vlan 1)#ip address <ipaddr> <netmask>
(if-vlan 1)#exit
(Config)#ip default-gateway <gateway>
IP Address range from 0.0.0.0 to
255.255.255.255
Subnet Mask range from 0.0.0.0 to
255.255.255.255
Gateway Address range from 0.0.0.0 to
255.255.255.255
Displays all of the login session information
Command
Details
copy startup-config xmodem
<filename>
This starts the upload and displays the mode
of uploading and the type of upload it is and
confirms the upload is taking place.
For example:
If the user is using HyperTerminal, the user
must specify where the file is going to be
received by the pc.
Command
Details
copy xmodem startup-config
<filename>
Sets the download datatype to be an image or
config file.
The URL must be specified as: xmodem:
filepath/ filename
For example:
If the user is using HyperTerminal, the user
must specify which file is to be sent to the
switch. The Switch will restart automatically
once the code has been downloaded.
Command
Details
3.5.5 Quick Start up Uploading from Switch to Out-of-Band PC
Table 2-5. Quick Start up Uploading from Switch to Out-of-Band PC (XMODEM)
3.5.6 Quick Start up Downloading from Out-of-Band PC to Switch
Table 2-6 Quick Start up Downloading from Out-of-Band PC to Switch
3.5.7 Quick Start up Downloading from TFTP Server
Before starting a TFTP server download, the operator must complete the Quick Start up for the
IPAddress.
Table 2-7 Quick Start up Downloading from TFTP Server
- 19 -
copy <url> startup-config <filename>
Sets the download datatype to be an image or
config file.
The URL must be specified as:
tftp://ipAddr/filepath/fileName.
The startup-config option downloads the
config file using tftp and image option
downloads the code file.
Command
Details
clear config
Enter yes when the prompt pops up to clear all
the configurations made to the switch.
copy running-config startup-config
[filename]
Enter yes when the prompt pops up that asks
if you want to save the configurations made to
the switch.
reload
Enter yes when the prompt pops up that asks
if you want to reset the system.
You can reset the switch or cold boot the
switch; both work effectively.
3.5.8 Quick Start up Factory Defaults
Table 2-8 Quick Start up Factory Defaults
- 20 -
4. Console and Telnet Administration Interface
This chapter discusses many of the features used to manage the Switch, and explains many concepts
and important points regarding these features. Configuring the Switch to implement these concepts is
discussed in detail in chapter 6.
4.1 Local Console Management
Local console management involves the administration of the Switch via a direct connection to the
RS-232 DCE console port. This is an Out-of-band connection, meaning that it is on a different circuit
than normal network communications, and thus works even when the network is down.
The local console management connection involves a terminal or PC running terminal emulation
software to operate the Switch’s built-in console program (see Chapter 6). Using the console program, a
network administrator can manage, control, and monitor many functions of the Switch. Hardware
components in the Switch allow it to be an active part of a manageable network. These components
include a CPU, memory for data storage, other related hardware, and SNMP agent firmware. Activities
on the Switch can be monitored with these components, while the Switch can be manipulated to carry
out specific tasks.
4.2 Set Up your Switch Using Console Access
Out-of-band management requires connecting a terminal, such as a VT-100 or a PC running a
terminal-emulation program (such as HyperTerminal, which is automatically installed with Microsoft
Windows) to the RS-232 DCE console port of the Switch. Switch management using the RS-232 DCE
console port is called Local Console Management to differentiate it from management done via
management platforms, such as DView or HP OpenView.
Make sure the terminal or PC you are using to make this connection is configured to match these
settings. If you are having problems making this connection on a PC, make sure the emulation is set to
VT-100 or ANSI. If you still don’t see anything, try pressing <Ctrl> + r to refresh the screen.
First-time configuration must be carried out through a console, that is, either (a) a VT100-type serial data
terminal, or (b) a computer running communications software set to emulate a VT100. The console must
be connected to the Diagnostics port. This is an RS-232 port with a 9-socket D-shell connector and
DCE-type wiring. Make the connection as follows:
1. Obtain suitable cabling for the connection.You can use a null-modem RS-232 cable or an
ordinary RS-232 cable and a null-modem adapter. One end of the cable (or cable/adapter
combination) must have a 9-pin D-shell connector suitable for the Diagnostics port; the other end
must have a connector suitable for the console’s serial communications port.
2. Power down the devices, attach the cable (or cable/adapter combination) to the correct ports,
and restore power.
3. Set the console to use the following communication parameters for your terminal:
- 21 -
The console port is set for the following configuration:
Baud rate: 11,520
Data width: 8 bits
Parity: none
Stop bits: 1
Flow Control: none
A typical console connection is illustrated below:
Figure 3-1: Console Setting Environment
- 22 -
4.3 Set Up your Switch Using Telnet Access
Once you have set an IP address for your Switch, you can use a Telnet program (in a VT-100 compatible
terminal mode) to access and control the Switch. Most of the screens are identical, whether accessed
from the console port or from a Telnet interface.
- 23 -
5. Web-Based Management Interface
5.1 Overview
The Fortinet FortiSwitch-548B Series Layer III plus QoS Managed Switch provides a built-in browser
interface that lets you configure and manage it remotely using a standard Web browser such as
Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. This interface also allows for
system monitoring and management of the switch. The ‘help’ page covers many of the basic functions
and features of the switch and its Web interface. When you configure the switch for the first time from the
console, you can assign an IP address and subnet mask to the switch. Thereafter, you can access the
switch’s Web interface directly using your Web browser by entering the switch’s IP address into the
address bar. In this way, you can use your Web browser to manage the switch from a central location,
just as if you were directly connected to the switch’s console port. Below figure shows this management
method.
- 24 -
5.2 How to log in
The Fortinet FortiSwitch-548B Series Layer III plus QoS Managed Switch can be configured remotely
from Microsoft Internet Explorer (version 5.0 or above), or Mozilla FireFox (version 3.6 or above).
1. Determine the IP address of your managed switch.
2. Open your Web browser.
3. Log in to the managed switch using the IP address the unit is currently configured with.
4. Type the default user name of admin and default of no password, or whatever password you have
set up.
Once you have entered your access point name, your Web browser automatically finds the
FortiSwitch-548B Series Layer III Managed Switch and display the home page, as shown below.
- 25 -
5.3 Web-Based Management Menu
Menus
The Web-based interface enables navigation through several menus. The main navigation menu is on
the left of every page and contains the screens that let you access all the commands and statistics the
switch provides.
Main Menus
System
Switching
Routing
Security
IPv6
QoS
IPv4 Multicast
IPv6 Multicast
- 26 -
Secondary Menus
The Secondary Menus under the Main Menu contain a host of options that you can use to configure your
switch. The online help contains a detailed description of the features on each screen. You can click the
‘help’ or the question mark at the top right of each screen to view the help menu topics.
The Secondary Menus are detailed below, with cross-references to the sections in this manual that
contain the corresponding command descriptions.
System
ARP Cache — see “show arp”
Inventory — see “show hardware”
Configuration — see “Management Commands and Device Configuration Commands”
Forwarding Database — see “Device Configuration Commands’ L2MAC Address”
Logs — see “System Information and Statistics Commands”
Port — see “Device Configuration Commands’ Interface”
sFlow — see “sFlow Commands”
SNMP — see “SNMP Server Commands and SNMP Trap Commands”
Statistics — see “show interface counters”
System Utilities — see “System Utilities”
Trap Manager — see “show traplog and SNMP Trap Commands”
SNTP — see “SNTP Commands”
DHCP Client — see “DHCP Client Commands”
DNS Relay — see “Domain Name Server Relay Commands”
Switching
DHCP Snooping — see “DHCP snooping Commands”
VLAN — see “VLAN Management Commands”
Portected Port — see “Portected Port Commands”
Protocol-based VLAN — see “Protocol-based VLAN Commands”
IP Subnet-based VLAN — see “IP Subnet-based VLAN Commands”
- 27 -
MAC-based VLAN — see “MAC-based Commands”
MAC-based Vocie VLAN — see “MAC-based Vocie VLAN Commands”
Voice VLAN — see “Voice VLAN Commands”
Filters — see “MAC Filters Commands”
GARP — see “GVRP and Bridge Extension Commands”
Dynamic Arp Inspection — see “DAI Commands”
IGMP Snooping — see “IGMP Snooping Commands”
IGMP Snooping Querier — see “IGMP Snooping Querier Commands”
MLD Snooping — see “MLD Snooping Commands”
MLD Snooping Querier — see “MLD Snooping Querier Commands”
Port Channel — see “Port Channel Commands”
Multicast Forwarding DataBase — see “L2 MAC Address and Multicast Forwarding Database Tables
Commands”
Spanning Tree — see “Spanning Tree Commands”
Class of Service — see “L2 Priority Commands”
Port Security — see “Port Security Configuration Commands”
LLDP — see “LLDP Commands”
VTP — see “VTP Commands”
Link State — see “Link state Commands”
Port Backup — see “Port backup Commands”
FIP Snooping — see “FIP Snooping Commands”
Routing
ARP — see “Address Resolution Protocol (ARP) Commands”
IP — see “IP Routing Commands”
OSPF — see “Open Shortest Path First (OSPF) Commands”
BOOTP/DHCP Relay Agent — see “BOOTP/DHCP Relay Commands”
RIP — see “Routing Information Protocol (RIP) Commands”
Router Discovery — see “Router Discovery Protocol Commands”
Router — see “IP Routing Commands”
VLAN Routing — see “VLAN Routing Commands”
VRRP — see “Virtual Router Redundancy Protocol (VRRP) Commands”
Tunnels — see “Tunnels Commands”
Loopbacks — see “Loopbacks Commands”
Security
Port Access Control — see “Dot1x Configuration Commands”
RADIUS — see “Radius Configuration Commands”
TACACS+ — see “TACACS+ Configuration Commands”
IP Filter — see “Network Commands”
- 28 -
Secure HTTP — see “HTTP Commands”
Secure Shell — see “Secure Shell (SSH) Commands”
IPv6
OSPFv3 — see “OSPFv3 Configuration Commands”
IPv6 Routes — see “IPv6 Routes Configuration Commands”
RIPv6 — see “RIPv6 Configuration Commands”
QoS
ACL — see “ACL Commands”
Diffserv — see “Differentiated Services Commands”
Class of Service see "Class of Service Commands"
IPv4 Multicast
DVMRP — see “DVMRP Commands”
IGMP — see “IGMP Commands”
PIM-DM — see “PIM-DM Commands”
PIM-SM — see “PIM-SM Commands”
IPv6 Multicast
MLD — see “MLD Commands”
PIM-DM — see “PIM-DM Commands”
PIM-SM — see “PIM-SM Commands”
- 29 -
6. Command Line Interface Structure and Mode-based CLI
The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section.
Each CLI command is illustrated using the structure outlined below.
6.1 CLI Command Format
Commands are followed by values, parameters, or both.
Example 1
ip address <ipaddr> <netmask> [<gateway>]
ip address is the command name.
<ipaddr> <netmask> are the required values for the command.
[<gateway>] is the optional value for the command.
Example 2
snmp-server location <loc>
snmp-server location is the command name.
<loc> is the required parameter for the command.
Example 3
clear vlan
clear vlan is the command name.
Command
The text in bold, non-italic font must be typed exactly as shown.
- 30 -
Loading...