Fortinet FortiSwitch-124D, FortiSwitch-224D-POE, FortiSwitch-124D-POE, FortiSwitch-324B-POE, FortiSwitch-348B Administration Manual
...
FortiSwitch Standalone Mode
Administration Guide
FortiSwitch Standalone Mode Administration Guide
September 19, 2014
Copyright© 2014 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and
FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All
other product or company names may be trademarks of their respective owners. Performance
and other metrics contained herein were attained in internal lab tests under ideal conditions,
and actual performance and other resultsmay vary. Network variables, different network
environments and other conditions may affect performance results. Nothing herein represents
any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or
implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will
perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be
binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the
same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants,
representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves
the right to change, modify, transfer, or otherwise revise this publication without notice, and the
most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 4
Introduction....................................................................................................... 5
Supported Models ................................................................................................... 5
Before You Begin..................................................................................................... 5
How this Guide is Organized ................................................................................... 5
System Settings................................................................................................ 6
Configuring the Management Ports......................................................................... 6
Example Configurations..................................................................................... 6
Configuring Static Routing for the Internal Management Port .............................. 10
Ports ................................................................................................................ 11
Configuring a Port Mirror ....................................................................................... 11
802.1x............................................................................................................... 12
Authenticating with a RADIUS server .................................................................... 12
Example Configuration..................................................................................... 12
LACP Mode ..................................................................................................... 14
Configuring the Trunk/LAG Ports .......................................................................... 14
Example Configuration..................................................................................... 14
Viewing the Configured Trunk ............................................................................... 16
TACACS........................................................................................................... 17
Administrative Accounts ........................................................................................ 17
Configuring an Access Profile for Admin Accounts......................................... 17
Configuring a TACACS Admin Account........................................................... 17
User Accounts ....................................................................................................... 18
Configuring a User Account............................................................................. 18
Configuring a User Group ................................................................................ 18
Example Configuration .......................................................................................... 18
Power over Ethernet ...................................................................................... 20
Enabling PoE on a Port.......................................................................................... 20
Determining the PoE Power Capacity ................................................................... 20
Reset the PoE Power on a Port ............................................................................. 20
Page 3
Change Log
Date Change Description
Sept 19, 2014 Initial release.
Page 4
Introduction
Welcome and thank you for selecting Fortinet products for your network configuration.
This guide contains information about the administration of a FortiSwitch unit in standalone
mode. In standalone mode, a FortiSwitch is managed by connected directly to the unit, either
using the web-based manager (also known as the GUI) or the CLI.
If you will be managing your FortiSwitch unit using a FortiGate, please see the guide Managing
a FortiSwitch unit with a FortiGate.
Supported Models
This guide is for all FortiSwitch models that are supported by FortiSwitchOS. This includes the
following models:
FortiSwitch-28C, FortiSwitch-108D-POE, FortiSwitch-124D, FortiSwitch-124D-POE,
FortiSwitch Rugged-124D, FortiSwitch-224D-POE, FortiSwitch-324B-POE,
FortiSwitch-348B, FortiSwitch-448B, FortiSwitch-1024D, FortiSwitch-1048D, and
FortiSwitch-3032D
Before You Begin
Before you start administrating your FortiSwitch unit, it is assumed that you have completed the
initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your
FortiSwitch model and have administrative access to the FortiSwitch unit’s web-based manager
and CLI.
How this Guide is Organized
This guide is organized into the following chapters:
• System Settings contains information about the initial configuration of your FortiSwitch unit.
• Ports contains information on configuring your FortiSwitch’s ports.
• 802.1x contains information on using 802.1x protocol.
• LACP Mode contains information on using a FortiSwitch in Link Aggregation Control
Protocol (LACP) mode.
• TACACS contains information on using TACACS authetication with your FortiSwitch unit.
• Power over Ethernet contains information on using Power over Ethernet (PoE) with your
FortiSwitch.
Page 5
System Settings
This chapter contains information about the initial configuration of your FortiSwitch unit.
Configuring the Management Ports
Using the web-based manager:
First start by editing the default internal interface’s configuration.
1. Go to System > Network > Interface and edit the internal interface.
2. Assign an IP/Netmask.
3. Set Administrative Access to use the desired protocols to connect to the interface.
4. Select OK.
Next, create a new interface to be used for management.
1. Go to System > Network > Interface and select Create New to create a management VLAN.
2. Give the interface an appropriate name.
3. Set Interface to internal.
4. Set a VLAN ID.
5. Assign an IP/Netmask.
6. Set Administrative Access to use the desired protocols to connect to the interface.
7. Select OK.
Using the CLI:
config system interface
edit internal
set ip <address>
set allowaccess <access_types>
set type physical
next
edit <name>
set ip <address>
set allowaccess <access_types>
set interface internal
set vlanid 10
end
end
Example Configurations
The following are four example configurations for management ports, with the CLI syntax
shown to create them.
Page 6
Example 1: Port 48 as an inbound management interface
In this example, a physical port is used as an inbound management interface. Also, the
FortiSwitch in the example has no default VLAN configured to connect its internal interface to
any physical port.
Figure 1: Using Port 48 of a FortiSwitch-448B unit
Port 48 used as an
inbound management interface
Syntax
config system interface
edit internal
set type physical
next
edit mgmt-vlan
set ip 10.105.142.22 255.255.255.0
set allowaccess ping https ssh
set interface "internal"
set vlanid 4090
next
end
System Settings Page 7 Managing a FortiSwitch unit with a FortiGate
Loading...