System Settings

This chapter contains information about the initial configuration of your FortiSwitch unit.

Configuring the Management Ports

Using the web-based manager:

First start by editing the default internal interface’s configuration.

1. Go to System > Network > Interface and edit the internal
2. Assign an IP/Netmask.
3. Set Administrative Access to use the desired protocols to connect to the interface.
4. Select OK.

Next, create a new interface to be used for management.

1. Go to System > Network > Interface and select Create New to create a management VLAN.
2. Give the interface an appropriate name.
3. Set Interface to internal.
4. Set a VLAN ID.
5. Assign an IP/Netmask.
6. Set Administrative Access to use the desired protocols to connect to the interface.
7. Select OK.

Using the CLI:

config system interface edit internal set ip <address> set allowaccess <access_types> set type physical next edit <name> set ip <address> set allowaccess <access_types> set interface internal set vlanid 10

end

end

Example Configurations

The following are four example configurations for management ports, with the CLI syntax shown to create them.

 

Example 1: Port 48 as an inbound management interface

In this example, a physical port is used as an inbound management interface. Also, the FortiSwitch in the example has no default VLAN configured to connect its internal interface to any physical port.

Figure 1: Using Port 48 of a FortiSwitch-448B unit

Syntax

config system interface edit internal

set type physical next edit mgmt-vlan

set ip 10.105.142.22 255.255.255.0 set allowaccess ping https ssh set interface “internal” set vlanid 4090 next end

config switch interface edit port48

set native-vlan 4090 set stp-state disabled next edit uplink1 next edit uplink2 next edit internal

set native-vlan 4095 set allowed-vlans 4090 set stp-state disabled end

end

Example 2: Internal interface as an inbound management interface

In this example, the internal interface is used as an inbound management interface. Also, the FortiSwitch has a default VLAN across all physical ports and its internal port.

Figure 2: Using the internaI interface of a FortiSwitch-108D-POE

Syntax

config system interface

edit internal

set ip 192.168.1.99 255.255.255.0 set allowaccess ping https http ssh set type physical end end

Example 3: WAN interface as an inbound management port

In this example, the WAN interface is used as an inbound management port.

Figure 3: WAN interface of a FortiSwitch-28C

Syntax

config system interface

edit wan2

set ip 10.105.142.10 255.255.255.0 set allowaccess ping https ssh set type physical next edit wan1

set mode dhcp set allowaccess ping https ssh set type physical set defaultgw enable next edit internal

set type physical end

end

Example 4: Out of band management interface

In the example, an out of band management interface is used as the dedicated management port.

Figure 4: Out of band management on a FortiSwitch-1024D

Syntax config system interface

edit mgmt

set ip 10.105.142.19 255.255.255.0 set allowaccess ping https http ssh snmp telnet set type physical next edit internal

set type physical end

end

Configuring Static Routing for the Internal Management Port

Using the CLI:

config router static

edit 1

set device <internal> set default gateway set gateway 192.168.0.10 end end