Professional Documents
Culture Documents
Forticontroller 5000 Cli Ref 50
Forticontroller 5000 Cli Ref 50
FortiController-5913C
FortiController-5903C
FortiController-5103B
FortiController-5000 Series CLI Reference for FortiSwitch OS v5.0 build 128
July 12, 2015
10-500-266433-20150712
Copyright© 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and
FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and
other jurisdictions, and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their
respective owners. Performance and other metrics contained herein were attained in internal
lab tests under ideal conditions, and actual performance and other results may vary. Network
variables, different network environments and other conditions may affect performance results.
Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all
warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that
the identified product will perform according to certain expressly-identified performance metrics
and, in such event, only the specific performance metrics expressly identified in such binding
written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event
does Fortinet make any commitment related to future deliverables, features or development,
and circumstances may change such that any forward-looking statements herein are not
accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or
otherwise revise this publication without notice, and the most current version of the publication
shall be applicable.
Introduction....................................................................................................... 5
How this guide is organized..................................................................................... 5
Connecting to the CLI.............................................................................................. 5
admin ................................................................................................................. 7
radius-server ............................................................................................................ 8
user .......................................................................................................................... 9
load-balance ................................................................................................... 10
protocol-pin ........................................................................................................... 11
session-age ........................................................................................................... 12
session-setup ........................................................................................................ 13
setting .................................................................................................................... 15
log .................................................................................................................... 19
{syslogd | syslogd2 | syslogd3} filter...................................................................... 20
{syslogd | syslogd2 | syslogd3} setting.................................................................. 21
route ................................................................................................................ 22
static ...................................................................................................................... 23
switch .............................................................................................................. 24
base-channel physical-port ................................................................................... 25
fabric-channel physical-port.................................................................................. 26
fabric-channel trunk............................................................................................... 27
system ............................................................................................................. 28
central-management.............................................................................................. 29
dns ......................................................................................................................... 30
global ..................................................................................................................... 31
ha ........................................................................................................................... 33
interface ................................................................................................................. 36
ntp.......................................................................................................................... 38
snmp community ................................................................................................... 39
snmp sysinfo.......................................................................................................... 41
execute ............................................................................................................ 42
backup ................................................................................................................... 43
base-channel ......................................................................................................... 44
bootimage.............................................................................................................. 45
date ........................................................................................................................ 46
fabric-channel ........................................................................................................ 47
Page 3
factory-reset .......................................................................................................... 48
load-balance .......................................................................................................... 49
ping ........................................................................................................................ 50
reboot .................................................................................................................... 51
restore.................................................................................................................... 52
shutdown ............................................................................................................... 53
time ........................................................................................................................ 54
top.......................................................................................................................... 55
traceroute............................................................................................................... 56
get .................................................................................................................... 57
load-balance status ............................................................................................... 58
system csum.......................................................................................................... 59
system mgmt-csum ............................................................................................... 60
system performance .............................................................................................. 61
system status......................................................................................................... 62
diagnose.......................................................................................................... 63
Monitoring the status of trunk members ............................................................... 64
spanning-tree instance fabric-channel .................................................................. 65
spanning-tree mst-config fabric-channel .............................................................. 66
switch fabric-channel mac-address filter .............................................................. 67
switch fabric-channel mac-address list................................................................. 68
Page 4
Introduction
This manual describes the CLI commands for the FortiSwitch-5000 Series products:
• FortiController-5903C
• FortiController-5103B
Working with the FortiSwitch-5000 Series CLI is the same as working with the FortiOS CLI.
Most of the chapters in this document describe the commands for each configuration branch of
the CLI. The command branches and commands are in alphabetical order.
This document contains the following chapters:
admin describes administrator commands.
load-balance describes SLBC load balancing commands.
log describes logging commands.
route describes routing commands.
switch describes base and fabric channel switch commands.
system describes system setting commands.
execute describes execute commands.
get describes get commands.
diagnose introduces some useful troubleshooting commands.
You can use a direct console connection, SSH, Telnet or the web-based manager to connect to
the FortiController CLI. Using SSH or Telnet you connect to the CLI through the mgmt interface.
Connect to the FortiController console using the FortiController front panel console port. You
need:
• a computer with an available communications port
• a null modem cable, with an RJ-45 connector as provided with your FortiController
• terminal emulation software such as HyperTerminal for Windows
Use the following port settings:
• Bits per second: 9600
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
Page 5
Introduction Connecting to the CLI
Page 6
admin
Page 7
admin radius-server
radius-server
Syntax
config admin radius-server
edit <server-name-string>
set auth-type {auto | auto-legacy | chap | ms_chap_v2 | pap}
set port <port_integer>
set secret <password>
set server <ip_address>
end
Page 8
admin user
user
Syntax
config admin user
edit <userid>
set description <description_str>
set password <admin_password>
set user-type {local | radius}
set radius-server <server_str>
set trusthost[1-50]
end
Page 9
load-balance
Configure load balancing settings. The following load balance commands are available:
protocol-pin
session-age
session-setup
setting
Page 10
load-balance protocol-pin
protocol-pin
Use this command to configure a FortiController to enable or disable load balancing BGP,
DHCP, IKE, Kerberos and RIP traffic. If a protocol is set to enable all of that protocol’s traffic is
handled by the primary worker. If set to disable the traffic is load balanced among all of the
workers.
If your FortiController receives IKE or kerberos traffic on a non-standard port you can enable
override for these protocols and select a different port.
Syntax
config load-balance protocol-pin
set bgp-mode {disable | enable}
set dhcp-mode {disable | enable}
set ike-mode {disable | enable}
set ike-natt-mode {disable | enable}
set ike-override {disable | enable}
set ike-override-port <port-number>
set kerberos-mode {disable | enable}
set kerberos-override {disable | enable}
set kerberos-override-port <port-number>
set rip-mode {disable | enable}
end
Page 11
load-balance session-age
session-age
Use this command to configure FortiController load balance session timers. In most cases you
do not have to adjust these timers, but the timers are configurable for performance tuning. The
timer range can be 1 to 15,300 seconds
Syntax
config load-balance session-age
set fragment <age-interval>
set pin-hole <age-interval>
set rsync <age-interval>
set tcp-half-close <age-interval>
set tcp-half-open <age-interval>
set tcp-normal <age-interval>
set tcp-timewait <age-interval>
set udp <age-interval>
end
Page 12
load-balance session-setup
session-setup
Use this command to set the load balancing method that FortiController uses to distribute traffic
to workers. Also configure how fragmented packets, pinhole sessions, TCP and UDP ingress
sessions, and UDP sessions are distributed.
Syntax
config load-balance session-setup
set fragment {disable | hardware}
set load-distribution-method {round-robin | src-ip | dst-ip |
src-dst-ip | src-ip-sport | dst-ip-dport |
src-dst-ip-sport-dport}
set session-helper {disable | enable}
set tcp-ingress {disable | enable}
set udp-ingress {disable | enable}
set udp-session {local | remote}
end
Page 13
load-balance session-setup
Page 14
load-balance setting
setting
Use this command to set a wide range of load balancer that control how management and
control traffic is communicated as well as other settings.
Syntax
config load-balance setting
set base-ctrl-interface-mode {active-active | active-passive}
set base-ctrl-network <ip> <netmask>
config base-ctrl-interfaces
edit {b1 | b2}
set vlanid <vlan-id>
set base-mgmt-allowaccess <access-types>
set base-mgmt-external-ip <ip> <netmask>
set base-mgmt-interface-mode {active-active | active-passive}
config base-mgmt-interfaces
edit {b1 | b2}
set vlanid <vlan-id>
set base-mgmt-internal-fgfm-port <port-number>
set base-mgmt-internal-http-port <port-number>
set base-mgmt-internal-https-port <port-number>
set base-mgmt-internal-mac
set base-mgmt-internal-network <ip> <netmask>
set base-mgmt-internal-snmp-port <port-number>
set base-mgmt-internal-ssh-port <port-number>
set base-mgmt-internal-telnet-port <port-number>
set forticontroller-proxy {disable | enable}
set forticontroller-proxy-port <port-number>
set max-miss-heartbeats <heartbeats>
set nat-source-port {chassis-slots | running-slots}
set session-sync {disable | enable}
config slots
edit <slot>
set weight <weight>
set standby-override {disable | enable}
config traffic-interface
edit <port>
set port-mac-address <mac-address>
Page 15
load-balance setting
end
Page 16
load-balance setting
Page 17
load-balance setting
Page 18
log
Configure sending log messages to up to three syslog servers. The following logging
commands are available:
{syslogd | syslogd2 | syslogd3} filter
{syslogd | syslogd2 | syslogd3} setting
Page 19
log {syslogd | syslogd2 | syslogd3} filter
Use this command to enable or disable sending event log messages to a syslog server. You can
select the event log messages that are sent and the minimum severity of the messages that are
sent.
Syntax
config log {syslogd | syslogd2 | syslogd3} filter
set event {disable | enable}
set severity {alert | critical | debug | emergency | error |
information | notification | warning}
set base-switch-config {disable | enable}
set base-switch-general {disable | enable}
set base-switch-trunk {disable | enable}
set fabric-switch-config {disable | enable}
set fabric-switch-general {disable | enable}
set fabric-switch-stp {disable | enable}
set fabric-switch-trunk {disable | enable}
set system-config {disable | enable}
set system-general {disable | enable}
end
Page 20
log {syslogd | syslogd2 | syslogd3} setting
Use this command to enable logging to up to three syslog servers. If you enable logging to a
syslog server you can specify the server address, port number, syslog message format, and set
the syslog facility.
Syntax
config log {syslogd | syslogd2 | syslogd3} filter
set status {disable | enable}
set server <address_ipv4 | fqdn>
set port <port>
set csv {disable | enable}
set facility <type>
end
Page 21
route
Configure static routes for management interfaces. The following routing command is available:
static
Page 22
route static
static
Use this command to add, edit, or delete static routes for management interfaces (for example
mgmt or base-mgmt).
Syntax
config route static
edit <sequence_number>
set device <interface>
set dst <destination-address_ipv4mask>
set gateway <gateway-address_ipv4>
end
Page 23
switch
Configure base channel and fabric channel switch settings. The following switch commands are
available:
base-channel physical-port
fabric-channel physical-port
fabric-channel trunk
Page 24
switch base-channel physical-port
base-channel physical-port
Use this command to change the maximum frame size, speed and status (up or down) of a base
channel interface.
Syntax
config switch base-channel physical-port
edit <interface_name>
set description <description_str>
set max-frame-size <integer>
set status {up | down}
set speed <speed>
end
Page 25
switch fabric-channel physical-port
fabric-channel physical-port
Use this command to change the maximum frame size, speed and status (up or down) of a
fabric channel interface. This command also displays the link status and port index of each
fabric channel interface.
Syntax
config switch fabric-channel physical-port
edit <interface_name>
set descriptionAAAA <description_str>
set domain <domain-name>
set max-frame-size <integer>
set status {up | down}
set speed <speed>
end
Page 26
switch fabric-channel trunk
fabric-channel trunk
Use this command to create a trunk and add FortiController interfaces to the trunk. You use
trunks to group FortiController interfaces so that you can use 802.3ad static mode layer-2 link
aggregation to distribute sessions to the fabric interfaces of the FortiGates connected to the
FortiController interfaces in the trunk.
Syntax
config switch fabric-channel trunk
edit <trunk_name>
set description <string>
set member-withdrawal-behavior {block | forward}
set members <interface_names>
set mode {fortinet-trunk | lacp-active | lacp-passive | static}
set port-selection-criteria {dst-ip | src-dst-ip | src-ip}
end
Page 27
system
Page 28
system central-management
central-management
Syntax
config system cental-management
set allow-monitor {enable | disable}
set enc-algorithm {default | high | low}
set fmg <fmg_ipv4>
set fmg-source-ip <address>
set mode {backup | normal}
set serial-number <sn_string>
set status {enable | disable}
end
Page 29
system dns
dns
Use this command to configure the DNS servers used by the FortiController.
Syntax
config system dns
set domain <name_str>
set primary <ip_address>
set secondary <ip_address>
end
Page 30
system global
global
Syntax
config system global
set access-banner {disable | enable}
set admin-lockout-duration <time>
set admin-lockout <threshold>
set admintimeout <timeout_integer>
set banner-message <message>
set chassis-type {fortigate-5050 | fortigate-5060 | fortigate-5140
| fortigate-5144}
set daylightsavetime {disable | enable}
set hostname <hostname>
set load-balance {disable | enable}
set pre-login-banner {disable | enable|
set pre-login-banner-message <message>
set strong-crypto {enable | disable}
set timezone <timezone_number>
end
Page 31
system global
Page 32
system ha
ha
Setup HA for an Session-aware Load Balancing Cluster (SLBC). This command is available if
the config system global load-balance command is enabled.
Syntax
config system global
set mode {a-p | dual | standalone}
set password <password_str>
set group-id <id_integer>
set override {enable | disable}
set priority <priority_integer>
set hb-interval <interval_integer>
set hb-lost-threshold <threshold_integer>
set hbdev-vlan-id <id>
set failover-holdown <holddown>
set graceful-upgrade {enable | disable}
set chassis-redundancy {disable | enable}
set chassis-id {1 | 2}
set session-sync-port <interface-name>
set board-failover-tolerance <number-of-workers>
set minimize-chassis-failover {disable | enable}
set hbdev {b1 | b2 | mgmt}
set ha-eth-type <type_int>
set ha-mgmt-vmac <mac-address>
set boot-holdown <delay>
end
Page 33
system ha
Page 34
system ha
Page 35
system interface
interface
Use this command to change the IP address and management access setting of the mgmt and
base-mgmt interfaces and to bring the interfaces up or down.
Syntax
config system interface
edit {mgmt | base-mgmt}
set status {down | up}
set ip <interface_ipv4mask>
set allowaccess {http | https | ping | snmp | ssh | telnet}
set mtu <bytes_integer>
set mtu-override {enable | disable}
set speed {1000full | 1000half | 100full |100half | 10full
|10half | auto}
set alias <string>
set description <string>
set mode {dhcp | static}
end
Page 36
system interface
Page 37
system ntp
ntp
Syntax
config system ntp
set ntpsync {enable | disable}
set syncinterval <interval_int>
set type {fortiguard | custom}
config ntpserver
edit <serverid_int>
set authentication {enable | disable}
set key <password_str>
set key-id <int>
set ntpv3 {enable | disable}
set server <ipv4_addr>[/<hostname_str>]
end
end
Variable Description Default
ntpsync {enable | disable} Enable to synchronize FortiGate unit’s system time disable
with the ntp server.
server-mode {enable | disable} Enable of disable FortiGate unit NTP server. disable
source-ip <ipv4_addr> Enter the source IP for communications to the NTP 0.0.0.0
server.
syncinterval <interval_int> Enter the interval in minutes between contacting 0
NTP server to synchronize time. The range is from 1
to 1440 minutes.
Only valid when ntpsync is enabled.
type {fortiguard | custom} Select FortiGuard or custom NTP server. fortiguard
config ntpserver fields Configures custom NTP time source.
edit <serverid_int> Enter the number for this NTP server
authentication {enable | disable} Enable or disable MD5 authentication. disable
key <password_str> Enter the password for MD5 authentication. null
key-id <int> Enter the Key-ID value for MD5 authentication. 0
ntpv3 {enable | disable} Use NTPv3 protocol instead of NTPv4. disable
server Enter the IPv4 address and hostname (optional) for
<ipv4_addr>[/<hostname_str>] this NTP server.
Page 38
system snmp community
snmp community
Use this command to configure SNMP communities on your FortiController. You add SNMP
communities so that SNMP managers can connect to the FortiController to view system
information and receive SNMP traps. SNMP traps are triggered when particular system events
occur.
Each SNMP community can have a different configuration for SNMP queries and traps. Each
community can be configured to monitor the FortiController for a different set of events. You can
also add IP addresses of up to 8 SNMP managers to each community.
Syntax
config system snmp community
edit <index_integer>
set events {cpu-high | mem-low | ha-switch | ha-hb-member-up |
ha-member-down | hbfail | hbrcv | tkmem-down | tkmem-up}
set name <name_string>
set query-v1-port <port_number>
set query-v1-status {enable | disable}
set query-v2c-port <port_number>
set query-v2c-status <port_number>
set status {enable | disable}
set trap-v1-lport <port_number>
set trap-v1-rport <port_number>
set trap-v1-status {enable | disable}
set trap-v2c-lport <port_number>
set trap-v2c-rport <port_number>
set trap-v2c-status {enable | disable}
end
Page 39
system snmp community
Page 40
system snmp sysinfo
snmp sysinfo
Use this command to enable the SNMP agent and to enter basic system information used by
the SNMP agent. Enter information about the FortiController to identify it.
Syntax
config system snmp sysinfo
set contact-info <string>
set description <string>
set location <string>
set status {enable | disable}
set trap-high-cpu-treshold <percentage>
set trap-lowmemory-treshold <percentage>
end
Page 41
execute
Page 42
execute backup
backup
Use this command to back up the FortiController configuration and certificates to a TFTP
server.
Syntax
execute backup all-config <backup_filename> <tftp_ipv4> [<password>]
execute backup config <backup_filename> <tftp_ipv4> [<password>]
Page 43
execute base-channel
base-channel
Clear virtual MAC address entries on a base channel interface. Clear virtual MAC addresses that
match the following:
• a specific MAC address
• a VLAN tag
• a VLAN tag on a specific interface
• a VLAN tag and a specific MAC address
Syntax
execute base-channel mac clear by-interface <base-channel-interface-
name>
execute base-channel mac clear by-mac-address <mac-address>
execute base-channel mac clear by-vlan <vlan>
execute base-channel mac clear by-vlan-and-interface <vlan>
<interface>
execute base-channel mac clear by-vlan-and-mac-address <vlan> <mac-
address>
Page 44
execute bootimage
bootimage
Use this command to change the firmware image used to start the FortiController by switching
between the primary or secondary firmware image. To use this command you must install a
primary and a secondary firmware image by using the system startup options available when
you reboot the FortiController from a console connection.
Syntax
execute bootimage {primary | secondary}
Page 45
execute date
date
Syntax
execute date [<date_str>]
date_str has the form mm/dd/yyyy, where
• mm is the month and can be 1 to 12
• dd is the day of the month and can be 1 to 31
• yyyy is the year and can be from 2001 to 2037
If you do not specify a date, the command returns the current system date. Shortened values
for the year, such as ‘10’ instead of ‘2010’ are not valid.
Page 46
execute fabric-channel
fabric-channel
Clear virtual MAC address entries on a fabric channel interface. Clear virtual MAC add res es
that match the following:
• a specific MAC address
• a VLAN tag
• a VLAN tag on a specific interface
• a VLAN tag and a specific MAC address
Syntax
execute fabric-channel mac clear by-interface <base-channel-
interface-name>
execute fabric-channel mac clear by-mac-address <mac-address>
execute fabric-channel mac clear by-vlan <vlan>
execute fabric-channel mac clear by-vlan-and-interface <vlan>
<interface>
execute fabric-channel mac clear by-vlan-and-mac-address <vlan> <mac-
address>
Page 47
execute factory-reset
factory-reset
Reset the FortiController configuration to factory default settings. This command deletes all
changes that you have made to the FortiController configuration and reverts the system to its
original configuration, including resetting the mgmt interface IP address.
Syntax
execute factory-reset
Page 48
execute load-balance
load-balance
Restore the MAC address of FortiController load-balance interfaces and other interfaces to their
factory default MAC addresses.
Syntax
execute load-balance restore-factory-mac
Page 49
execute ping
ping
Send an ICMP echo request (ping) to test a network connection. You need a valid DNS server to
ping a hostname.
Syntax
execute ping {<address_ipv4> | <host-name_str>}
<host-name_str> should be a fully qualified domain name, for example: www.fortinet.com.
Page 50
execute reboot
reboot
Restart the FortiController. While the FortiController is rebooting it cannot forward traffic.
Syntax
execute reboot
Page 51
execute restore
restore
Use this command to restore the FortiSwitch-5003A configuration from a file on a TFTP server
or change the FortiSwitch-5003A firmware.
Syntax
execute restore all-config <filename> <tftp_ipv4> [<password>]
execute restore config <filename> <tftp_ipv4> [<password>]
execute restore image tftp <filename> <tftp_ipv4>
execute restore secondary-image tftp <filename> <tftp_ipv4>
Page 52
execute shutdown
shutdown
Shut down the FortiController now. You will be prompted to confirm the shutdown.
Syntax
execute shutdown
Page 53
execute time
time
Syntax
execute time [<time_str>]
time_str has the form hh:mm:ss, where
• hh is the hour and can be 00 to 23
• mm is the minutes and can be 00 to 59
• ss is the seconds and can be 00 to 59
If you do not specify a time, the command returns the current system time.
You are allowed to shorten numbers to only one digit when setting the time. For example both
01:01:01 and 1:1:1 are allowed.
Page 54
execute top
top
Display a list of processes running on the FortiController. The command also displays
information about each process. Press Ctrl-C to exit.
Page 55
execute traceroute
traceroute
Test the connection between the FortiController and an address or hostname and display
information about the network hops. You need a valid DNS server to enter a hostname.
Syntax
execute traceroute {<address_ipv4> | <host-name_str>}
Example
This example shows how to test the connection with 172.20.120.178. In this example the
traceroute command times out after the first hop indicating a possible problem.
execute traceroute 172.16.100.149
traceroute to 172.16.100.149 (172.16.100.149), 30 hops max, 38 byte
packets
1 * * *
2 * * *
Page 56
get
Page 57
get load-balance status
load-balance status
Use this command to view status information about the FortiController load balance operation
Syntax
get load-balance status
ELBC Master Blade: slot-5
Confsync Master Blade: slot-5
Blades:
Working: 2 [ 2 Active 0 Standby]
Ready: 0 [ 0 Active 0 Standby]
Dead: 0 [ 0 Active 0 Standby]
Total: 2 [ 2 Active 0 Standby]
Page 58
get system csum
system csum
Syntax
get system csum
Example
# get system csum
debugzone checksum
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
checksum
4f 72 8c 28 8f 41 0e 19 7d b0 e6 39 a1 03 9f 89
Page 59
get system mgmt-csum
system mgmt-csum
This command displays system checksum values. It is intended for use by a FortiManager
central management unit.
Syntax
get system mgmt-csum
Page 60
get system performance
system performance
Use this command to display CPU usage, memory usage, and USB disk usage.
Syntax
get system performance
Example
The output looks like this (for an idle system):
# get system performance
CPU:
Used: 2.9%
Memory:
Total: 506,864 KB
Used: 25,228 KB 5.0%
USB Disk:
Total: 27,265 KB
Used: 9,733 KB 35.7%
Page 61
get system status
system status
Syntax
get system status
Example output
Version: FortiController-5103B v5.0,build0128,141202 (MR2)
Branch Point: 0128
Serial-Number: FT513B3912000051
BIOS version: 04000009
System Part-Number: P08442-04
Hostname: slot-1-5103b
Current HA mode: standalone
System time: Fri Jan 16 14:40:23 2015
Daylight Time Saving: Yes
Time Zone: (GMT-8:00)Pacific Time(US&Canada)
Page 62
diagnose
Page 63
diagnose Monitoring the status of trunk members
You can monitor the status changes of trunk members. To do this, enable debugging for trunk.
The console will then display port effective or port ineffective according to the
status of the trunk member.
Syntax
diagnose debug trunk enable
diagnose switch fabric-channel trunk
Example output
Switch Trunk Information, Fabric-Channel
Trunk Name: slot_8_12
Port Selection Algorithm: src-dst-ip
Port Serial Number Update Time
__________ ____________________ ____________________
slot-8 FG5A253E06500030 19:45:31 May-05-2011
slot-6 FG5A253E06500032 19:45:32 May-05-2011
Page 64
diagnose spanning-tree instance fabric-channel
Display the configuration of a spanning tree instance for an interface. For example, to display
the configuration of spanning tree instance 5 for the FortiSwitch-5003A F5 interface enter:
Syntax
diagnose spanning-tree instance fabric-channel <instance_integer>
[<interface_name>]
Variables Description
<instance_integer> The number of a spanning tree instance added to the
FortiController in the range 0 to 15. Enter a number greater
than 15 to display all instances.
[<interface_name>] Enter the name of a FortiController interface to display how
the spanning tree instance affects this interface. If you don’t
include an interface name the command displays the status
of the spanning tree instance for all interfaces.
Example output
diagnose spanning-tree instance fabric-channel 5 f5
Instance ID : 5
Mapped VLANs : 101
Switch Priority : 4096
Regional Root MAC Address : 003064058f87
Regional Root Priority: 4096
Regional Root Path Cost: 0
Regional Root Port: slot-2/1
Remaining Hops: 20
Page 65
diagnose spanning-tree mst-config fabric-channel
Syntax
diagnose spanning-tree mst-config fabric-channel
Example output
MST Configuration Identification Information
Unit: Fabric
MST Configuration Name: tree_1
MST Configuration Revision: 1
MST Configuration Digest: d397441fd8666b0abb8f5fab64b9d18a
Page 66
diagnose switch fabric-channel mac-address filter
Syntax
diagnose switch fabric-channel mac-address filter <filter>
Where <filter> can be:
• clear — clear filter
• flags — flag pattern to match and mask of important bits
• port-id-map — list of port-ids to display
• show — show filter
• trunk-id-map — list of trunk-ids to display
• vlan-map — list of vlans to display
Page 67
diagnose switch fabric-channel mac-address list
Syntax
diagnose switch fabric-channel mac-address list
Example output
MAC: 00:09:0f:09:37:02 VLAN: 904 Trunk: slot_8_12(trunk-id 0)
Flags: 0x00000c80 [ trunk ]
MAC: 00:09:0f:71:00:61 VLAN: 902 Trunk: slot_8_12(trunk-id 0)
Flags: 0x00000c80 [ trunk ]
MAC: 00:09:0f:09:33:01 VLAN: 1 Port: slot-3(port-id 1)
Flags: 0x00000c00 [ ]
MAC: 00:09:0f:91:01:4f VLAN: 1 Port: slot-5(port-id 3)
Flags: 0x00000c00 [ ]
MAC: 00:09:0f:09:37:02 VLAN: 906 Trunk: slot_8_12(trunk-id 0)
Flags: 0x00000c80 [ trunk ]
MAC: 00:09:0f:71:03:1d VLAN: 1 Trunk: slot_8_12(trunk-id 0)
Flags: 0x00000c80 [ trunk ]
Page 68