fortiswitch_system_interface – Configure interfaces in Fortinet’s FortiSwitch

New in version 1.0.0.

Synopsis

  • This module is able to configure a FortiSwitch device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v7.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.11

FortiSW Version Compatibility


v7.0.0 v7.0.1 v7.0.2 v7.0.3
fortiswitch_system_interface yes yes yes yes

Parameters

  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • member_path - Member attribute path to operate on. type: str
  • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
  • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
  • system_interface - Configure interfaces. type: dict
    • alias - Alias. type: str
    • allowaccess - Interface management access. type: list choices: ping, https, http, ssh, snmp, telnet, radius-acct
    • auth_type - PPP authentication type. type: str choices: auto, pap, chap, mschapv1, mschapv2
    • bfd - Bidirectional Forwarding Detection (BFD). type: str choices: global, enable, disable
    • bfd_desired_min_tx - BFD desired minimal transmit interval. type: int
    • bfd_detect_mult - BFD detection multiplier. type: int
    • bfd_required_min_rx - BFD required minimal receive interval. type: int
    • cli_conn_status - CLI connection status. type: str choices: initial, connecting, connected, failed
    • defaultgw - Enable/disable default gateway. type: str choices: enable, disable
    • description - Description. type: str
    • detectprotocol - Protocol to use for gateway detection. type: str choices: ping, tcp-echo, udp-echo
    • detectserver - IP address to PING for gateway detection. type: str
    • dhcp_client_identifier - DHCP client identifier. type: str
    • dhcp_relay_ip - DHCP relay IP address. type: str
    • dhcp_relay_option82 - Enable / Disable DHCP relay option-82 insertion. type: str choices: disable, enable
    • dhcp_relay_service - Enable/disable use DHCP relay service. type: str choices: disable, enable
    • dhcp_vendor_specific_option - DHCP Vendor specific option 43. type: str
    • dhcp_expire - DHCP client expiration. type: int
    • distance - Distance of learned routes. type: int
    • dns_server_override - Enable/disable use of DNS server aquired by DHCP or PPPoE. type: str choices: enable, disable
    • dynamic_dns1 - Primary dynamic DNS server. type: str
    • dynamic_dns2 - Secondary dynamic DNS server. type: str
    • dynamicgw - Dynamic gateway. type: str
    • forward_domain - TP mode forward domain. type: int
    • gwdetect - Enable/disable gateway detection. type: str choices: enable, disable
    • ha_priority - PING server HA election priority (1 - 50). type: int
    • icmp_redirect - Enable/disable ICMP rediect. type: str choices: enable, disable
    • interface - Interface name. Source system.interface.name. type: str
    • ip - Interface IPv4 address. type: str
    • ipv6 - IPv6 address. type: dict
      • autoconf - Enable/disable address automatic config. type: str choices: enable, disable
      • dhcp6_information_request - Enable/disable DHCPv6 information request. type: str choices: enable, disable
      • ip6_address - Primary IPv6 address prefix of interface. type: str
      • ip6_allowaccess - Allow management access to the interface. type: str choices: any, ping, https, http, ssh, snmp, telnet, radius-acct
      • ip6_default_life - IPv6 default life (sec). type: int
      • ip6_dns_server_override - Enable/disable using the DNS server acquired by DHCP. type: str choices: enable, disable
      • ip6_extra_addr - Extra IPv6 address prefixes of interface. type: list member_path: ipv6/ip6_extra_addr:prefix
        • prefix - IPv6 address prefix. type: str required: true
      • ip6_hop_limit - IPv6 hop limit. type: int
      • ip6_link_mtu - IPv6 link MTU. type: int
      • ip6_manage_flag - Enable/disable sending of IPv6 managed flag. type: str choices: enable, disable
      • ip6_max_interval - IPv6 maximum interval (sec) after which RA will be sent. type: int
      • ip6_min_interval - IPv6 minimum interval (sec) after which RA will be sent. type: int
      • ip6_mode - Addressing mode (static, DHCP). type: str choices: static, dhcp
      • ip6_other_flag - Enable/disable sending of IPv6 other flag. type: str choices: enable, disable
      • ip6_prefix_list - IPv6 advertised prefix list. type: list member_path: ipv6/ip6_prefix_list:prefix
        • autonomous_flag - Enable/disable autonomous flag. type: str choices: enable, disable
        • onlink_flag - Enable/disable onlink flag. type: str choices: enable, disable
        • preferred_life_time - Preferred life time (sec). type: int
        • prefix - IPv6 prefix. type: str required: true
        • valid_life_time - Valid life time (sec). type: int
      • ip6_reachable_time - IPv6 reachable time (milliseconds). type: int
      • ip6_retrans_time - IPv6 retransmit time (milliseconds). type: int
      • ip6_send_adv - Enable/disable sending of IPv6 Router advertisement. type: str choices: enable, disable
      • ip6_unknown_mcast_to_cpu - Enable/disable unknown mcast to cpu. type: str choices: enable, disable
      • vrip6_link_local - Link-local IPv6 address of virtual router. type: str
      • vrrp_virtual_mac6 - Enable/disable virtual MAC for VRRP. type: str choices: enable, disable
      • vrrp6 - IPv6 VRRP configuration. type: list member_path: ipv6/vrrp6:vrid
        • accept_mode - Enable/disable accept mode. type: str choices: enable, disable
        • adv_interval - Advertisement interval (1 - 255 seconds). type: int
        • preempt - Enable/disable preempt mode. type: str choices: enable, disable
        • priority - Priority of the virtual router (1 - 255). type: int
        • start_time - Startup time (1 - 255 seconds). type: int
        • status - Enable/disable VRRP. type: str choices: enable, disable
        • vrdst6 - Monitor the route to this destination. type: str
        • vrgrp - VRRP group ID (1 - 65535). type: int
        • vrid - Virtual router identifier (1 - 255). type: int required: true
        • vrip6 - IPv6 address of the virtual router. type: str
    • macaddr - MAC address. type: str
    • mode - Interface addressing mode. type: str choices: static, dhcp
    • mtu - Maximum transportation unit (MTU). type: int
    • mtu_override - Enable/disable override of default MTU. type: str choices: enable, disable
    • name - Name. type: str required: true
    • ping_serv_status - PING server status. type: int
    • priority - Priority of learned routes. type: int
    • remote_ip - Remote IP address of tunnel. type: str
    • secondary_IP - Enable/disable use of secondary IP address. type: str choices: enable, disable
    • secondaryip - Second IP address of interface. type: list member_path: secondaryip:id
      • allowaccess - Interface management access. type: str choices: ping, https, http, ssh, snmp, telnet, radius-acct
      • detectprotocol - Protocol to use for gateway detection. type: str choices: ping, tcp-echo, udp-echo
      • detectserver - IP address to PING for gateway detection. type: str
      • gwdetect - Enable/disable gateway detection. type: str choices: enable, disable
      • ha_priority - PING server HA election priority (1 - 50). type: int
      • id - Id. type: int required: true
      • ip - Interface IPv4 address. type: str
      • ping_serv_status - PING server status. type: int
    • snmp_index - SNMP index. type: int
    • speed - Speed (copper mode port only). type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 1000auto
    • src_check - Enable/disable source IP check. type: str choices: disable, loose, strict
    • src_check_allow_default - Enable/disable.When src ip lookup hits default route,enable means allow pkt else drop. type: str choices: enable, disable
    • status - Interface status. type: str choices: up, down
    • switch - Contained in switch. type: str
    • switch_members - Switch interfaces. type: list
      • member_name - Interface name. Source switch.interface.name. type: str
    • type - Interface type. type: str choices: physical, vlan, tunnel, loopback, switch, hard-switch, vap-switch, hdlc
    • vdom - Virtual domain name. Source system.vdom.name. type: str
    • vlanforward - Enable/disable VLAN forwarding. type: str choices: enable, disable
    • vlanid - VLAN ID. type: int
    • vrf - VRF. Source router.vrf.name. type: str
    • vrrp - VRRP configuration type: list member_path: vrrp:vrid
      • adv_interval - Advertisement interval (1 - 255 seconds). type: int
      • backup_vmac_fwd - Enable/disable backup-vmac-fwd. type: str choices: enable, disable
      • preempt - Enable/disable preempt mode. type: str choices: enable, disable
      • priority - Priority of the virtual router (1 - 255). type: int
      • start_time - Startup time (1 - 255 seconds). type: int
      • status - Enable/disable status. type: str choices: enable, disable
      • version - VRRP version. type: str choices: 2, 3
      • vrdst - Monitor the route to this destination. type: str
      • vrgrp - VRRP group ID (1 - 65535). type: int
      • vrid - Virtual router identifier (1 - 255). type: int required: true
      • vrip - IP address of the virtual router. type: str
    • vrrp_virtual_mac - enable to use virtual MAC for VRRP type: str choices: enable, disable
    • weight - Default weight for static routes if route has no weight configured (0 - 255). type: int

Examples

- hosts: fortiswitch01
  collections:
    - fortinet.fortiswitch
  connection: httpapi
  vars:
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure interfaces.
    fortiswitch_system_interface:
      state: "present"
      system_interface:
        alias: "<your_own_value>"
        allowaccess: "ping"
        auth_type: "auto"
        bfd: "global"
        bfd_desired_min_tx: "7"
        bfd_detect_mult: "8"
        bfd_required_min_rx: "9"
        cli_conn_status: "initial"
        defaultgw: "enable"
        description: "<your_own_value>"
        detectprotocol: "ping"
        detectserver: "<your_own_value>"
        dhcp_client_identifier:  "myId_15"
        dhcp_relay_ip: "<your_own_value>"
        dhcp_relay_option82: "disable"
        dhcp_relay_service: "disable"
        dhcp_vendor_specific_option: "<your_own_value>"
        dhcp_expire: "20"
        distance: "21"
        dns_server_override: "enable"
        dynamic_dns1: "<your_own_value>"
        dynamic_dns2: "<your_own_value>"
        dynamicgw: "<your_own_value>"
        forward_domain: "26"
        gwdetect: "enable"
        ha_priority: "28"
        icmp_redirect: "enable"
        interface: "<your_own_value> (source system.interface.name)"
        ip: "<your_own_value>"
        ipv6:
            autoconf: "enable"
            dhcp6_information_request: "enable"
            ip6_address: "<your_own_value>"
            ip6_allowaccess: "any"
            ip6_default_life: "37"
            ip6_dns_server_override: "enable"
            ip6_extra_addr:
             -
                prefix: "<your_own_value>"
            ip6_hop_limit: "41"
            ip6_link_mtu: "42"
            ip6_manage_flag: "enable"
            ip6_max_interval: "44"
            ip6_min_interval: "45"
            ip6_mode: "static"
            ip6_other_flag: "enable"
            ip6_prefix_list:
             -
                autonomous_flag: "enable"
                onlink_flag: "enable"
                preferred_life_time: "51"
                prefix: "<your_own_value>"
                valid_life_time: "53"
            ip6_reachable_time: "54"
            ip6_retrans_time: "55"
            ip6_send_adv: "enable"
            ip6_unknown_mcast_to_cpu: "enable"
            vrip6_link_local: "<your_own_value>"
            vrrp_virtual_mac6: "enable"
            vrrp6:
             -
                accept_mode: "enable"
                adv_interval: "62"
                preempt: "enable"
                priority: "64"
                start_time: "65"
                status: "enable"
                vrdst6: "<your_own_value>"
                vrgrp: "68"
                vrid: "69"
                vrip6: "<your_own_value>"
        macaddr: "<your_own_value>"
        mode: "static"
        mtu: "73"
        mtu_override: "enable"
        name: "default_name_75"
        ping_serv_status: "76"
        priority: "77"
        remote_ip: "<your_own_value>"
        secondary_IP: "enable"
        secondaryip:
         -
            allowaccess: "ping"
            detectprotocol: "ping"
            detectserver: "<your_own_value>"
            gwdetect: "enable"
            ha_priority: "85"
            id:  "86"
            ip: "<your_own_value>"
            ping_serv_status: "88"
        snmp_index: "89"
        speed: "auto"
        src_check: "disable"
        src_check_allow_default: "enable"
        status: "up"
        switch: "<your_own_value>"
        switch_members:
         -
            member_name: "<your_own_value> (source switch.interface.name)"
        type: "physical"
        vdom: "<your_own_value> (source system.vdom.name)"
        vlanforward: "enable"
        vlanid: "100"
        vrf: "<your_own_value> (source router.vrf.name)"
        vrrp:
         -
            adv_interval: "103"
            backup_vmac_fwd: "enable"
            preempt: "enable"
            priority: "106"
            start_time: "107"
            status: "enable"
            version: "2"
            vrdst: "<your_own_value>"
            vrgrp: "111"
            vrid: "112"
            vrip: "<your_own_value>"
        vrrp_virtual_mac: "enable"
        weight: "115"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • build - Build number of the fortiSwitch image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiSwitch returned: always type: str sample: PUT
  • http_status - Last result given by FortiSwitch on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiSwitch returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • serial - Serial number of the unit returned: always type: str sample: FS1D243Z13000122
  • status - Indication of the operation's result returned: always type: str sample: success
  • version - Version of the FortiSwitch returned: always type: str sample: v7.0.0

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Hongbin Lu (@fgtdev-hblu)
  • Frank Shen (@frankshen01)
  • Miguel Angel Munoz (@mamunozgonzalez)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.