FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
riteshpv
Staff
Staff
Article Id 194007
Description
This article describes steps to take if you want to push igmp-flood option on managed FortiSwitch ports.

Related documents:
https://docs.fortinet.com/document/fortiswitch/6.4.3/devices-managed-by-fortios/173274/configuring-i...
https://docs.fortinet.com/document/fortiswitch/6.4.3/devices-managed-by-fortios/173271/fortiswitch-n...

Solution
- When a user try to configure the IGMP flood config from FortiGate to any FortiSwitch port the option is not available.
- Reason is that the port has access-mode set to NAC.
FortiGate-100E (root) # config switch-controller  managed-switch
FortiGate-100E (managed-switch) edit S448DF3XXXXXX
FortiGate-100E (S448DF3X17-----4) # config ports
    edit "port1"
        set port-owner ''
        set speed auto
        set status up
        set vlan "vsw.fortilink"
        set type physical
        set access-mode nac          <-----
    next
end
- It will not be possible to directly change state from NAC to normal.
- To change the state, make changes in NAC setting:
# config switch-controller nac-settings
    edit "fortilink"
        set mode global              <-----(Set this to local).
end

Notice the igmp-flood config is now available on port.
FortiGate-100E (root) # config switch-controller  managed-switch
FortiGate-100E (managed-switch) edit S448DF3XXXXXX
FortiGate-100E (S448DF3X17-----4) # config ports
# config ports
    edit "port1"
        set port-owner ''
        set speed auto
        set status up
        set vlan "vsw.fortilink"
        set type physical
        set access-mode normal         <----- State auto changed to normal from NAC.
        set igmps-flood-reports disable
        set igmps-flood-traffic disable
    next
end
Note: change NAC setting per port will be possible.

Contributors