From ada46a7075485e7957350be2cdd2f0cb285c940d Mon Sep 17 00:00:00 2001 From: John Poland Date: Wed, 15 Oct 2025 20:27:20 -0400 Subject: [PATCH] fortigate/vdom_root/switch-controller.cfg Wed Oct 15 08:27:19 PM EDT 2025 --- .../fortigate/vdom_root/switch-controller.cfg | 224 ++++++++++++++++++ 1 file changed, 224 insertions(+) create mode 100644 configs/fortigate/vdom_root/switch-controller.cfg diff --git a/configs/fortigate/vdom_root/switch-controller.cfg b/configs/fortigate/vdom_root/switch-controller.cfg new file mode 100644 index 0000000..2cc8def --- /dev/null +++ b/configs/fortigate/vdom_root/switch-controller.cfg @@ -0,0 +1,224 @@ +config switch-controller traffic-policy + edit "quarantine" + set description "Rate control for quarantined traffic" + set guaranteed-bandwidth 163840 + set guaranteed-burst 8192 + set maximum-burst 163840 + set cos-queue 0 + next + edit "sniffer" + set description "Rate control for sniffer mirrored traffic" + set guaranteed-bandwidth 50000 + set guaranteed-burst 8192 + set maximum-burst 163840 + set cos-queue 0 + next +end +config switch-controller security-policy 802-1X + edit "802-1X-policy-default" + set user-group "SSO_Guest_Users" + set mac-auth-bypass disable + set open-auth disable + set eap-passthru enable + set eap-auto-untagged-vlans enable + set guest-vlan disable + set auth-fail-vlan disable + set framevid-apply enable + set radius-timeout-overwrite disable + set authserver-timeout-vlan disable + next +end +config switch-controller security-policy local-access + edit "default" + set mgmt-allowaccess https ping ssh + set internal-allowaccess https ping ssh + next +end +config switch-controller lldp-profile + edit "default" + set med-tlvs inventory-management network-policy location-identification + set auto-isl disable + config med-network-policy + edit "voice" + next + edit "voice-signaling" + next + edit "guest-voice" + next + edit "guest-voice-signaling" + next + edit "softphone-voice" + next + edit "video-conferencing" + next + edit "streaming-video" + next + edit "video-signaling" + next + end + config med-location-service + edit "coordinates" + next + edit "address-civic" + next + edit "elin-number" + next + end + next + edit "default-auto-isl" + next + edit "default-auto-mclag-icl" + set auto-mclag-icl enable + next +end +config switch-controller qos dot1p-map + edit "voice-dot1p" + set priority-0 queue-4 + set priority-1 queue-4 + set priority-2 queue-3 + set priority-3 queue-2 + set priority-4 queue-3 + set priority-5 queue-1 + set priority-6 queue-2 + set priority-7 queue-2 + next +end +config switch-controller qos ip-dscp-map + edit "voice-dscp" + config map + edit "1" + set cos-queue 1 + set value 46 + next + edit "2" + set cos-queue 2 + set value 24,26,48,56 + next + edit "5" + set cos-queue 3 + set value 34 + next + end + next +end +config switch-controller qos queue-policy + edit "default" + set schedule round-robin + set rate-by kbps + config cos-queue + edit "queue-0" + next + edit "queue-1" + next + edit "queue-2" + next + edit "queue-3" + next + edit "queue-4" + next + edit "queue-5" + next + edit "queue-6" + next + edit "queue-7" + next + end + next + edit "voice-egress" + set schedule weighted + set rate-by kbps + config cos-queue + edit "queue-0" + next + edit "queue-1" + set weight 0 + next + edit "queue-2" + set weight 6 + next + edit "queue-3" + set weight 37 + next + edit "queue-4" + set weight 12 + next + edit "queue-5" + next + edit "queue-6" + next + edit "queue-7" + next + end + next +end +config switch-controller qos qos-policy + edit "default" + next + edit "voice-qos" + set trust-dot1p-map "voice-dot1p" + set trust-ip-dscp-map "voice-dscp" + set queue-policy "voice-egress" + next +end +config switch-controller storm-control-policy + edit "default" + set description "default storm control on all port" + next + edit "auto-config" + set description "storm control policy for fortilink-isl-icl port" + set storm-control-mode disabled + next +end +config switch-controller auto-config policy + edit "default" + next + edit "default-icl" + set poe-status disable + set igmp-flood-report enable + set igmp-flood-traffic enable + next +end +config switch-controller initial-config template + edit "_default" + set vlanid 1 + next + edit "quarantine" + set vlanid 4093 + set dhcp-server enable + next + edit "rspan" + set vlanid 4092 + set dhcp-server enable + next + edit "voice" + set vlanid 4091 + next + edit "video" + set vlanid 4090 + next + edit "onboarding" + set vlanid 4089 + next + edit "nac_segment" + set vlanid 4088 + set dhcp-server enable + next +end +config switch-controller switch-profile + edit "default" + next +end +config switch-controller ptp settings + set mode disable +end +config switch-controller ptp policy + edit "default" + set status enable + next +end +config switch-controller remote-log + edit "syslogd" + next + edit "syslogd2" + next +end