This article describes how to use switch-info and custom commands on FortiGate to pull useful diagnostic CLI outputs from all managed FortiSwitches in one step.
Table of Contents
Scope
FortiGate, FortiSwitches.
Solution
When there are multiple FortiSwitches managed in the FortiGate, during troubleshooting (or monitoring) there could be scenarios where we might need to collect certain diagnostic CLI outputs from all the FortiSwitches in one go, instead of connecting to each FortiSwitch and collecting the CLI outputs. For example, CLI commands to pull the PSU status, fan status, port status, LLDP status, etc on all the FortiSwitches.
For these scenarios ‘diagnose switch-controller switch-info’ and ‘custom-commands’ can be used to run the request one time on the FortiGate to pull the required CLI outputs from all the FortiSwitches in the Fabric.
Part 1: switch-info.
Here are a few examples of possible diagnostic CLI outputs that can be gathered using the ‘diagnose switch-controller switch-info’ command.
diagnose switch-controller switch-info <one-of-available-options>
Examples:
To collect the interface module summary outputs of all the Fortiswitches with one command on FortiGate use the command below. This output can be used to quickly identify which modules/ports are in Error states if any.
FortiGate # diagnose switch-controller switch-info modules summary
To collect the output of poe status of all the ports of each Fortiswitch with one command on FortiGate.
FortiGate # diagnose switch-controller switch-info poe summary
To collect the LLDP neighbor summary outputs from each of the Fortiswitches with one command on FortiGate.
FortiGate # diagnose switch-controller switch-info lldp neighbors-summary
Similarly, there are many other most commonly used CLI outputs with this syntax that can be explored as shown below (note that the switch-info option does not contain all the FortiSwitch CLI commands, for the commands not in this list, it is possible to use the custom-command option discussed in the next section):
FortiGate # diagnose switch-controller switch-info ? poe PoE-related information. lldp LLDP-related information. mclag Dumps MCLAG related information from FortiSwitch. trunk Trunk information. . . .
Part 2: custom-command.
For additional diagnostic FortiSwitch CLI commands that are not already available with ‘diagnose switch-controller switch-info ?’ discussed in the previous section, it is possible to use the custom commands as shown below.
config switch-controller custom-command edit <cmd-name> set command "<FortiSwitch_command>" end
Note: FortiGate v7.0 and later is needed for custom-command to show the outputs of all the FortiSwitches in one go. In the older versions, custom-command will require the serial number of FortiSwitch as an argument, one at a time.
Examples:
Collect the status of fans and sensors of all FortiSwitches in the Fabric.
In the example below with the custom-command option on the FortiGate, we can retrieve the fan and PCB sensor statuses of all the FortiSwitches, then use this output to analyze if any of the FortiSwitches have fan or sensors in Alarm or Bad status, and take remedial actions as necessary.
Fortigate # config switch-controller custom-command FortiGate (custom-command) # edit fan-status new entry (fan-status) added FortiGate (fan-status) # set command "diagnose sys fan status" FortiGate (fan-status) # next FortiGate (custom-command) # edit sensor-status new entry (sensor-status) added FortiGate (sensor-status) # set command "diagnose sys pcb temp" FortiGate (sensor-status) # end FortiGate # FortiGate # show switch-controller custom-command config switch-controller custom-command edit "fan-status" set command "diagnose sys fan status" next edit "sensor-status" set command "diagnose sys pcb temp" next end ########### Example output ############## FortiGate # execute switch-controller custom-command fan-status Sending custom-command 'fan-status' to FortiSwitch: S148EXYXYXYXY-01 Module Status ___________________________________ FAN OK(14.3 %) Sending custom-command 'fan-status' to FortiSwitch: S148EXYXYXYXY-02 Module Status ___________________________________ Fan alarmed Last status(50.2 %) . . . Sending custom-command 'fan-status' to FortiSwitch: S148EXYXYXYX-214 Module Status ___________________________________ FAN OK(15.4 %) FortiGate # FortiGate # execute switch-controller custom-command sensor-status Sending custom-command 'sensor-status' to FortiSwitch: S148EXYXYXYXY-01 Module Status ___________________________________ Sensor1 42.0 C Sending custom-command 'sensor-status' to FortiSwitch: S148EXYXYXYXY-02 Module Status ___________________________________ Sensor1 37.0 C . . . Sending custom-command 'sensor-status' to FortiSwitch: S148EXYXYXYX-214 Module Status ___________________________________ Sensor1 41.0 C
Collect the power supply status of all the PSUs of all the FortiSwitches in the Fabric.
In the example below with the custom-command option on the FortiGate, it is possible to retrieve the PSU statuses of all the FortiSwitches, then use this output to analyze if any of the FortiSwitches have one or both PSUs in Bad state, and take remedial actions as necessary.
Fortigate # config switch-controller custom-command FortiGate (custom-command) # edit psu-status new entry 'psu-status' added FortiGate (psu-status) # set command "diagnose sys psu status" FortiGate (psu-status) # end FortiGate # FortiGate # show switch-controller custom-command config switch-controller custom-command edit "psu-status" set command "diagnose sys psu status" next end FortiGate # ########### Example output ############## FortiGate # execute switch-controller custom-command psu-status Sending custom-command 'psu-status' to FortiSwitch: S448EXYXYXYXYX01 PSU1 is OK. PSU2 is not present. Sending custom-command 'psu-status' to FortiSwitch: S448EXYXYXYXYX02 PSU1 is OK. PSU2 is OK . . . Sending custom-command 'psu-status' to FortiSwitch: S448EXYXYXYXY214 PSU1 is OK. PSU2 is not present.
Note: Before running any diagnostic FortiSwitch CLI command with a custom-command option on the FortiGate, be cautious to verify the syntax of that FortiSwitch CLI and run it directly on a FortiSwitch, and only after confirming it – build the custom command configuration on the FortiGate.