Producent oprogramowania Fortinet udostępnił najnowszą aktualizację dla urządzeń FortiSwitch o oznaczeniu 7.0.1. W nowszej wersji dodano wiele nowych rozwiązań, takich jak tablica ARP w interfejsie graficznym dająca stały podgląd tras routingu opartych na adresach IP i MAC. Dodano także narzędzie diagnostyczne w celu monitorowania istniejących tras wraz z liczbą przeskoków sieciowych do danego adresu dla określonego adresu IP lub hosta. Wersja 7.0.1 daje nam możliwość weryfikowania poświadczeń użytkowników RADIUS pod kątem prawidłowości w interfejsie graficznym. Ponadto naprawiono problemy z brakiem synchronizacji FortiSwitcha przy przejściu z wersji 6.0.9 oraz z prawidłowym działaniem MC-LAG. Po więcej szczegółowych informacji zapraszam do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE |
| FortiSwitch 4xx | FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1048D, FS-1048E |
| FortiSwitch 3xxx | FS-3032D, FS-3032E |
| FortiSwitch Rugged | FSR-112D-POE, FSR-124D |
Co nowego w FortiSwitchOS 7.0.1:
- Strona Wpisy dziennika (Log> Entries) została przeprojektowana, aby ułatwić czytanie komunikatów dziennika.
- Można teraz wyświetlać wpisy VRF IPv6 w tabeli routingu.
- Obsługa MCLAG w warstwie trzeciej dynamicznego routingu IPV4
- Equal Cost Multi-Path (ECMP) jest teraz obsługiwany przez modele FS-5xxD z IPv6.
- Po dodaniu serwera RADIUS, w interfejsie GUI można teraz sprawdzać, czy poświadczenia użytkownika serwera RADIUS są prawidłowe.
- Nowa strona z tablicą ARP w sekcji Router > ARP Table, zawiera adres IP, liczbę minut, przez które wpis ARP był w tablicy ARP, adres MAC i interfejs dla każdego wpisu tablicy ARP.
- Nowa strona z Diagnostyką tras (Router > Diagnostic) wyświetla podsumowanie istniejących tras dla określonego adresu IP lub nazwy hosta oraz wyświetla listę przeskoków sieciowych do określonego adresu IP lub nazwy hosta.
- Dodano możliwość stackowania i mapowania VLAN(QnQ) w interfejsie graficznym
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 566433 | Setting the value for ca-cert causes LDAP authentication to fail sometimes. |
| 589912 | The version of OpenSSL needs to be upgraded to 1.1.1k. |
| 598871 | Some 4xxE switches report “failed BASE ID Check Sequence” and “failed reading register” errors. |
| 686325 | When many LLDP neighbors are connected to the FortiSwitch units, the daemon receiving the LLDP neighbor messages is overwhelmed and stops synchronizing the configuration. |
| 701196 | The root port for the spanning tree inter-chassis link (ICL) flaps in an MCLAG topology. |
| 704377 | After adding and then removing ip6-allowaccess ping from a VRF-enabled switch virtual interface (SVI), ping is still allowed through. |
| 706717 | The first time that the managed FS-108E-FPOE model attempts RADIUS authentication to the Cisco Identity Services Engine (ISE) always fails. |
| 709837 | The number of power supply units on the FS-448D model is not displayed correctly with the diagnose sys psu status command. |
| 710229 | When FortiSwitch 802.1x port-based authentication is configured on a switch port with learning-limit set to 1, traffic is not received on the FortiGate device. |
| 711074 | After a split-brain state is detected, some of the managed FortiSwitch units in the MCLAG topology are disconnected. |
| 711950 | After upgrading from 6.0.9 to 6.4.5, the FortiGate configuration is not being synchronized with the managed FortiSwitch units. |
| 712323 | After VRRP is enabled, the switch does not respond to ARP requests from the directly connected interface. |
| 715261 | Configuring allow-mac-move for 802.1x authentication does not work when using dynamic VLAN. |
| 719044 | After enabling a MACsec profile for a port, client traffic stopped flowing from that port. |
| 719628 | In an “MCLAG with access rings” topology, the managed switch crashes with an “Unable to handle kernel NULL pointer dereference at virtual address 0000000c” error. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 382518, 417024, 417073, 417099, 438441 | DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs). |
| 414972 | IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality. |
| 480605 | When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server.
Workarounds: |
| 510943 | The time-domain reflectometer (TDR) function (cable diagnostics feature) reports unexpected values.
Workaround: When using the cable diagnostics feature on a port (with the |
| 542031 | For the 5xx switches, the diagnose switch physical-ports led-flash command flashes only the SFP port LEDs, instead of all the port LEDs. |
| 548783 | Some models support setting the mirror destination to “internal.” This is intended only for debugging purposes and might prevent critical protocols from operating on ports being used as mirror sources. |
| 572052 | Backup files from FortiSwitchOS 3.x that have 16-character-long passwords fail when restored on FortiSwitchOS 6.x. In FortiSwitchOS 6.x, file backups fail with passwords longer than 15 characters.
Workaround: Use passwords with a maximum of 15 characters for FortiSwitchOS 3.x and 6.x. |
| 585550 | When packet sampling is enabled on an interface, packets that should be dropped by uRPF will be forwarded. |
| 606044 | The value for cable length is wrong when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models. |
| 609375 | The FortiSwitchOS supports four priority levels (critical, high, medium, and low); however, The SNMP Power Ethernet MIB only supports three levels. To support the MIB, a power priority of medium is returned as low for the PoE MIB. |
| 610149 | The results are inaccurate for open and short cables when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models. |
| 617755 | The internal interface cannot obtain IPv6 addresses with dhcpv6-snooping enabled on the native VLAN. |
| 673433 | Some 7-meter DAC cables cause traffic loss for the FS- 448E model. |
| 701560 | The DHCPv6 client cannot get the IP address when VLAN assignment is applied on the FSR-112D-POE model. |
Notatki producenta: FortiSwitch 7.0.1
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
