Producent oprogramowania Fortinet, udostępnił najnowszą aktualizację dla urządzeń FortiSwitch o oznaczeniu 7.2.0. Dzięki nowszej wersji, zostały rozwiązane problemy dotyczące zużycia procesora przy korzystaniu z interfejsu graficznego. Ponadto integracja z serwerem LDAP, została skorygowana pod względem uwierzytelnia. Dzięki aktualizacji, na całej płaszczyźnie naprawiono działanie autoryzacji MAB (Mac-address Authentication Bypass), gdzie problemy występował głównie przy ponownym uruchomieniu urządzenia. Po więcej szczegółowych informacji, zapraszam do dalszej części artykuł.
Aktualnie wspierane modele:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE |
| FortiSwitch 4xx | FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1024E, FS-1048E, FS-T1024E |
| FortiSwitch 3xxx | FS-3032E |
| FortiSwitch Rugged | FSR-112D-POE, FSR-124D |
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 724558 | A flash module failed and caused a complete network outage. |
| 724813 | The set enforce-first-as {disable | enable} command should have been placed under config neighbor and does not work in its current location (directly under config router bgp). There is no patch available for this issue. |
| 741354 | There is a segmentation fault when a packet is received for a deleted interface before the DHCP client module has removed that interface. |
| 743749 | When the network hub is disconnected and then reconnected, MAB sometimes does not work. |
| 746584 | An FS-448D cannot be access on an intermittent basis. |
| 748177 | When the network monitor is enabled, the MCLAG trunk becomes unstable. |
| 748249 | New CLI commands have been added under the config switch security command to control TCP and UDP ports. |
| 752085 | When the FortiSwitch unit sends the BPDU with the proposal bit on, it causes STP to be unsynchronized. |
| 753630 | MAB cannot be recovered after the daemon for 802.1x port-based authentication has crashed. |
| 754232 | Some FS-224D-FPOE switches have problems with checking the PSU GPIO. |
| 759992 | After the FortiSwitch unit is restarted, the memory usage increases, and users cannot access the FortiSwitch unit with the CLI or GUI. |
| 760536 | The SNMP trap for the power supply failing or being restored is using the wrong OID. |
| 763264 | Displaying the Switch > Port > Physical page or the dashboard causes high CPU usage. |
| 763953 | After the LDAP authentication succeeds, there is a “wrong username and password” error. |
| 769733 | The getnext query needs to be supported for OID .0/0.0. |
| 771767 | The switch cannot be accessed if the trusted host is not using /32. |
| 787797 | The FortiSwitch unit does not allow VTP traffic between Cisco switches. |
| 796030 | There is no response when SNMP polls a loopback interface. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 382518, 417024, 417073, 417099, 438441 | DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs). |
| 414972 | IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality. |
| 480605 | When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server.
Workarounds: |
| 510943 | The time-domain reflectometer (TDR) function (cable diagnostics feature) reports unexpected values.
Workaround: When using the cable diagnostics feature on a port (with the |
| 542031 | For the 5xx switches, the diagnose switch physical-ports led-flash command flashes only the SFP port LEDs, instead of all the port LEDs. |
| 548783 | Some models support setting the mirror destination to “internal.” This is intended only for debugging purposes and might prevent critical protocols from operating on ports being used as mirror sources. |
| 572052 | Backup files from FortiSwitchOS 3.x that have 16-character-long passwords fail when restored on FortiSwitchOS 6.x. In FortiSwitchOS 6.x, file backups fail with passwords longer than 15 characters.
Workaround: Use passwords with a maximum of 15 characters for FortiSwitchOS 3.x and 6.x. |
| 585550 | When packet sampling is enabled on an interface, packets that should be dropped by uRPF will be forwarded. |
| 606044/610149 | The results are inaccurate when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models. |
| 609375 | The FortiSwitchOS supports four priority levels (critical, high, medium, and low); however, The SNMP Power Ethernet MIB only supports three levels. To support the MIB, a power priority of medium is returned as low for the PoE MIB. |
| 659487 | The FS-124F, FS-124F-POE, and FS-124F-FPOE models support ACL packet counters but not byte counters. The get switch acl counters commands always show the number of bytes as 0. |
| 673433 | Some 7-meter DAC cables cause traffic loss for the FS- 448E model. |
| 748210 | After a third-party hub is disconnected and then reconnected, MAB sometimes does not work. |
| 784585 | When a dynamic LACP trunk has formed between switches in an MRP ring, the MRP ring cannot be closed. Deleting the dynamic LACP trunk does not fix this issue. MRP supports only physical ports and static trunks; MRP does not support dynamic LACP trunks.
Workaround: Disable MRP and then re-enable MRP. |
| 793145 | VXLAN does not work with the following:
|
| 793821 | A “Failed to send l2mac trap” message is reported if log-mac-event is enabled on one port without the SNMP-related information being configured. |
| 795041 | The VM debug report (System > Debug Report) is missing information for many CLI commands. |
| 798357 | When multiple VXLAN configurations use the same remote-ip value, the VXLAN tunnels do not update the underlying SVI IP address. |
Notatki producenta: FortiSwitch 7.2.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie