Fortinet black logo

Release Notes

Home FortiSwitch 7.0.2 Release Notes

Introduction

7.0.2
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
3.6.12
3.6.11
3.6.10
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.1
3.6.0
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.5.0
3.4.3
3.4.2
3.4.1
3.4.0
3.3.3
3.3.2
3.3.1
Copy Link
Copy Doc ID e73f6e06-0450-11ec-8f3f-00505692583a:784383
Download PDF

Introduction

This document provides the following information for FortiSwitchOS 7.0.2 build 0049.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.0.2 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
FortiSwitch 3xxx FS-3032D, FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.0.2

Release 7.0.2 provides the following new features:

  • New commands allow you to specify which IGMP-snooping and MLD-snooping groups are cleared:
    • execute clear switch igmp-snooping all
    • execute clear switch igmp-snooping group <multicast_IPv4_address>
    • execute clear switch igmp-snooping interface <interface_name>
    • execute clear switch igmp-snooping vlan <VLAN_ID>
    • execute clear switch mld-snooping all
    • execute clear switch mld-snooping group <multicast_IPv6_address>
    • execute clear switch mld-snooping interface <interface_name>
    • execute clear switch mld-snooping vlan <VLAN_ID>
    You can also combine the commands for more control.
  • You can now sort each column on the Log > Entries page.
  • As part of the existing support for RFC 1493, the following OIDs have been added:

    Name

    OID

    dot1dBaseBridgeAddress.1.3.6.1.2.1.17.1.1.0
    dot1dBaseNumPorts.1.3.6.1.2.1.17.1.2.0
    dot1dBaseType.1.3.6.1.2.1.17.1.3.0
    dot1dTpFdbTable
    TpFdbAddress
    TpFdbPort
    TpfdbStatus    		.1.3.6.1.2.1.17.4.3
    .1.3.6.1.2.1.17.4.3.1.1
    .1.3.6.1.2.1.17.4.3.1.2
    .1.3.6.1.2.1.17.4.3.1.3
    dot1dBasePortTable
    BasePort
    BasePortIfIndex
    basePortCircuit
    		.1.3.6.1.2.1.17.1.4
    .1.3.6.1.2.1.17.1.4.1.1
    .1.3.6.1.2.1.17.1.4.1.2
    .1.3.6.1.2.1.17.1.4.1.3

    NOTE: dot1dbasePortDelayeExceededDiscards (.1.3.6.1.2.1.17.1.4.1.4) and dot1dBasePortMtuExceededDiscards (.1.3.6.1.2.1.17.1.4.1.5) are not supported.

  • When DHCP snooping is enabled and a DHCP server is detected on an untrusted interface, a log entry is generated, either “A rogue DHCPv6 server has been detected on the interface” or “A rogue DHCP server has been detected on the interface.”
  • You can now use RADIUS attributes to configure dynamic access control lists (DACLs) on 802.1x ports. DACLS are configured on a switch or saved on a RADIUS server. You can use DACLs to control traffic per user session or per port for switch ports directly connected to user clients. DACLs apply to hardware only when 802.1x authentication is successful.
  • You can now specify the outer VLAN tag and COS queue number when configuring the access control list (ACL) policies on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.

  • You can now enable or disable the learning-limit violation log in the GUI (Switch > MAC Limit).

  • The MAC learning limit and the MAC learning limit violation log are now supported on the FSR-112D-POE.
  • You can now specify that, when the MAC learning limit is exceeded, the interface that it is configured on will be disabled.
  • You can now receive an SNMP trap message when the MAC learning limit is exceeded.
  • NAC LAN segments are now supported on the FS-148F, FS-148F-POE, and FS-148F-FPOE models in FortiLink mode. FortiOS 7.0.1 or higher is required.
  • You can now specify a range of multicast group addresses (IPv4) when configuring a Protocol Independent Multicast (PIM) multicast flow.
  • The output of the diagnose test authserver radius command now includes the configured attribute-value pairs (AVPs).
  • When you test the user credentials for a RADIUS server in the GUI (System > Authentication > RADIUS), the configured AVPs are now returned, along with the status of the connection and user credentials.
  • You can now view if a module supports the diagnostic monitoring interface (DMI):
    • The output of the get switch modules status command reports if a module does not support DMI.
    • There is a new DMI column on the Module Summary page (Switch > Monitor > Modules).

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Previous
Next

Introduction

This document provides the following information for FortiSwitchOS 7.0.2 build 0049.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.0.2 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
FortiSwitch 3xxx FS-3032D, FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.0.2

Release 7.0.2 provides the following new features:

  • New commands allow you to specify which IGMP-snooping and MLD-snooping groups are cleared:
    • execute clear switch igmp-snooping all
    • execute clear switch igmp-snooping group <multicast_IPv4_address>
    • execute clear switch igmp-snooping interface <interface_name>
    • execute clear switch igmp-snooping vlan <VLAN_ID>
    • execute clear switch mld-snooping all
    • execute clear switch mld-snooping group <multicast_IPv6_address>
    • execute clear switch mld-snooping interface <interface_name>
    • execute clear switch mld-snooping vlan <VLAN_ID>
    You can also combine the commands for more control.
  • You can now sort each column on the Log > Entries page.
  • As part of the existing support for RFC 1493, the following OIDs have been added:

    Name

    OID

    dot1dBaseBridgeAddress.1.3.6.1.2.1.17.1.1.0
    dot1dBaseNumPorts.1.3.6.1.2.1.17.1.2.0
    dot1dBaseType.1.3.6.1.2.1.17.1.3.0
    dot1dTpFdbTable
    TpFdbAddress
    TpFdbPort
    TpfdbStatus    		.1.3.6.1.2.1.17.4.3
    .1.3.6.1.2.1.17.4.3.1.1
    .1.3.6.1.2.1.17.4.3.1.2
    .1.3.6.1.2.1.17.4.3.1.3
    dot1dBasePortTable
    BasePort
    BasePortIfIndex
    basePortCircuit
    		.1.3.6.1.2.1.17.1.4
    .1.3.6.1.2.1.17.1.4.1.1
    .1.3.6.1.2.1.17.1.4.1.2
    .1.3.6.1.2.1.17.1.4.1.3

    NOTE: dot1dbasePortDelayeExceededDiscards (.1.3.6.1.2.1.17.1.4.1.4) and dot1dBasePortMtuExceededDiscards (.1.3.6.1.2.1.17.1.4.1.5) are not supported.

  • When DHCP snooping is enabled and a DHCP server is detected on an untrusted interface, a log entry is generated, either “A rogue DHCPv6 server has been detected on the interface” or “A rogue DHCP server has been detected on the interface.”
  • You can now use RADIUS attributes to configure dynamic access control lists (DACLs) on 802.1x ports. DACLS are configured on a switch or saved on a RADIUS server. You can use DACLs to control traffic per user session or per port for switch ports directly connected to user clients. DACLs apply to hardware only when 802.1x authentication is successful.
  • You can now specify the outer VLAN tag and COS queue number when configuring the access control list (ACL) policies on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.

  • You can now enable or disable the learning-limit violation log in the GUI (Switch > MAC Limit).

  • The MAC learning limit and the MAC learning limit violation log are now supported on the FSR-112D-POE.
  • You can now specify that, when the MAC learning limit is exceeded, the interface that it is configured on will be disabled.
  • You can now receive an SNMP trap message when the MAC learning limit is exceeded.
  • NAC LAN segments are now supported on the FS-148F, FS-148F-POE, and FS-148F-FPOE models in FortiLink mode. FortiOS 7.0.1 or higher is required.
  • You can now specify a range of multicast group addresses (IPv4) when configuring a Protocol Independent Multicast (PIM) multicast flow.
  • The output of the diagnose test authserver radius command now includes the configured attribute-value pairs (AVPs).
  • When you test the user credentials for a RADIUS server in the GUI (System > Authentication > RADIUS), the configured AVPs are now returned, along with the status of the connection and user credentials.
  • You can now view if a module supports the diagnostic monitoring interface (DMI):
    • The output of the get switch modules status command reports if a module does not support DMI.
    • There is a new DMI column on the Module Summary page (Switch > Monitor > Modules).

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Previous
Next