Introduction
This guide provides information about configuring a FortiSwitch unit in standalone mode. In standalone mode, you manage the FortiSwitch unit by connecting directly to the unit, either using the web-based manager (also known as the GUI) or the CLI.
If you will be managing your FortiSwitch unit using a FortiGate unit, refer to the following guide: FortiSwitch Managed by FortiOS 6.4.
This chapter covers the following topics:
- Supported models
- Whatʼs new in FortiSwitchOS 6.4.11
- Feature matrix: FortiSwitchOS 6.4.11
- Before you begin
- How this guide is organized
Supported models
This guide is for all FortiSwitch models that are supported by FortiSwitchOS, which includes all of the D-series, E-series, and F-series models.
Whatʼs new in FortiSwitchOS 6.4.11
FortiSwitch 6.4.11 is a patch release only. No new features or enhancements have been implemented in this release.
Refer to Feature matrix: FortiSwitchOS 6.4.11 for details about the features supported on each FortiSwitch model.
Feature matrix: FortiSwitchOS 6.4.11
The following table lists the FortiSwitch features in release 6.4.11 that are supported on each series of FortiSwitch models. All features are available in release 6.4.11, unless otherwise stated.
Feature |
GUI supported |
112D-POE |
FSR-124D |
1xxE, 1xxF |
4xxE |
200 Series, 400 Series |
500 Series |
1024D, 1048D, 1048E |
3032D, 3032E |
---|---|---|---|---|---|---|---|---|---|
Management and Configuration |
|||||||||
CPLD software upgrade support for OS |
— |
— |
— |
— |
— |
— |
— |
1024D, 1048D |
— |
Firmware image rotation (dual-firmware image support) |
— |
✓ |
✓ |
148E, 148E-POE |
✓ |
✓ |
✓ |
✓ |
✓ |
HTTP REST APIs for configuration and monitoring |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Support for switch SNMP OID |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
IP conflict detection and notification |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
FortiSwitch Cloud configuration |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Auto topology |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Security and Visibility |
|||||||||
802.1x port mode |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
802.1x MAC-based security mode |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
User-based (802.1x) VLAN assignment |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
802.1x enhancements, including MAB |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
MAB reauthentication disabled |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
open-auth mode |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Support of the RADIUS accounting server |
Partial |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Support of RADIUS CoA and disconnect messages |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
EAP Pass-Through |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Network device detection |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
IP-MAC binding (IPv4) |
✓ |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
sFlow (IPv4) |
✓ |
✓ |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Flow export (IPv4) |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
ACL (IPv4) |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Multistage ACL (IPv4) |
✓ |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
Multiple ingress ACLs (IPv4) |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Schedule for ACLs (IPv4) |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
DHCP snooping |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
DHCPv6 snooping |
✓ |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Allowed DHCP server list |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
IP source guard (IPv4) |
✓ |
— |
✓ |
— |
✓ |
✓ |
— |
— |
— |
IP source-guard violation log |
— |
— |
✓ |
— |
✓ |
✓ |
— |
— |
— |
Dynamic ARP inspection (IPv4) |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
ARP timeout value |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Access VLANs (See Note 8.) |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
RMON group 1 |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Reliable syslog |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Packet capture |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
MACsec (See Note 7.) |
— |
— |
— |
— |
— |
— |
✓ |
— |
— |
Layer 2 |
|||||||||
Link aggregation group size (maximum number of ports) (See Note 2.) |
✓ |
8 |
8 |
8 |
8 |
8 |
24/48 |
24/48 |
24, 64 |
LAG min-max-bundle |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
IPv6 RA guard |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
IGMP snooping |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
IGMP proxy |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
IGMP querier |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
MLD snooping |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
MLD proxy |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
MLD querier |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
LLDP-MED |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
LLDP-MED: ELIN support |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Per-port max for learned MACs |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
— |
— |
MAC learning limit (See Note 4.) |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
— |
— |
Learning limit violation log (See Note 4.) |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
— |
— |
set mac-violation-timer |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Sticky MAC |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Total MAC entries |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
MSTP instances |
— |
0-15 |
0-15 |
0-15 |
0-15 |
0-15 |
0-32 |
0-32 |
0-32 |
STP root guard |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
STP BPDU guard |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Rapid PVST interoperation |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
'forced-untagged' or 'force-tagged' setting on switch interfaces |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Private VLANs |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Multi-stage load balancing |
— |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
Priority-based flow control |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
Ingress pause metering |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
3032D |
Storm control |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Per-port storm control |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Global burst-size control |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
MAC/IP/protocol-based VLAN assignment |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Virtual wire |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Loop guard |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Percentage rate control |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
VLAN stacking (QinQ) |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
VLAN mapping |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
SPAN |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
RSPAN and ERSPAN (IPv4) |
✓ |
RSPAN |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Flow control |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Layer 3 |
|||||||||
Link monitor (IPv4) |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Static routing (IPv4/IPv6) |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Hardware routing offload (IPv4/IPv6) |
✓ |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Software routing only (IPv4/IPv6) |
✓ |
✓ |
— |
✓ |
— |
— |
— |
— |
— |
OSPF (IPv4/IPv6) (See Note 3.) |
✓ |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
OSPF database overflow protection (IPv4) |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
OSPF graceful restart (helper mode only) (IPv4) |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
RIP (IPv4/IPv6) (See Note 3.) |
✓ |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
VRRP (IPv4/IPv6) (See Note 3.) |
✓ |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
BGP (IPv4/IPv6) (See Note 3.) |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
IS-IS (IPv4/IPv6) (See Note 3.) |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
PIM (IPv4) (See Note 3.) |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
Hardware-based ECMP (IPv4) |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
VRF (IPv4/IPv6) |
— |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
Static BFD (IPv4/IPv6) |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
BFD for BGPv6 |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
BFD for RIPng |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
uRPF |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
DHCP relay (IPv4) |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
DHCP server (IPv4) |
✓ |
— |
— |
— |
✓ |
4xx only |
✓ |
✓ |
✓ |
High Availability |
|||||||||
MCLAG (multichassis link aggregation) |
Partial |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
STP supported in MCLAGs |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
IGMP snooping in MCLAG |
✓ |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Quality of Service |
|||||||||
802.1p support, including priority queuing trunk and WRED |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
QoS queue counters |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
QoS marking (IPv4/IPv6) |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Summary of configured queue mappings |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Egress priority tagging (IPv4/IPv6) |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
ECN (IPv4/IPv6) |
— |
— |
— |
— |
✓ |
— |
✓ |
✓ |
✓ |
Real-time egress queue rates |
— |
— |
— |
— |
— |
✓ |
✓ |
✓ |
✓ |
Miscellaneous |
|||||||||
PoE-pre-standard detection (See Note 1.) |
— |
✓ |
✓ |
FS-1xxE POE |
✓ |
✓ |
✓ |
— |
— |
PoE modes support: first come, first served or priority based (PoE models) |
— |
✓ |
✓ |
FS-1xxE POE |
✓ |
✓ |
✓ |
— |
— |
Control of temperature alerts |
— |
✓ |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
Split port (See Note 6.) |
Partial |
— |
— |
— |
— |
— |
✓ |
1048E |
✓ |
TDR (time-domain reflectometer)/cable diagnostics support |
✓ |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
— |
— |
Auto module max speed detection and notification |
✓ |
— |
— |
— |
— |
— |
✓ |
✓ |
— |
Monitor system temperature (threshold configuration and SNMP trap support) |
— |
✓ |
✓ |
FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE |
✓ |
✓ |
✓ |
✓ |
✓ |
Cut-through switching |
— |
— |
— |
— |
— |
— |
— |
✓ |
✓ |
Add CLI to show the details of port statistics |
— |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
Configuration of the QSFP low-power mode |
— |
— |
— |
— |
— |
— |
✓ |
1048D, 1048E |
✓ |
Energy-efficient Ethernet |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
✓ |
— |
— |
PHY Forward Error Correction (See Note 5.) |
— |
— |
— |
— |
— |
— |
— |
1048E |
3032E |
PTP transparent clock (IPv4/IPv6) (See Note 9.) |
— |
— |
— |
— |
✓ |
✓ |
✓ |
1048E |
✓ |
Notes
- PoE features are applicable only to the model numbers with a POE or FPOE suffix.
- The 24-port LAG is applicable to FS-524D, FS-524-FPOE, FS-1024D, and FS-3032D models. The 48-port LAG is applicable to FS-548D, FS-548-FPOE, and FS-1048D models.
- To use the dynamic layer-3 protocols, you must have an advanced features license.
- The per-VLAN MAC learning limit and per-trunk MAC learning limit are not supported on the FS-448D, FS-448D-POE, FS-448D-FPOE, FS-248E-POE, FS-248E-FPOE, FS-248D series.
- Supported only in 100G mode (clause 91).
- On the FS-3032E, you can split one port at the full base speed, split one port into four sub-ports of 25 Gbps each (100G QSFP only), or split one port into four sub-ports of 10 Gbps each (40G or 100G QSFP).
- Supported on FS-5xxD 10G ports.
- The maximum number of access VLANs on the FS-1xxE models is 16; the maximum number of access VLANs on the FS-148F models is 32.
- PTP is not supported on the FS-248E, FS-248E-POE, FS-248E-FPOE, FS-448D, FS-448D-POE, and FS-448D-FPOE models.
Before you begin
Before you start administrating your FortiSwitch unit, it is assumed that you have completed the initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your FortiSwitch model and have administrative access to the FortiSwitch unit’s GUI and CLI.
How this guide is organized
This guide is or