Managed FortiSwitch 6.0.4 1xxE DHCP Snooping and Blocking
We updated our FortiGates to 6.0.5 a little while back and are now starting the upgrade to 6.0.x with our FortiSwitches.
I used our secondary location, which only has a single FortiGate and FortiSwitch 124E-POE to test this, and upgraded the FortiSwitch from 3.6.9 to 6.0.4.
Seemed to work okay, then saw no DHCP responses were getting back to clients. The FortiSwitch appeared to be blocking them.
Logging in directly through a management port and checking the vlan interface GUI page showed DHCP Snooping On/Enabled for each vlan interface (with switch port is listed as untrusted) and a warning label saying "DHCP Server(s) have been blocked".
Turning off DHCP snooping for the vlan interface allowed normal DHCP requests and responses.
Note that DHCP had been working fine with the switch on 3.6.9 (when managed by a FortiGate on 6.0.5).
Release notes for FortiSwitch 6.0.4 says DHCP Snooping is supported for 1xxE devices, but not DHCP Blocking.
Admin guide for Managed FortiSwitch 6.0.4 says 1xxE switches DON'T support DHCP Snooping nor Blocking.
Admin guide for Standalone FortiSwitch 6.0.3 says 1xxE switches DO support DHCP Snooping, but not Blocking.
For a switch that isn't able to DHCP Blocking it seemed to be doing it a bit too well. If the switch (when managed) doesn't support DHCP Snooping, then why is it enabled? Upgraded config issue?
Anybody know whether DHCP Snooping and DHCP Blocking are actually supported, currently broken, not supported, or something else for a 6.0.4 124E-POE FortiSwitch managed by a 6.0.5 FortiGate?
I'd like to understand what's happening with this switch before updating our other location which has 248E and 108E switches, along with non-Fortinet switches.