Overview
The MR4 release adds new features and fixes to the switch firmware.
Centralized Administrator Authentication using Radius or TACACS+
Sophos switch can be configured to use Radius or TACACS+ for centralized authentication management for all switch administrators who need to gain access to the switch's local management interfaces. Using Radius or TACACS+ authentication supplies added security and better change control management by tracking the switch changes based on the administrator’s name.
802.1x Authentication using TACACS+
Sophos switch now supports TACACS+ authentication as an alternative to Radius for 802.1x user authentication.
Spanning Tree Protocol (STP) Root Guard
The STP Root Guard feature protects switch ports from receiving higher priority STP Bridge Protocol Data Units (BPDUs). Any ports that receive higher priority STP BPDU packets could become the STP Root.
STP BPBU Guard
The STP BPDU Guard feature protects the switch ports from receiving STP BPDUs, however, the port can transmit STP BPDU packets.
STP BPDU Forward
The STP BPDU Forward feature enables the switch to forward BPDU packets. BPDU forward is used for loop detection and the election of STP Root Bridge for all network devices' traffic flow without a loop.
Real-time Monitor for Switch Port Utilization
Adds a real-time monitor in the local GUI to display the port utilization by Tx and Rx rates for any actively used switch port.
Bug Fixes:
| Issue Key | Summary | Work Around |
| NSW-5000 | In the local switch GUI on the Dashboard page, the Hardware Version field has been changed to Hardware ID. | |
| NSW-4960 | Syslog messages do not send the correct hostname value for the switch. | |
| NSW-4234 | Clients using a dynamic VLAN assignment lose connection when a static VLAN assignment is changed on the switch. | |
| NSW-3847 | LACP fails between a Sophos switch and a directly connected Windows 2019 server. | |
| NSW-3619 | An NTP sync issue causes the switch to lose its connection to Sophos Central. | |
| NSW-3710 | During a reset of the admin imported certificates, the rest button displays an ‘unknown error’ message instead of the correct message ‘Applied the configuration.’ | |
| NSW-4975 |
Higher than expected latency was observed when a user was sending ping packets between two different networks attached to the same Sophos Switch. |
|
| NSW-4959 |
PoE-capable devices that are not AF or AT compliant and require non-standard PoE (Example: Polycom VVX310 IP phone) may not power up when connected to a Sophos Switch. This issue affects the following switch models: CS110-24FP, CS110-48P, CS110-48FP, CS210-24FP, and CS210-48FP. |
Through the CLI enable legacy power mode using the following command ‘power legacy mode enable.’ |
Known Issues:
For a list of known issues please visit https://doc.sophos.com/support/kil/index.html.
