Description
This article addresses Spanning Tree Protocol (STP) support for low-end FortiGate units that are in 'switch mode'.
Scope
FGT-30D, FWF-30D, FGT-30D-POE, FWF-30D-POE, FGT-60C, FGT_60C_POE, FWF-60C, FWF-60CM, FGT-60D, FGT-60D-POE, FGR-60D, FWF-60D, FWF-60D-POE, FWF-60D-MC, FGT-70D, FGT-80C, FGT-80CM, FWF-80CM, FWF-81CM, FGT-90D, FWF-90D, FGT-90D-POE, FWF-90D-POE, FGT-94D-POE, FGT-98D-POE, FGT-100D, FGT-100F, FGT-140D, FGT-140D-POE, FGT-140D-POE-T1, FGT-200D, FGT-201F, FGT-240D, FGT-200D-POE, FGT-240D-POE, FGT-280D-POE, FGT-1800F, FGT-3501F.
Solution
STP support for low-end FortiGate units that are in 'switch mode' was introduced in FortiOS 5.0 and FortiOS primarily supports Rapid Spanning Tree (RSTP). This is achieved via a single instance (instance 0) of Multiple Spanning Tree Protocol (MSTP).
MSTP is backwards compatible with both RSTP and STP so FortiOS automatically support those as well as being able to form MST Regions with other identically configured standards-based MSTP bridges (that is: other low end FortiGates or any other MSTP bridge configured to use only instance 0). For interactions with RSTP/STP bridges (or non-identically configured MSTP bridges) these bridges will all form one single spanning tree called the Common Spanning Tree (CST).
MSTP is defined in IEEE standard 802.1Q.
RSTP and STP are defined in IEEE standard 802.1D.
It should be noted that STP is enabled by default on applicable products when those are in 'switch mode'.
Syntax
# config system stp
set config-revision <int>
set forward-delay <secs_int>
set hello-time <secs_int>
set max-age <secs_int>
set max-hops <hops_int>
set region-name <name_str>
set status {enable | disable}
set switch-priority <prio_int>
end
Variables and permitted values
config-revision - Set the configuration revision. Range 0-65535. Default: 0
forward-delay - Set forwarding delay. Range 4 to 30. Default: 15
hello-time - Set hello time. Range 1 to 10. Default: 2
max-age - Set maximum packet age. Range 6 to 40. Default: 20
max-hops - Set maximum number of hops. Range 1 to 40. Default: 20
region-name - Set region name. Default: null
status {enable | disable} - Enable or disable STP. Default: enable
switch-priority - Set priority. Permitted values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440. Default: 32768
STP status details can be viewed using 'diagnose sys stp status' CLI command.
Sample output:
# diagnose sys stp status
STP Status Information
Switch Priority 32768
Switch MAC Address 00090f4be8fe
Root Priority 32768
Root MAC Address 00090f4be8fe
Root Pathcost 0
This bridge IS the root
Regional Root Priority 32768
Regional Root MAC Address 00090f4be8fe
Regional Root Path Cost 0
Remaining Hops 20
This bridge IS the regional root
Port Speed Cost Priority Role State Edge
__________ ______ _________ _________ ___________ __________ ____
internal1 10M 2000000 0 DISABLED DISCARDING YES
internal2 10M 2000000 0 DISABLED DISCARDING YES
internal3 10M 2000000 0 DISABLED DISCARDING YES
internal4 10M 2000000 0 DISABLED DISCARDING YES
internal5 10M 2000000 0 DISABLED DISCARDING YES
