Skip to main content
riteshpv
Staff
riteshpv
Staff
June 18, 2025

Troubleshooting Tip: STP State Randomly Disabled on FortiLink Trunk Ports

  • June 18, 2025
  • 0 replies
  • 1797 views
Description This article explains a scenario where the STP state is intermittently disabled on FortiLink trunk ports that has MCLAG enabled, and outlines how to identify and correct this behavior.
Scope FortiSwitch in Managed Mode, versions 7.2, 7.4, 7.6.
Solution

topology.jpg

 

Refer to the above topology, where the FortiLink interface is configured as an aggregate (using ports x1 and x2).

 

Note: STP is disabled by default on the FortiLink trunk (G200E4Q16900196) connecting to the FortiGate.

 

In some cases, the STP state is observed to be randomly disabled on FortiLink trunks or trunks configured with MCLAG.

 

For example, consider the following trunk configuration on FortiSwitch S448DF3XXXXXX305:


config switch trunk
    edit "G200E46XXXXX196"
        set mode lacp-active
        set auto-isl 1
        set fortilink 1
        set members "port45"
    next
    edit "_FlInK1_ICL0_"
        set mode lacp-active
        set auto-isl 1
        set mclag-icl enable
        set members "port42"
    next
    edit "8EFTFXXXXX075-0"
        set mode lacp-active
        set auto-isl 1
        set mclag enable    <------------------
        set static-isl enable
        set members "port44"
    next
edit "PO3"
set mode lacp-active
set mclag enable    <---------------------
set members "port41"
next
end


To verify the config regarding STP state for MCLAG-enabled trunks, use the following command on the FortiSwitch:


show full-configuration switch interface <trunk-name> | grep -B 12 stp-state


config switch interface
    edit "8EFTFXXXXX075-0"
    ...
        set stp-state enabled
            config switch interface
                edit "PO3"
                ...
                    set stp-state enabled


Despite STP being enabled in the configuration, logs indicate that the STP state was disabled unexpectedly:

 

execute log display


2025-06-19 02:09:13 log_id=0105008251 type=event subtype=spanning_tree pri=notice
vd=root user="admin" userfrom="ssh(1.1.1.1)" unit="primary" switch.interface="PO3"
event="stp disabled on interface" msg="user admin disabled STP on primary interface PO3"

 

2025-06-19 02:09:13 log_id=0105008251 type=event subtype=spanning_tree pri=notice
vd=root user="admin" userfrom="ssh(1.1.1.1)" unit="primary" switch.interface="8EFTFXXXXX075-0"
event="stp disabled on interface" msg="user admin disabled STP on primary interface 8EFTF18000075-0"

 

Note: The same can be verified by FortiGate: Viewing event logs.


Root Cause:

This behavior occurs when mclag-stp-aware is disabled on the MCLAG-ICL peer FortiSwitches. By default, this setting is enabled on FortiSwitches forming the MCLAG-ICL pair.

 

To verify the current setting:


show full-configuration switch global


config switch global
    set mclag-stp-aware disable
end


Resolution:


Ensure mclag-stp-aware is enabled on the MCLAG-ICL peer switches.


config switch global
    set mclag-stp-aware enable
end


Additionally, verify whether this setting is being overridden via configuration pushed from the FortiGate (for example, through custom-commands) or modified by external sources. If this was disabled unintentionally, re-enable the setting as shown above.
    Terms & ConditionsAccessibility statement