Using Ubiquity P2P Wireless Bridge as Backup w/Fortiswitches managed via L2 Fortilink

Hello All,

I have 3 buildings, all in the same metro area, with a Fortigate pair managing 2 other building's Fortiswitch network over L2. With the following subset of my topology:

Building1 FGT Pair > FSW Pair

Building1 FSW Pair > Building2 FSW Pair over an ISP wavelength fiber pair

Building1 FSW Pair > Building3 FSW Pair over an ISP wavelength fiber pair

Building2 FSW < UBNT P2P Radios > Building3 FSW (redundant link)

I have a Ubiquiti P2P Wireless system in Buildings 2 and 3. I have the radios configured and setup between Buildings 2 and 3, with a strong link between the two. They tag their management traffic (GUI/setup of the radios) with a VLAN that does not interfere with anything fortilink-related, but they should pass any other L2 traffic across them transparently.

Each Building's FSW Pair is a 1024E with an MCLAG-ICL between the two. Spanning Tree is the default Fortiswitch factory configuration (MST, 0 and 15 instances).

Ideally, I'd like to get these working as a redundant STP path in the event that a building loses its fiber link to Building 1.

In testing, if I do the following (and vise-versa), it works and the B3 switch joins/authorizes just fine:

Building2 Prod FSW Pair < UBNT P2P > Building3 new fortiswitch with no connection to the rest of Building3's prod network

The documented "set fortilink-p2p enable" command works as published to get this working. I don't believe I've had to do anything else fancy to get this working but it's been a while since I've tested it.

Now, in trying to get these working in the production network as a redundant link, when I connect the two radios to the switch pairs, after learning, spanning tree disables one side of the link as expected for a brief moment, but then shows both links as forwarding (not the root given the fiber is live), and marks them as an Edge port despite me disabling that on each link. It does not appear to be causing loops. My assumption is that this is due to the Management traffic from the radios over their management VLAN. If I unplug the fiber on one side of the triangle, no new root is elected, and the disconnected building does not properly elect the P2P as the new root. The fiber is restored as the root as soon as it's reconnected and traffic flows normally.

My current configs from both Building2 and Building3 are below:

Building2: config switch physical-port     edit "port24"         set description "P2P"         set fortilink-p2p enable         set lldp-profile "default-auto-isl"         set speed auto-module         set storm-control-mode disabled     next end config switch trunk edit "P2P"         set auto-isl 1         set mclag enable         set static-isl enable         set members "port24"              next config switch interface     edit "P2P"         set native-vlan 4094         set allowed-vlans LIST OF ALL OF MY VLANS HERE         set untagged-vlans 4093         set edge-port disabled         set snmp-index 49     next end  Building3: config switch physical-port     edit "port22"         set description "P2P"         set fortilink-p2p enable         set lldp-profile "default-auto-isl"         set speed auto-module     next end config switch trunk edit "P2P"         set auto-isl 1         set mclag enable         set static-isl enable         set members "port22"              next config switch interface     edit "P2P"         set native-vlan 4094         set allowed-vlans LIST OF ALL OF MY VLANS HERE         set untagged-vlans 4093         set edge-port disabled         set snmp-index 58     next end

My assumption is that STP is putting the links in Forwarding at connection due to the Management Traffic of the radios. When I used this topology with the Cisco network (Rapid PVST was used), it would properly block one side of the link, and when the root was lost, it would fail-over instantaneously.

Does anyone have a similar setup to this in production and/or have any suggestions on how to get this working?