Description

This article describes how to parameter 'STP forwarding'.

Scope

FortiGate.

Solution

A FortiGate does not participate in the Spanning Tree Protocol (STP).
STP is an IEEE 802.1 protocol that ensures there are no layer-2 loops on the network.
Loops are created when there is more than one route for traffic to take, and that traffic is broadcast back to the original switch.

This loop floods the network with traffic, reducing available bandwidth to nothing.

If a FortiGate is used in a network topology that relies on STP for network loop protection, changes to the FortiGate configuration is needed.
Otherwise, STP recognizes the FortiGate as a blocked link and forwards the data to another path.
By default, the FortiGate blocks STP as well as other non-IP protocol traffic.

Using the CLI, it enables forwarding of STP and other layer-2 protocols through the interface. In this example, layer-2 forwarding is enabled on the external interface:

config system interface
    edit external
            set l2forward enable
            set stpforward enable
     next
end

By substituting different commands for stpforward enable, it allows layer-2 protocols, such as IPX, PPTP, or L2TP, to be used on the network.

STP support for FortiGate models with hardware switches. STP (Spanning Tree Protocol) used to be available only on the old-style switch mode for the internal ports.
Activating STP is now possible on the hardware switches found in the newer FortiGate models.

These models use a virtual switch to simulate the old switch mode for the internal ports.

To enable STP from CLI.

config system interface
        edit lan
             set stp {enable | disable}
         next
    end