Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pginete
Staff
Staff

Created on ‎05-29-2025 10:43 PM

Article Id 394152

Troubleshooting Tip: FortiGate is forwarding Rapid STP frames in a software switch even it’s disabled.

Description

This article describes how to stop the Rapid STP frames from being forwarded in a software switch when it is disabled.
Scope FortiGate.
Solution

Diagram:

 

software switch rstp issue.png

 

Rapid STP frames are forwarded in a software switch even though it is disabled on v7.4.3 and below.

 

Lab_FGT1 # diagnose sniffer packet port1

interfaces=[port1]

filters=[none]

17.548280 stp 802.1s, rapid stp, cist flags [forward, agreement]

19.688234 stp 802.1s, rapid stp, cist flags [forward, agreement]

21.798232 stp 802.1s, rapid stp, cist flags [forward, agreement]

 

Upgrade the firmware to v7.4.4 or higher to fix this behavior. This is related to bug 985928.

 

When the members of software switch (port1 and port2) are connected to the same switch network, enable stpforward first before upgrading the firmware to v7.4.4 or higher, as it will cause a switch loop due to correcting the misbehavior of rapid STP forward.

 

config system interface

    edit port1

        set stpforward enable

    next

        edit port2

            set stpforward enable

        next

    end
248
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.