| Description | This article describes how to use any other FortiSwitch as a Root bridge. It can be done when the FortiSwitch is managed by FortiGate or by Standalone. |
| Scope | FortiSwitch. |
| Solution |
Sometimes, it is necessary to elect another Switch as a Root Bridge, this particular case is most related to when there are Standalone FortiSwitches, but the procedure is the same even though FortiGate is used with FortiLink. This is a demonstration of how to do it, but when FortiGate is under the topology, the recommendation about the Root Bridge is always that the root will be the one connected directly to the FortiGate.
Now the topology is:
This FortiSwitch S224EPTF18-----1 is the Root Bridge. It is possible to see the Burn MAC and its priority now is set to 24576 under the two instances 0 and 15.
S224EPTF18-----1 # diagnose stp instance list | grep -e Instance ID 0 -e Regional Root MAC e81cba853884 (CLI):MST Instance Information, primary-Channel: (CLI):Instance ID 0 (CST) (CLI): Regional Root MAC e81cba853884, Priority 24576, Path Cost 0 (CLI):Instance ID 15 (CLI): Regional Root MAC e81cba853884, Priority 24576, Path Cost 0 S224EPTF18004511 # get system status | grep Burn Burn in MAC: e8:1c:ba:85:38:84
The FortiSwitch S248EPTF19-----0 the Root Bridge also is reflected under this FortiSwitch e81cba853884, but it has as a Priority 28672 this number is higher versus 24576:
S248EPTF19-----0 # diagnose stp instance list | grep -e Priority -e Instance ID 0 -e Regional Root MAC (CLI):MST Instance Information, primary-Channel: (CLI):Instance ID 0 (CST) (CLI): Config Priority 28672 (CLI): Root MAC e81cba853884, Priority 24576, Path Cost 0, Remaining Hops 19
CLI):Instance ID 15 (CLI): Config Priority 28672 , VLANs 4094 (CLI): Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0 (CLI): Port Speed Cost Priority Role State Flags S248EPTF19-----0 # get system status | grep Burn Burn in MAC: 04:d5:90:3c:26:b2
The last FortiSwitch S248EPTF19-----1 has the same behavior with priority 28672 and identifies its Root Bridge e81cba853884:
S248EPTF19-----1 # diagnose stp instance list | grep -e Priority -e Instance ID 0 -e Regional Root MAC (CLI):MST Instance Information, primary-Channel: (CLI):Instance ID 0 (CST) (CLI): Config Priority 28672 (CLI): Root MAC e81cba853884, Priority 24576, Path Cost 0, Remaining Hops 19 (CLI): Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0 (CLI): Port Speed Cost Priority Role State HelloTime Flags
(CLI):Instance ID 15 (CLI): Config Priority 28672 , VLANs 4094 (CLI): Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0 (CLI): Port Speed Cost Priority Role State Flags
S248EPTF19-----1 # get system status | grep Burn Burn in MAC: 04:d5:90:10:a8:18
Now let's convert S248EPTF19-----1 to the Root Bridge giving a lower priority 16384 in comparison with S224EPTF18-----1 which has 24576:
S248EPTF19-----1 # config switch stp instance S248EPTF19-----1 (instance) # edit 0 S248EPTF19-----1 (0) # set priority 0 0. 12288 12288. 16384 16384. 20480 20480. 24576 24576. 28672 28672. 32768 32768. 36864 36864. 4096 4096. 40960 40960. 45056 45056. 49152 49152. 53248 53248. 57344 57344. 61440 61440. 8192 8192.
S248EPTF19-----1 (0) # set priority 16384 S248EPTF19-----1 (0) # end
Let’s see the result:
S248EPTF19-----1 # diagnose stp instance list MST Instance Information, primary-Channel: Instance ID 0 (CST) Config Priority 16384 Bridge MAC 04d59010a818, MD5 Digest 742f04075e42ee2d6606ac1b87d85cb4
Root MAC 04d59010a818, Priority 16384, Path Cost 0, Remaining Hops 20 (This bridge is the root)
But!! The instance 15 is still is under the command of e81cba853884 Switch as its Root Bridge: Instance ID 15 Config Priority 28672 , VLANs 4094 Bridge MAC 04d59010a818 Regional Root MAC e81cba853884, Priority 24576, Path Cost 1, Root Port 4EPTF18004511-0
Now let’s see the topology again, the port 41 now is under Discarding State:
It is possible to do the same with any instance, possible to include more independent Instances and change the priority as explain in this related document: |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
- Fortinet Community
- Knowledge Base
- FortiSwitch
- Technical Tip: How to elect the Root Bridge by adj...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.