Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
dwivedis
Staff
Staff

Created on ‎01-15-2025 02:35 AM

Article Id 370301

Troubleshooting Tip: STP Convergence Between FortiSwitch and Cisco Switches (MSTP and RPVST+)

Description
This article provides troubleshooting steps for Spanning Tree Protocol (STP) convergence issues between FortiSwitch and Cisco switches.
Scope
This applies to FortiSwitch devices.
Solution
Problem: STP convergence issues can occur when connecting FortiSwitches configured with Multiple Spanning Tree Protocol (MSTP) to Cisco switches running Rapid Per-VLAN Spanning Tree Plus (RPVST+).

Example Scenario:
A common scenario involves two FortiSwitches connected to a Cisco switch. Specifically:
Cisco switch ports FastEthernet0/1 and FastEthernet0/5 are connected to port 1 on each FortiSwitch.
A Link Aggregation Group (LAG1) connects the two FortiSwitches.

Below are the configurations on the Cisco and FortiSwitch side:
Cisco:
 
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1,10,20 priority 0
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20
 switchport mode trunk
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20
 switchport mode trunk

 FortiSwitch:
 
show switch interface LAG-1
config switch interface
    edit "LAG-1"
        set allowed-vlans 10,20
        set edge-port disabled
        set snmp-index 31
    next
end

show switch interface port1
config switch interface
    edit "port1"
        set allowed-vlans 10,20
        set edge-port disabled
        set rpvst-port enabled
        set snmp-index 1
    next
end

The above configurations often lead to STP convergence issues because of the incompatibility between MSTP (on the FortiSwitches) and RPVST+ (on the Cisco switch).

Solution:
To achieve proper STP convergence, the following approaches can be taken, depending on which device should be the root bridge:
 
Case 1: Cisco Switch as Root Bridge:
If the Cisco switch should be the root bridge, its VLAN 1 STP priority must be higher than the priorities of other VLANs on the Cisco switch. The following configurations should be applied to the Cisco switch:

Below should be the configurations on Cisco and FortiSwitch:
Cisco:
 
Switch#show running-config | include spanning
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
spanning-tree vlan 10,20 priority 0

Switch#show running-config interface fastEthernet 0/1
Building configuration...

Current configuration : 133 bytes
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
end

Switch#show running-config interface fastEthernet 0/5
Building configuration...

Current configuration : 133 bytes
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
end

 

Cisco convergence outputs:

 

Switch#show spanning-tree
VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    4097
             Address     0014.a859.c880   <------- Root Bridge MAC-address.
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)
             Address     0014.a859.c880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg LRN 19        128.1    Shr
Fa0/5               Desg BLK 19        128.5    P2p

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    10
             Address     0014.a859.c880
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    10     (priority 0 sys-id-ext 10)
             Address     0014.a859.c880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg FWD 19        128.1    Shr
Fa0/5               Desg FWD 19        128.5    P2p

FortiSwitch convergence outputs:
 
SW1 # diagnose stp instance list

MST Instance Information, primary-Channel:

Instance ID 0 (CST)
  Config         Priority 24576
                 Bridge MAC 80802c0a7364, MD5 Digest ac36177f50283cd4b83821d8ab26de62

  Root           MAC 0014a859c880, Priority 4097, Path Cost 200000, Remaining Hops 20 <-- Root Bridge MAC.
  Regional Root  MAC 80802c0a7364, Priority 24576, Path Cost 0, Root Port port1

  Active Times   Forward Time 15, Max Age 20, Remaining Hops 20

  TCN Events     Triggered 5 (0d 0h 8m 15s ago), Received 20 (0d 0h 0m 58s ago)

  Port               Speed   Cost       Priority   Role         State        HelloTime  Flags
  ________________   ______  _________  _________  ___________  __________   _________  _______________

  port1              100M    200000     128        ROOT         FORWARDING   2          EN
  port2              -       200000000  128        DISABLED     DISCARDING   2          ED
  port3              -       200000000  128        DISABLED     DISCARDING   2          ED
  port4              -       200000000  128        DISABLED     DISCARDING   2          ED
  port5              -       200000000  128        DISABLED     DISCARDING   2          ED
  port6              -       200000000  128        DISABLED     DISCARDING   2          ED
  port7              -       200000000  128        DISABLED     DISCARDING   2          ED
  port8              -       200000000  128        DISABLED     DISCARDING   2          ED
  port9              -       200000000  128        DISABLED     DISCARDING   2          ED
  port10             -       200000000  128        DISABLED     DISCARDING   2          ED
  port13             -       200000000  128        DISABLED     DISCARDING   2          ED
  port14             -       200000000  128        DISABLED     DISCARDING   2          ED
  port15             -       200000000  128        DISABLED     DISCARDING   2          ED
  port16             -       200000000  128        DISABLED     DISCARDING   2          ED
  port17             -       200000000  128        DISABLED     DISCARDING   2          ED
  port18             -       200000000  128        DISABLED     DISCARDING   2          ED
  port19             -       200000000  128        DISABLED     DISCARDING   2          ED
  port20             -       200000000  128        DISABLED     DISCARDING   2          ED
  port21             -       200000000  128        DISABLED     DISCARDING   2          ED
  port22             -       200000000  128        DISABLED     DISCARDING   2          ED
  port23             -       200000000  128        DISABLED     DISCARDING   2          ED
  port24             -       200000000  128        DISABLED     DISCARDING   2          ED
  port25             -       200000000  128        DISABLED     DISCARDING   2          ED
  port26             -       200000000  128        DISABLED     DISCARDING   2          ED
  port27             -       200000000  128        DISABLED     DISCARDING   2          ED
  port28             -       200000000  128        DISABLED     DISCARDING   2          ED
  internal           1G      20000      128        DESIGNATED   FORWARDING   2          ED
  LAG-1              100M    200000     128        DESIGNATED   FORWARDING   2          EN

  Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
  RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
  MV(PVST Port Vlan Mismatch)

SW2 # diagnose stp instance list

MST Instance Information, primary-Channel:

Instance ID 0 (CST)
  Config         Priority 28672
                 Bridge MAC 704ca57937ac, MD5 Digest ac36177f50283cd4b83821d8ab26de62

  Root           MAC 0014a859c880, Priority 4097, Path Cost 200000, Remaining Hops 20 <-- Root Bridge MAC.

  Regional Root  MAC 704ca57937ac, Priority 28672, Path Cost 0, Root Port port1

  Active Times   Forward Time 15, Max Age 20, Remaining Hops 20

  TCN Events     Triggered 4 (0d 0h 9m 14s ago), Received 42 (0d 0h 0m 57s ago)

  Port               Speed   Cost       Priority   Role         State        HelloTime  Flags
  ________________   ______  _________  _________  ___________  __________   _________  _______________

  port1              100M    200000     128        ROOT         FORWARDING   2          EN
  port2              -       200000000  128        DISABLED     DISCARDING   2          ED
  port3              -       200000000  128        DISABLED     DISCARDING   2          ED
  port4              -       200000000  128        DISABLED     DISCARDING   2          ED
  port5              -       200000000  128        DISABLED     DISCARDING   2          ED
  port6              -       200000000  128        DISABLED     DISCARDING   2          ED
  port7              -       200000000  128        DISABLED     DISCARDING   2          ED
  port8              -       200000000  128        DISABLED     DISCARDING   2          ED
  port9              -       200000000  128        DISABLED     DISCARDING   2          ED
  port10             -       200000000  128        DISABLED     DISCARDING   2          ED
  port13             -       200000000  128        DISABLED     DISCARDING   2          ED
  port14             -       200000000  128        DISABLED     DISCARDING   2
  port15             -       200000000  128        DISABLED     DISCARDING   2          ED
  port16             -       200000000  128        DISABLED     DISCARDING   2          ED
  port17             -       200000000  128        DISABLED     DISCARDING   2          ED
  port18             -       200000000  128        DISABLED     DISCARDING   2          ED
  port19             -       200000000  128        DISABLED     DISCARDING   2          ED
  port20             -       200000000  128        DISABLED     DISCARDING   2          ED
  port21             -       200000000  128        DISABLED     DISCARDING   2          ED
  port22             -       200000000  128        DISABLED     DISCARDING   2          ED
  port23             -       200000000  128        DISABLED     DISCARDING   2          ED
  port24             -       200000000  128        DISABLED     DISCARDING   2          ED
  port25             -       200000000  128        DISABLED     DISCARDING   2          ED
  port26             -       200000000  128        DISABLED     DISCARDING   2          ED
  port27             -       200000000  128        DISABLED     DISCARDING   2          ED
  port28             -       200000000  128        DISABLED     DISCARDING   2          ED
  internal           1G      20000      128        DESIGNATED   FORWARDING   2          ED
  Lag-1              100M    200000     128        ALTERNATIVE  DISCARDING   2          EN

  Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
  RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
  MV(PVST Port Vlan Mismatch)

Case 2: FortiSwitch as Root Bridge.
If a FortiSwitch should be the root bridge, the Cisco switch's VLAN 1 priority must be lower than the priorities of other VLANs on the Cisco switch. Additionally, the FortiSwitch's STP priority should be lower (lower numerical value) than the Cisco Switch's priority.
 
Cisco Switch Configurations:
 
Switch#show running-config | include spanning
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
spanning-tree vlan 10,20 priority 8192

FortiSwitch Configurations:
 
config switch stp instance
    edit "0"
        set priority 0
end

Convergence on FortiSwitch:
Switch-1:
 
diagnose stp instance list

MST Instance Information, primary-Channel:

Instance ID 0 (CST)
  Config         Priority 0
                 Bridge MAC 704ca57937ac, MD5 Digest ac36177f50283cd4b83821d8ab26de62

  Root           MAC 704ca57937ac, Priority 0, Path Cost 0, Remaining Hops 20 <- Root bridge mac-address 704ca57937ac.
                 (This bridge is the root)

  Regional Root  MAC 704ca57937ac, Priority 0, Path Cost 0
                 (This bridge is the regional root)

  Active Times   Forward Time 15, Max Age 20, Remaining Hops 20

  TCN Events     Triggered 12 (0d 0h 0m 1s ago), Received 139 (0d 0h 0m 39s ago)

  Port               Speed   Cost       Priority   Role         State        HelloTime  Flags
  ________________   ______  _________  _________  ___________  __________   _________  _______________

  port1              100M    200000     128        DESIGNATED   FORWARDING   2          EN
  port2              -       200000000  128        DISABLED     DISCARDING   2          ED
  port3              -       200000000  128        DISABLED     DISCARDING   2          ED
  port4              -       200000000  128        DISABLED     DISCARDING   2          ED
  port5              -       200000000  128        DISABLED     DISCARDING   2          ED
  port6              -       200000000  128        DISABLED     DISCARDING   2          ED
  port7              -       200000000  128        DISABLED     DISCARDING   2          ED
  port8              -       200000000  128        DISABLED     DISCARDING   2          ED
  port9              -       200000000  128        DISABLED     DISCARDING   2          ED
  port10             -       200000000  128        DISABLED     DISCARDING   2          ED
  port13             -       200000000  128        DISABLED     DISCARDING   2          ED
  port14             -       200000000  128        DISABLED     DISCARDING   2
  port15             -       200000000  128        DISABLED     DISCARDING   2          ED
  port16             -       200000000  128        DISABLED     DISCARDING   2          ED
  port17             -       200000000  128        DISABLED     DISCARDING   2          ED
  port18             -       200000000  128        DISABLED     DISCARDING   2          ED
  port19             -       200000000  128        DISABLED     DISCARDING   2          ED
  port20             -       200000000  128        DISABLED     DISCARDING   2          ED
  port21             -       200000000  128        DISABLED     DISCARDING   2          ED
  port22             -       200000000  128        DISABLED     DISCARDING   2          ED
  port23             -       200000000  128        DISABLED     DISCARDING   2          ED
  port24             -       200000000  128        DISABLED     DISCARDING   2          ED
  port25             -       200000000  128        DISABLED     DISCARDING   2          ED
  port26             -       200000000  128        DISABLED     DISCARDING   2          ED
  port27             -       200000000  128        DISABLED     DISCARDING   2          ED
  port28             -       200000000  128        DISABLED     DISCARDING   2          ED
  internal           1G      20000      128        DESIGNATED   FORWARDING   2          ED
  Lag-1              100M    200000     128        DESIGNATED   FORWARDING   2          EN

  Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
  RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
  MV(PVST Port Vlan Mismatch)

Switch-2:
 
diagnose stp instance list

MST Instance Information, primary-Channel:

Instance ID 0 (CST)
  Config         Priority 0
                 Bridge MAC 80802c0a7364, MD5 Digest ac36177f50283cd4b83821d8ab26de62

  Root           MAC 704ca57937ac, Priority 0, Path Cost 200000, Remaining Hops 20    <---- Root bridge mac-address 704ca57937ac

  Regional Root  MAC 80802c0a7364, Priority 0, Path Cost 0, Root Port LAG-1

  Active Times   Forward Time 15, Max Age 20, Remaining Hops 20

  TCN Events     Triggered 10 (0d 0h 19m 9s ago), Received 59 (0d 0h 1m 5s ago)

  Port               Speed   Cost       Priority   Role         State        HelloTime  Flags
  ________________   ______  _________  _________  ___________  __________   _________  _______________

  port1              100M    200000     128        ALTERNATIVE  DISCARDING   2          EN
  port2              -       200000000  128        DISABLED     DISCARDING   2          ED
  port3              -       200000000  128        DISABLED     DISCARDING   2          ED
  port4              -       200000000  128        DISABLED     DISCARDING   2          ED
  port5              -       200000000  128        DISABLED     DISCARDING   2          ED
  port6              -       200000000  128        DISABLED     DISCARDING   2          ED
  port7              -       200000000  128        DISABLED     DISCARDING   2          ED
  port8              -       200000000  128        DISABLED     DISCARDING   2          ED
  port9              -       200000000  128        DISABLED     DISCARDING   2          ED
  port10             -       200000000  128        DISABLED     DISCARDING   2          ED
  port13             -       200000000  128        DISABLED     DISCARDING   2          ED
  port14             -       200000000  128        DISABLED     DISCARDING   2          ED
  port15             -       200000000  128        DISABLED     DISCARDING   2          ED
  port16             -       200000000  128        DISABLED     DISCARDING   2          ED
  port17             -       200000000  128        DISABLED     DISCARDING   2          ED
  port18             -       200000000  128        DISABLED     DISCARDING   2          ED
  port19             -       200000000  128        DISABLED     DISCARDING   2          ED
  port20             -       200000000  128        DISABLED     DISCARDING   2          ED
  port21             -       200000000  128        DISABLED     DISCARDING   2          ED
  port22             -       200000000  128        DISABLED     DISCARDING   2          ED
  port23             -       200000000  128        DISABLED     DISCARDING   2          ED
  port24             -       200000000  128        DISABLED     DISCARDING   2          ED
  port25             -       200000000  128        DISABLED     DISCARDING   2          ED
  port26             -       200000000  128        DISABLED     DISCARDING   2          ED
  port27             -       200000000  128        DISABLED     DISCARDING   2          ED
  port28             -       200000000  128        DISABLED     DISCARDING   2          ED
  internal           1G      20000      128        DESIGNATED   FORWARDING   2          ED
  LAG-1              100M    200000     128        ROOT         FORWARDING   2          EN

  Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
  RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
  MV(PVST Port Vlan Mismatch)

Cisco Convergence:
 
  Switch#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    0
             Address     704c.a579.37ac    <---- Root bridge mac-address 704ca57937ac.
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)
             Address     0014.a859.c880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 19        128.1    Shr
Fa0/5               Desg FWD 19        128.5    P2p

Switch#
Switch#
Switch#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    0
             Address     704c.a579.37ac
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    8202   (priority 8192 sys-id-ext 10)
             Address     0014.a859.c880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 19        128.1    Shr
Fa0/5               Desg FWD 19        128.5    P2p

Switch#show spanning-tree vlan 20

VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    0
             Address     704c.a579.37ac
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8212   (priority 8192 sys-id-ext 20)
             Address     0014.a859.c880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 19        128.1    Shr
Fa0/5               Desg FWD 19        128.5    P2p
780
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.