Hi all, 

I hope you're well. 

I have 4 x FortiSwitch 448E-FPOE devices with two operating as MCLAG peers and the remaining two switches connecting via MCLAG ISL trunks. The switches are currently running version: FortiSwitch-448E-FPOE v7.4.2,build0801,231207 (GA). These switches terminate links to our redundant data centres housing Cisco infrastructure operating RPVST+. 

From reviewing the Fortinet documentation, this should have been as simple as setting the set rpvst-port enable command but despite the FortiSwitch receiving BPDU’s from the Cisco environment and displaying the correct root bridge within the RPVST+ domain the FortiSwitch wasn’t sending any traffic over the intersite link correctly. This meant that we couldn’t receive any network services (DHCP, DNS etc) and get any connectivity on-site and having reviewed the port stats we were getting a lot of TX discards.

We also tried to establish a trunk of which was established succesfully but would not pass traffic. Initially on the port connected to the Cisco environment we had the following flags: IC(PVST Port Inconsistent), MV(PVST Port Vlan Mismatch) the latter was resolved by ensuring the allowed-vlans matched both ends however, despite the native/allowed VLAN’s matching both sides of the link we could still see the IC(PVST Port Inconsistent) in the STP instance and no matter what we tried it remained. Because of the interoperability issues with the Cisco STP domain we’ve had to run this off a single link and disable spanning-tree which despite not being ideal was the only way connectivity could be gained.

Has anyone experienced these issues before interoperating FortiSwitch STP with Cisco and have any ideas  solution we could apply? I’m thinking this could potentially be a bug and perhaps a software downgrade would resolve the issue but unsure on what the best version to downgrade to would be. If anyone can recommend a stable version for me to apply, I will give this a go. 

Many thanks, 

Dan_Eng52