Fortinet Community

Donnie_Brasco · ‎12-05-2022

Hi

I have a problem with spanning tree and ports being disabled. I don't know what to do and it is annoying me at times and prevents me from working. Maybe someone has an idea for further debugging.

My client (macOS) is directly connected to a FortiSwitch (124E), which in turn is directly connected to my 40F (trunk). There are some VLAN configured. Occasionally, the port (port20) my client is on gets disabled every few seconds and I lose connectivity.

FortiOS is on 7.0.8 and FortiSwitch 7.0.5. The network setup is very simple.

            +-----------+              +-----------+              +---------+
            |           +--------------+           |              |         |
WAN +-------+    40F    |    TRUNK     |   124E    +--------------+   MAC   |
            |           +--------------+           |              |         |
            +-----------+              +-----------+              +---------+

The error messages are as follows:

primary switch port port20 has gone down
primary port port20 instance 0 changed role from designated to disabled
primary port port20 instance 0 changed state from forwarding to discarding
primary switch port port20 has come up
primary port port20 instance 0 changed role from disabled to designated

What I have tried so far:

Various FortiSwitch port settings (STP, BPDU Guard, Root & Loop Guard, disable, etc.).
Disabling the trunk to the FortiGate (connectivity only via one link).
set the speed settings to "1Gbits only" or "auto
disable the WLAN interface (Ethernet only) on the client
various reboots
firmware upgrades (FTG and switch)

The error also occurred with other firmware. On the client there is a desktop hypervisor (Fusion) and one VM in bridge mode, but it is disabled. I am not sure if this could have an impact but it does not fit together in time

Any ideas for further debugging?

Thanks in advance.

distillednetwork · ‎12-05-2022

I don't think the spanning tree messages are anything more than the normal changes to STP state when the port goes down and up. How do you recover, do you enable the port again from the software or unplug it?

The only other item I could think of is if you have not tested it, disable Edge Port on port20. If the port is going up and down constantly or numerous times in a minute, you may also want to test the physical cables to verify they are good.

Donnie_Brasco · ‎12-05-2022

Thank you, distillednetwork. I should have mentioned that I also changed the physical ports on the switch and the cable already. The port is usually back online after a couple of seconds by itself. Sometimes only to be switched off again directly...

I'm not sure if I had already disabled Edge Port, but felt that I had already tried every setting imaginable. I have now disabled all features once and observe what happens.

Donnie_Brasco · ‎12-08-2022

The logs still show up and the port gets disabled. Absolutely no security features (STP) are active on the port at the moment.

Any ideas?

sachitdas_FTNT · ‎01-03-2023

Hi,

From what I understand is the issue specific to Macbook? Do other devices like windows laptops also witness the same problem?

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support

Donnie_Brasco · ‎01-03-2023

Hi Sachit

Thanks for your reply.

It almost looks like that's a common factor. The problem occurs on my Macmini (personal) as well as on my Macbook Pro (business). However, I don't have any other desktop PCs that I use (except a virtualized Windows desktop, which I start only every few weeks). Everything else are servers (Linux).

I had already switched off WiFi on the devices, as I suspected a roaming problem. All without success.

Do you know of any other such problems with macOS?

Best,

Donnie

Fortinet Community

FortiSwitch: Spanning Tree Issue - Port disabled