Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Samsy21
New Contributor

Created on ‎10-25-2025 05:09 AM

Spanningtree Problem Using FortiLink and Cisco Switches

Hello Forum,

 

im trying to setup FortiLink in this setup:

 

Fortigate <-> Cisco Switch <-> FortiSwitch

 

I get the FortiSwitch up and running, connecting through the Cisco Switch with native VLAN set to the FortiSwitch VLAN.

The Switch is fully manageable through the FortiGate -- Great Success!!

 

But i facing the issue if Im connecting a second interface to the FortiSwitch and Cisco Switch.

 

I wanted to setup this connection for redundancy so the topology would look like this:

Cisco-Forti.png

 

If im connecting the second Port of the Portchannel to the FortiSwitch, the link is starting flapping on the cisco site..

 

Is there maybe a problem with spanningtree oder port-profiles on the FortiSite?

 

Does anybody of you had this problem earlier?

We have to deploy this enviroment, because we cant change our distribution switch right now.

 

Thank you!

Labels:
179
0 Kudos
2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Created on ‎10-27-2025 10:13 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
143
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎10-29-2025 02:34 AM

Hello,

 

To address spanning tree problems when using FortiLink with Cisco switches, follow these steps:

  1. Check Protocol Compatibility:

    • Ensure that the spanning tree protocols used on both FortiSwitch and Cisco switches are compatible. FortiSwitch typically uses MSTP, while Cisco switches may use RPVST+. This can lead to convergence issues.

  2. Configuration Adjustments:

    • On the Cisco switch, configure the spanning tree mode to match the FortiSwitch configuration. For example, if using MSTP on FortiSwitch, consider configuring MSTP on the Cisco switch as well.
    • Ensure VLAN priorities are set correctly. If the Cisco switch should be the root bridge, its VLAN 1 STP priority must be higher than other VLANs.

  3. Verify Port Settings:

    • On FortiSwitch, ensure that the ports connected to the Cisco switch have the correct VLANs allowed and that the edge-port setting is disabled if not directly connected to end devices.
    • Enable RPVST+ on the FortiSwitch port if necessary.

  4. Monitor and Troubleshoot:

    • Use diagnostic commands on both FortiSwitch and Cisco switches to monitor STP status and identify any misconfigurations.
    • Commands like show spanning-tree on Cisco and diag stp instance list on FortiSwitch can provide insights into the current STP topology and root bridge status.

By ensuring protocol compatibility and correct configuration, you can resolve most spanning tree issues between FortiLink and Cisco switches.

Anthony-Fortinet Community Team.
102
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.