Fortinet white logo
Fortinet white logo

Handbook

6.0.0

STP forwarding

STP forwarding

A FortiGate doesn't participate in the Spanning Tree Protocol (STP). STP is an IEEE 802.1 protocol that ensures there are no layer-2 loops on the network. Loops are created when there is more than one route for traffic to take and that traffic is broadcast back to the original switch. This loop floods the network with traffic, reducing available bandwidth to nothing.

If you use a FortiGate in a network topology that relies on STP for network loop protection, you need to make changes to the FortiGate configuration. Otherwise, STP recognizes the FortiGate as a blocked link and forwards the data to another path. By default, the FortiGate blocks STP as well as other non-IP protocol traffic.

Using the CLI, you can enable forwarding of STP and other layer-2 protocols through the interface. In this example, layer-2 forwarding is enabled on the external interface:

config system interface

edit external

set l2forward enable

set stpforward enable

next

end

By substituting different commands for stpforward enable, you can also allow layer-2 protocols, such as IPX, PPTP, or L2TP, to be used on the network.

STP support for FortiGate models with hardware switches

STP (Spanning Tree Protocol) used to be available only on the old style switch mode for the internal ports. You can now activate STP on the hardware switches found in the newer FortiGate models. These models use a virtual switch to simulate the old switch mode for the internal ports.

To enable STP - CLI:

config system interface

edit lan

set stp {enable | disable}

next

end

STP forwarding

STP forwarding

A FortiGate doesn't participate in the Spanning Tree Protocol (STP). STP is an IEEE 802.1 protocol that ensures there are no layer-2 loops on the network. Loops are created when there is more than one route for traffic to take and that traffic is broadcast back to the original switch. This loop floods the network with traffic, reducing available bandwidth to nothing.

If you use a FortiGate in a network topology that relies on STP for network loop protection, you need to make changes to the FortiGate configuration. Otherwise, STP recognizes the FortiGate as a blocked link and forwards the data to another path. By default, the FortiGate blocks STP as well as other non-IP protocol traffic.

Using the CLI, you can enable forwarding of STP and other layer-2 protocols through the interface. In this example, layer-2 forwarding is enabled on the external interface:

config system interface

edit external

set l2forward enable

set stpforward enable

next

end

By substituting different commands for stpforward enable, you can also allow layer-2 protocols, such as IPX, PPTP, or L2TP, to be used on the network.

STP support for FortiGate models with hardware switches

STP (Spanning Tree Protocol) used to be available only on the old style switch mode for the internal ports. You can now activate STP on the hardware switches found in the newer FortiGate models. These models use a virtual switch to simulate the old switch mode for the internal ports.

To enable STP - CLI:

config system interface

edit lan

set stp {enable | disable}

next

end