Fortinet black logo

Administration Guide

Support for interoperation with Rapid per-VLAN RSTP (Rapid PVST+ or RPVST+)

Support for interoperation with Rapid per-VLAN RSTP (Rapid PVST+ or RPVST+)

Starting in FortiSwitchOS 6.2.2, FortiSwitch units can now interoperate with a network that is running RPVST+. The existing networkʼs configuration can be maintained while adding FortiSwitch units as an extended region.

When an MSTP domain is connected with an RPVST+ domain, FortiSwitch interoperation with the RPVST+ domain works in two ways:

  • If the root bridge for the CIST is within an MSTP region, the boundary FortiSwitch unit of the MSTP region duplicates instance 0 information, creates one BPDU for every VLAN, and sends the BPDUs to the RPVST+ domain.

    In this case, follow this rule: If the root bridge for the CIST is within an MSTP region, VLANs other than VLAN 1 defined in the RPVST+ domains must have their bridge priorities worse (numerically greater) than that of the CIST root bridge within MSTP region.

  • If the root bridge for the CIST is within an RPVST+ domain, the boundary FortiSwitch unit processes only the VLAN 1 information received from the RPVST+ domain. The other BPDUs (VLANs 2 and above) sent from the connected RPVST+ domain are used only for consistency checks.

    In this case, follow this rule: If the root bridge for the CIST is within the RPVST+ domain, the root bridge priority of VLANs other than VLAN 1 within that domain must be better (numerically less) than that of VLAN 1.

Configuring Rapid PVST or RPVST+ interoperation support

Using the CLI:

Enable the RPVST+ interoperation support on the appropriate switch port or trunk.

config switch interface

edit <interface_name>

set allowed-vlans <one or more VLANs> // The VLANs must be configured for RSTP.

set rpvst-port enabled

next

end

For example, to enable RPVST+ interoperation support on port 9:

config switch interface

edit "port9"

set allowed-vlans 10,20

set rpvst-port enabled

next

end

For example, to enable RPVST+ interoperation support on trunk 1:

config switch interface

edit "trunk1"

set allowed-vlans 10,20

set rpvst-port enabled

next

end

Note: A maximum of 16 VLANs is supported; the maximum number of VLANs includes native VLANs. You must configure the same VLANs as those used in the RPVST+ domain.

Viewing the configuration

Use one of the following commands to check your configuration and to diagnose any problems.

  • diagnose stp instance list

    If either rule is violated, the RPVST port is flagged with “IC” in the command output, and the port is in the Discard state.

    If the VLANs used by the RPVST+ domain are not all within the VLAN range configured on the RPVST port, an “MV” flag is displayed in the command output. NOTE: Only the ports in instance 0 show this flag.

  • diagnose stp rapid-pvst-port list

    This command shows the status of one port or all ports. If any of the ports is in the “IC” state, the command output gives the reason: VLAN priority inconsistent, VLAN configuration mismatch, or both.

  • diagnose stp rapid-pvst-port clear

    This command clears all flags and timers on the RPVST+ port.

Support for interoperation with Rapid per-VLAN RSTP (Rapid PVST+ or RPVST+)

Support for interoperation with Rapid per-VLAN RSTP (Rapid PVST+ or RPVST+)

Starting in FortiSwitchOS 6.2.2, FortiSwitch units can now interoperate with a network that is running RPVST+. The existing networkʼs configuration can be maintained while adding FortiSwitch units as an extended region.

When an MSTP domain is connected with an RPVST+ domain, FortiSwitch interoperation with the RPVST+ domain works in two ways:

  • If the root bridge for the CIST is within an MSTP region, the boundary FortiSwitch unit of the MSTP region duplicates instance 0 information, creates one BPDU for every VLAN, and sends the BPDUs to the RPVST+ domain.

    In this case, follow this rule: If the root bridge for the CIST is within an MSTP region, VLANs other than VLAN 1 defined in the RPVST+ domains must have their bridge priorities worse (numerically greater) than that of the CIST root bridge within MSTP region.

  • If the root bridge for the CIST is within an RPVST+ domain, the boundary FortiSwitch unit processes only the VLAN 1 information received from the RPVST+ domain. The other BPDUs (VLANs 2 and above) sent from the connected RPVST+ domain are used only for consistency checks.

    In this case, follow this rule: If the root bridge for the CIST is within the RPVST+ domain, the root bridge priority of VLANs other than VLAN 1 within that domain must be better (numerically less) than that of VLAN 1.

Configuring Rapid PVST or RPVST+ interoperation support

Using the CLI:

Enable the RPVST+ interoperation support on the appropriate switch port or trunk.

config switch interface

edit <interface_name>

set allowed-vlans <one or more VLANs> // The VLANs must be configured for RSTP.

set rpvst-port enabled

next

end

For example, to enable RPVST+ interoperation support on port 9:

config switch interface

edit "port9"

set allowed-vlans 10,20

set rpvst-port enabled

next

end

For example, to enable RPVST+ interoperation support on trunk 1:

config switch interface

edit "trunk1"

set allowed-vlans 10,20

set rpvst-port enabled

next

end

Note: A maximum of 16 VLANs is supported; the maximum number of VLANs includes native VLANs. You must configure the same VLANs as those used in the RPVST+ domain.

Viewing the configuration

Use one of the following commands to check your configuration and to diagnose any problems.

  • diagnose stp instance list

    If either rule is violated, the RPVST port is flagged with “IC” in the command output, and the port is in the Discard state.

    If the VLANs used by the RPVST+ domain are not all within the VLAN range configured on the RPVST port, an “MV” flag is displayed in the command output. NOTE: Only the ports in instance 0 show this flag.

  • diagnose stp rapid-pvst-port list

    This command shows the status of one port or all ports. If any of the ports is in the “IC” state, the command output gives the reason: VLAN priority inconsistent, VLAN configuration mismatch, or both.

  • diagnose stp rapid-pvst-port clear

    This command clears all flags and timers on the RPVST+ port.