STP (Spanning Tree Protocol) - Step by Step

Configuration Tutorial
Introduction:

Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on switches. It was first introduced as CST (Common
Spanning Protocol) then IEEE introduced its advanced version as STP with specification IEEE 802.1D. The main purpose
of STP is to ensure that switches do not create loops when they have redundant paths in a network.

Concepts:

STP runs by default on switches that are 802.1D-compliant. STP implement on switches in order to prevent loops in the
network. We use redundant links as backups in the case of a failover in a network. A failure of your primary links activates
the backup links so that users can continue to use the network, but without STP on the switches, such a failure can result
in a loop.

Diagram:

In this topology, a redundant link is in between Switch 1 and Switch 2. However, this setup can create the possibility of a
loop. For example, when a broadcast or multicast packet travels from PC-1 to PC-2 it can simply continue to circulate
between both switches.
1
 But, when STP runs on both switches, the network logically looks like this:
2

Image not found or type unknown

Description of Technology:

In order to provide this path redundancy, as well as to avoid loops, STP forces redundant data paths into a standby
(blocked) state and leaves other paths in a forwarding state. If a link in the forwarding state becomes unavailable, STP
reconfigures the network and reroutes data paths through the activation of the appropriate standby path.

In STP first all the switches in the network elect a root bridge that becomes the centre point in the network. All other
decisions in the network, such as which port to block and which port to put in forwarding mode are made by this root
bridge.

i. Root Bridge: All the switches exchange their information for use in the root bridge selection. Bridge protocol data units
(BPDUs) carry this information. Each switch compares these parameters in the BPDU that the switch sends to a
neighbour with the parameters in the BPDU that the switch receives from the neighbour.

How is Root Bridge elected?

Root Bridge is elected on the basis of Bridge ID

Bridge ID – It is made up of two parts:

Priority (2 bytes) - by default 32768

MAC Address (6 bytes) Lower is preferred.

In the root bridge selection process, less is better. If Switch A advertises a bridge ID that is a lower number than the
bridge ID that Switch B advertises, then the information from Switch A is better. Switch B stops the advertisement of its
bridge ID and accepts the bridge ID of Switch A.

Note: Nowadays we find priority in switches is 32769. It is a combination of bridge priority and VLAN id. Like for VLAN 1,
the priority will be 32769=32768+1(for VLAN id 1).

ii. Non-Root Bridge:

It is not a root bridge and a non-root bridge finds one best path to reach root bridge and this port is known as Root-Port
and block all its alternative paths towards root bridge. Every non-root bridge has only one root port.

iii. Root-port: Root Port is that port which is always available on non-root switches. There are few criteria to elect root
port.

1. Path Cost: STP calculates the path cost based on the media speed (bandwidth) of the links between switches.
Spanning tree selects the root port based on the path cost. The port with the lowest path cost to the root bridge becomes
the root port. The root port is always in the forwarding state.

STP path cost (by IEEE):

Ethernet- 100

Fast Ethernet- 19

1 Gigabit Ethernet- 4

10 Gigabit Ethernet- 2

2. Port Priority: It determines the best path when multiple links are used between two switches. The path cost of a link is
determined by the bandwidth of a link, and when multiple links of the same bandwidth are connected then this port priority
is the deciding factor used by every bridge to find the most efficient path to the root bridge.

Port Priority – 128 (by default)

3. Port Number: Every switch port has its own unique port number. When the path cost and port priority are same on
both the switches then this port number will be the tie breaker. The port having lower number will be preferred. We always
check the port number on root bridge and that link on a non-root bridge which is directly connected to the lower port
number of root bridge will be our root port.

iv. Designated Ports: Designated ports are those ports from where Root Bridge forward BPDU’s. Only designated ports
have the capability to send BPDU messages to each switch in its segment. Every 2 seconds root bridge sends BPDU’s to
its neighbour. Every link segment has a designated port.

v. BPDU(Bridge Protocol Data Unit): BPDUs are frames that contain information about the Spanning tree protocol
(STP). BPDUsare exchanged across the switches within a LAN that uses a spanning tree protocol topology. BPDU
packets contain information of route bridge id, route ports, priorities and costs and ensure that the data ends up where it
was intended to go.

vi. Blocked port: Blocked ports are those ports which always present on the non-root bridge. Any active port that is not a
root port or a designated port is a blocked port. A blocked port won’t forward frames in order to prevent loops. A blocked
port will always listen to BPDU frames from neighbor switches, but it will drop any other frames received and will never
transmit a frame.

Step-by-Step Instructions:

Step-1: In above scenario, Switch 1 is the best choice for the root switch of the network because Switch 1 has the lower
bridge-id.

switch1#sh spanning-tree VLAN 1

VLAN0001

Spanning tree enabled protocol IEEE

Root ID Priority 32769

Address 0060.3E14.939D

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0060.3E14.939D

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Step-2: Here, on switch 2 when we give command show spanning-tree VLAN 1, then:

switch2#sh spanning-tree VLAN 1

VLAN0001

Spanning tree enabled protocol IEEE

Root ID Priority 32769

Address 0060.3E14.939D
Cost 19

Port 2(FastEthernet0/2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 00D0.5875.83A9

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Altn BLK 19 128.2 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Here on switch2, we can easily see that switch1 is the root bridge because it has lower priority and all the ports of switch1
are designated ports while in the case of switch2 port no 1 and port no 2 which are directly connected to switch 1 has one
in a forwarding state while another one in the blocking state.

Step-3: If we want to change priority of switch-2, we can by giving this command:

switch2(config)#spanning-tree VLAN 1 priority 4096

With the help of this command, we can decrease the priority of sw-2 and make it our root bridge.

switch2#sh spanning-tree VLAN 1

VLAN0001

Spanning tree enabled protocol IEEE

Root ID Priority 4097

Address 00D0.5875.83A9

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4097 (priority 4096 sys-id-ext 1)

Address 00D0.5875.83A9

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg LSN 19 128.2 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Step-4: If you want to change your blocked port into root port, you can change it. How?

1. First go to your root bridge.

2. Then decrease the port priority of that designated port which is directly connected to the blocked port.

Like in this scenario:

switch2(config)#interface fastEthernet 0/2

switch2(config-if)#spanning-tree VLAN 1 port-priority 16

1. Then go to your non-root bridge and give command: show spanning-tree VLAN 1

switch1#sh spanning-tree VLAN 1

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Altn BLK 19 128.1 P2p

Fa0/2 Root FWD 19 128.2 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Spanning-tree Port States:

The ports on a switch which running IEEE 802.1d STP can change from one state to another through five different states:

Disabled: In this state, the port is in administratively disabled state and it will not participate in frame forwarding or STP.
In the disabled state, the port is virtually non-operational.

Blocking: A blocked port won’t forward frames in order to prevent loops. A blocked port will always listen to BPDU frames
from neighbour switches, but it will drop any other frames received and will never transmit a frame. The purpose of the
blocking state is to prevent the use of looped paths.

Listening: In this state, ports will listen to BPDUs and will send BPDUs but will not learn MAC address. A port in listening
state prepares itself to forward data frames without populating the MAC address table. It will take 15 seconds from
listening to learning state.

Learning: In learning state, ports listens to BPDUs and learns MAC address. A port in learning state populates the MAC
address table but still doesn’t forward data frames. From learning to forwarding mode, it will take 15 seconds by default

Forwarding: This port sends and receives all data. If the port is a designated or root port at the end of the learning state,
it will enter into the forwarding state.

What are Portfast, Uplinkfast and Backbone fast?

Portfast: Portfast enables access ports on a switch to enter directly into spanning tree forwarding state, bypassing the
listening and learning states. If we enable PortFast on a port that is connected to another Layer 2 device, such as the
switch, there will be chances of network loops.

If we have end-devices like server or desktops connected to a switch that are totally sure will not create a switching loop
if STP is disabled, we can use PortFast on these ports. With this tool, the port won’t spend a time to come up into blocking
to forwarding state while STP is converging.

Uplinkfast: When we have multiple links connected between different switches then only one of which is forwarding at
any given time. UplinkFast provides fast convergence after spanning tree topology change. The uplink group provides an
alternate path in case current forwarding link fails. The uplink group is a set of ports consists of the root port (which is
forwarding) and a set of blocked ports.

Example: In this topology, Switch A is the root switch and it is directly connected to Switch B with link L1 and Switch C is
directly connected with link L2. The port on Switch C is connected to Switch B with link L3 and it is in blocking state.

Topology- Uplink-1
corrected

Image not found or type unknown

Topology-: uplink-2

If Switch C detects a direct link failure on the currently active link L2 then the port which was in blocking state earlier will
first go to listening, learning state and then forwarding state
corrected2

Image not found or type unknown

Topology-:uplink-3

But if we enable UplinkFast, the blocked port on Switch C, enters into forwarding state immediately, without transitioning
the port through the listening and learning states.
corrected3
Backbonefast:
The BackboneFast decreases the convergence time of the Spanning Tree Protocol (STP) when an Indirect link (failure of
a link to which the switch is not directly connected) failure, anywhere in the Spanning Tree Protocol (STP) Topology.
corrected4

Image not found or type unknown

In this topology, the link between switch-2 and switch-1 (root-bridge) has failed and the link between sw-2 and sw-1 is not
a direct link for Switch-3.

When the switch-2 detects the link failure it will invalidate the best BPDU’s stored for its port connecting to sw1(root
bridge).After invalidation of BPDU’s from switch-1, Switch-2 will think itself as the root bridge of the STP because now it
does not have the information of sw-1 since no other ports are receiving BPDU’s from root bridge.

Now sw-2 will start sending inferior BPDU’s to sw-3.

Inferior BPDU-: A BPDU is considered inferior if the information of root- bridge contained in it is worst when compared to
the information which is coming from original root bridge. Switches can identify inferior BPDUs from higher Bridge ID
included in the inferior BPDU. A Switch with higher Bridge ID cannot become the Root Bridge.

Now, the BPDU’s sent from switch-2 is inferior for switch-3, because it is still receiving better BPDU’s from the current root-
bridge (switch-1).

When sw-3 start receiving inferior BPDU’s at its interface from Sw-2, switch-3 would ignore the inferior information until
the BPDU’s stored with the blocked port expires max age timer (20 seconds).

When the max-age timer expires, and the Switch-3 is still receiving inferior BPDUs from sw2, sw3 will start responding to
the inferior BPDUs. The port in sw3, which received the inferior BPDUs from sw2, will move to Listening State, and sw3
will start passing sw1 (Root Bridge) BPDUs to sw2(since the BPDUs from sw1 are superior compared to the BPDUs from
SW2).

Now, sw2 will start getting the original BPDUs from the Root Switch (Root Bridge) and move its port through Listening
State and Learning State and finally Forwarding State. Both sw3 and sw2 will move their ports into forwarding states and
re-establishing the lost connectivity.

Therefore, the time required to re-establish an indirect link failure is (max age timer + listening +learning) which is too high
for current network applications.

If Backbone Fast is enabled in the network, Spanning Tree Protocol (STP) behaves as below: When sw-3 receives an
inferior BPDU from sw-2, it will send a Root Link Query (RLQ) PDU on all non-designated ports (except the port where it
received the inferior BPDU) to hear that the Root Switch (Root Bridge) is available or not.

The port on which sw-3 received the inferior BPDU from sw-2 is also excluded because that path is already failed.

When a Root Link Query (RLQ) response is received on a port and if the answer is negative then the port lost its
connection to the root and you can age out its BPDU. If all other non-designated ports received a negative answer, then
Switch-3 has lost connection to Root Switch (Root Bridge) and can start the Spanning Tree Protocol (STP)calculation
from beginning.

But, if sw3 receives any positive response, it will assume the current Root Switch (Root Bridge) is still reachable. In our
case, sw3 will receive a positive response from sw-1(root-bridge) then it will start relaying sw-1 (Root Bridge), BPDUs to
sw-2.

Backbone Fast is pro-active (by using Root Link Query (RLQ) and when Backbone fast is implemented, it can minimize
the max age timer interval. By enabling Backbone fast, the max age timer can be skipped and the delay is minimized from
50 seconds to 30 seconds.