C H A P T E R 8

Configuring Spanning Tree Protocol

This chapter descibes how to configure Spanning Tree Protocol (STP) on your access point. This chapter
contains these sections:
• Understanding Spanning Tree Protocol, page 8-14
• Configuring STP Features, page 8-20
• Displaying Spanning-Tree Status, page 8-26

Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS
Command Reference for Access Points and Bridges for this release.

Note STP is available only when the access point is in bridge mode.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-13
 Chapter 8 Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol

Understanding Spanning Tree Protocol

This section describes how spanning-tree features work. It includes this information:
• STP Overview, page 8-14
• Access Point/Bridge Protocol Data Units, page 8-15
• Election of the Spanning-Tree Root, page 8-16
• Spanning-Tree Timers, page 8-17
• Creating the Spanning-Tree Topology, page 8-17
• Spanning-Tree Interface States, page 8-17

STP Overview
STP is a Layer 2 link management protocol that provides path redundancy while preventing loops in the
network. For a Layer 2 Ethernet network to function properly, only one active path can exist between
any two stations. Spanning-tree operation is transparent to end stations, which cannot detect whether
they are connected to a single LAN segment or to a LAN of multiple segments.
When you create fault-tolerant internetworks, you must have a loop-free path between all nodes in a
network. The spanning-tree algorithm calculates the best loop-free path throughout a Layer 2 network.
Infrastructure devices such as wireless access points and switches send and receive spanning-tree
frames, called bridge protocol data units (BPDUs), at regular intervals. The devices do not forward these
frames but use them to construct a loop-free path.
Multiple active paths among end stations cause loops in the network. If a loop exists in the network, end
stations might receive duplicate messages. Infrastructure devices might also learn end-station MAC
addresses on multiple Layer 2 interfaces. These conditions result in an unstable network.
STP defines a tree with a root bridge and a loop-free path from the root to all infrastructure devices in
the Layer 2 network.

Note STP discussions use the term root to describe two concepts: the bridge on the network that serves as a
central point in the spanning tree is called the root bridge, and the port on each bridge that provides the
most efficient path to the root bridge is called the root port. These meanings are separate from the Role
in radio network setting that includes root and non-root options. A bridge whose Role in radio network
setting is Root Bridge does not necessarily become the root bridge in the spanning tree. In this chapter,
the root bridge in the spanning tree is called the spanning-tree root.

STP forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree
fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology
and activates the standby path.
When two interfaces on a bridge are part of a loop, the spanning-tree port priority and path cost settings
determine which interface is put in the forwarding state and which is put in the blocking state. The port
priority value represents the location of an interface in the network topology and how well it is located
to pass traffic. The path cost value represents media speed.
The access point supports both per-VLAN spanning tree (PVST) and a single 802.1q spanning tree
without VLANs. The access point cannot run 802.1s MST or 802.1d Common Spanning Tree, which
maps multiple VLANs into a one-instance spanning tree.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-14 OL-7690-01
 Chapter 8 Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol

The access point maintains a separate spanning-tree instance for each active VLAN configured on it. A
bridge ID, consisting of the bridge priority and the access point MAC address, is associated with each
instance. For each VLAN, the access point with the lowest access point ID becomes the spanning-tree
root for that VLAN.

350 Series Bridge Interoperability

Cisco Aironet 1300 and 350 Series Bridges are interoperable when STP is enabled and no VLANs are
configured. This configuration is the only one available for the following reasons:
• When STP is disabled, the 350 series bridge acts as a 350 series access point and disallows
association of non-root bridges, including non-root 350, 1200, and 1240AG series access points.
• The 350 series bridge supports only a single instance of STP in both non-VLAN and VLAN
configurations, while the 1300 series bridge has a single instance of STP in non-VLAN
configurations and multiple instances of STP in VLAN configurations.
• Incompatibilities between single and multiple instances of STP can cause inconsistent blocking of
traffic when VLANs are configured. When the native VLAN is blocked, you can experience bridge
flapping.
Therefore, the best configuration for STP interoperability is when the 350 and 1300 series access point
STP feature is enabled and VLANs are not configured.

Note When the 350 and 1300 series access points are configured as workgroup bridges, they can operate with
STP disabled and allow for associations with access points. However, this configuration is not
technically a bridge-to-bridge scenario.

Access Point/Bridge Protocol Data Units

The stable, active spanning-tree topology of your network is determined by these elements:
• The unique access point ID (wireless access point priority and MAC address) associated with each
VLAN on each wireless access point
• The spanning-tree path cost to the spanning-tree root
• The port identifier (port priority and MAC address) associated with each Layer 2 interface
When the access points in a network are powered up, each access point functions as the STP root. The
access points send configuration BPDUs through the Ethernet and radio ports. The BPDUs communicate
and compute the spanning-tree topology. Each configuration BPDU contains this information:
• The unique access point ID of the wireless access point that the sending access point identifies as
the spanning-tree root
• The spanning-tree path cost to the root
• The access point ID of the sending access point
• Message age
• The identifier of the sending interface
• Values for the hello, forward delay, and max-age protocol timers

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-15
 Chapter 8 Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol

When a access point receives a configuration BPDU that contains superior information (lower access
point ID, lower path cost, and so forth), it stores the information for that port. If this BPDU is received
on the root port of the access point, the access point also forwards it with an updated message to all
attached LANs for which it is the designated access point.
If a access point receives a configuration BPDU that contains inferior information to that currently
stored for that port, it discards the BPDU. If the access point is a designated access point for the LAN
from which the inferior BPDU was received, it sends that LAN a BPDU containing the up-to-date
information stored for that port. In this way, inferior information is discarded, and superior information
is propagated on the network.
A BPDU exchange results in these actions:
• One access point is elected as the spanning-tree root.
• A root port is selected for each access point (except the spanning-tree root). This port provides the
best path (lowest cost) when the access point forwards packets to the spanning-tree root.
• The shortest distance to the spanning-tree root is calculated for each access point based on the path
cost.
• A designated access point for each LAN segment is selected. The designated access point incurs the
lowest path cost when forwarding packets from that LAN to the spanning-tree root. The port through
which the designated access point is attached to the LAN is called the designated port.
• Interfaces included in the spanning-tree instance are selected. Root ports and designated ports are
put in the forwarding state.
• All interfaces not included in the spanning tree are blocked.

Election of the Spanning-Tree Root

All access points in the Layer 2 network participating in STP gather information about other access
points in the network through an exchange of BPDU data messages. This exchange of messages results
in these actions:
• The election of a unique spanning-tree root for each spanning-tree instance
• The election of a designated access point for every LAN segment
• The removal of loops in the network by blocking Layer 2 interfaces connected to redundant links
For each VLAN, the access point with the highest access point priority (the lowest numerical priority
value) is elected as the spanning-tree root. If all access points are configured with the default priority
(32768), the access point with the lowest MAC address in the VLAN becomes the spanning-tree root.
The access point priority value occupies the most significant bits of the access point ID.
When you change the access point priority value, you change the probability that the access point will
be elected as the root access point. Configuring a higher value decreases the probability; a lower value
increases the probability.
The spanning-tree root is the logical center of the spanning-tree topology. All paths that are not needed
to reach the spanning-tree root from anywhere in the network are placed in the spanning-tree blocking
mode.
BPDUs contain information about the sending access point and its ports, including access point and
MAC addresses, access point priority, port priority, and path cost. STP uses this information to elect the
spanning-tree root and root port for the network and the root port and designated port for each LAN
segment.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-16 OL-7690-01
 Chapter 8 Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol

Spanning-Tree Timers
Table 8-1 describes the timers that affect the entire spanning-tree performance.

Table 8-1 Spanning-Tree Timers

Variable Description
Hello timer Determines how often the access point broadcasts hello messages to other access points.
Forward-delay timer Determines how long each of the listening and learning states last before the interface begins
forwarding.
Maximum-age timer Determines the amount of time the access point stores protocol information received on an interface.

Creating the Spanning-Tree Topology

In Figure 8-1, bridge 4 is elected as the spanning-tree root because the priority of all the access points
is set to the default (32768) and bridge 4 has the lowest MAC address. However, because of traffic
patterns, number of forwarding interfaces, or link types, bridge 4 might not be the ideal spanning-tree
root. By increasing the priority (lowering the numerical value) of the ideal bridge so that it becomes the
spanning-tree root, you force a spanning-tree recalculation to form a new topology with the ideal bridge
as the spanning-tree root.

Figure 8-1 Spanning-Tree Topology

LAN segment A

Bridge 1 Bridge 2

Bridge 3 Bridge 4
56612

LAN segment B

Spanning-Tree Interface States

Propagation delays can occur when protocol information passes through a wireless LAN. As a result,
topology changes can take place at different times and at different places in the network. When an
interface transitions directly from nonparticipation in the spanning-tree topology to the forwarding state,

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-17
 Chapter 8 Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol

it can create temporary data loops. Interfaces must wait for new topology information to propagate
through the LAN before starting to forward frames. They must allow the frame lifetime to expire for
forwarded frames that have used the old topology.
Each interface on a access point using spanning tree exists in one of these states:
• Blocking—The interface does not participate in frame forwarding.
• Listening—The first transitional state after the blocking state when the spanning tree determines
that the interface should participate in frame forwarding.
• Learning—The interface prepares to participate in frame forwarding.
• Forwarding—The interface forwards frames.
• Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on
the port, or no spanning-tree instance running on the port.
An interface moves through these states:
• From initialization to blocking
• From blocking to listening or to disabled
• From listening to learning or to disabled
• From learning to forwarding or to disabled
• From forwarding to disabled
Figure 8-2 illustrates how an interface moves through the states.

Figure 8-2 Spanning-Tree Interface States

Power-on
initialization

Blocking
state

Listening Disabled
state state

Learning
state

Forwarding
43569

state

When you enable STP on the access point, the Ethernet and radio interfaces go through the blocking state
and the transitory states of listening and learning. Spanning tree stabilizes each interface at the
forwarding or blocking state.
When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this process occurs:
1. The interface is in the listening state while spanning tree waits for protocol information to transition
the interface to the blocking state.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-18 OL-7690-01
 Chapter 8 Configuring Spanning Tree Protocol
Understanding Spanning Tree Protocol

2. While spanning tree waits the forward-delay timer to expire, it moves the interface to the learning
state and resets the forward-delay timer.
3. In the learning state, the interface continues to block frame forwarding as the access point learns
end-station location information for the forwarding database.
4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state,
where both learning and frame forwarding are enabled.

Blocking State
An interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU
is sent to the access point’s Ethernet and radio ports. A access point initially functions as the
spanning-tree root until it exchanges BPDUs with other access points. This exchange establishes which
access point in the network is the spanning-tree root. If there is only one access point in the network, no
exchange occurs, the forward-delay timer expires, and the interfaces move to the listening state. An
interface always enters the blocking state when you enable STP.
An interface in the blocking state performs as follows:
• Discards frames received on the port
• Does not learn addresses
• Receives BPDUs

Note If a access point port is blocked, some broadcast or multicast packets can reach a forwarding port on the
access point and cause the bridging logic to switch the blocked port into listening state momentarily
before the packets are dropped at the blocked port.

Listening State
The listening state is the first state an interface enters after the blocking state. The interface enters this
state when STP determines that the interface should participate in frame forwarding.
An interface in the listening state performs as follows:
• Discards frames received on the port
• Does not learn addresses
• Receives BPDUs

Learning State
An interface in the learning state prepares to participate in frame forwarding. The interface enters the
learning state from the listening state.
An interface in the learning state performs as follows:
• Discards frames received on the port
• Learns addresses
• Receives BPDUs

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-19
 Chapter 8 Configuring Spanning Tree Protocol
Configuring STP Features

Forwarding State
An interface in the forwarding state forwards frames. The interface enters the forwarding state from the
learning state.
An interface in the forwarding state performs as follows:
• Receives and forwards frames received on the port
• Learns addresses
• Receives BPDUs

Disabled State
An interface in the disabled state does not participate in frame forwarding or in the spanning tree. An
interface in the disabled state is nonoperational.
A disabled interface performs as follows:
• Discards frames received on the port
• Does not learn addresses
• Does not receive BPDUs

Configuring STP Features

You complete three major steps to configure STP on the access point:
1. If necessary, assign interfaces and sub-interfaces to bridge groups
2. Enable STP for each bridge group
3. Set the STP priority for each bridge group
These sections include spanning-tree configuration information:
• Default STP Configuration, page 8-20
• Configuring STP Settings, page 8-21
• STP Configuration Examples, page 8-22

Default STP Configuration

STP is disabled by default. Table 8-2 lists the default STP settings when you enable STP.

Table 8-2 Default STP Values When STP is Enabled

Setting Default Value

Bridge priority 32768
Bridge max age 20
Bridge hello time 2
Bridge forward delay 15
Ethernet port path cost 19

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-20 OL-7690-01
 Chapter 8 Configuring Spanning Tree Protocol
Configuring STP Features

Table 8-2 Default STP Values When STP is Enabled (continued)

Setting Default Value

Ethernet port priority 128
Radio port path cost 33
Radio port priority 128

The radio and Ethernet interfaces and the native VLAN on the access point are assigned to bridge group
1 by default. When you enable STP and assign a priority on bridge group 1, STP is enabled on the radio
and Ethernet interfaces and on the primary VLAN, and those interfaces adopt the priority assigned to
bridge group 1. You can create bridge groups for sub-interfaces and assign different STP settings to those
bridge groups.

Configuring STP Settings

Beginning in privileged EXEC mode, follow these steps to configure STP on the access point:

Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface { dot11radio number | fastethernet Enter interface configuration mode for radio or Ethernet
number } interfaces or sub-interfaces.
Step 3 bridge-group number Assign the interface to a bridge group. You can number your
bridge groups from 1 to 255.
Step 4 no bridge-group number spanning-disabled Counteract the command that automatically disables STP for a
bridge group. STP is enabled on the interface when you enter
the bridge n protocol ieee command.
Step 5 exit Return to global configuration mode.
Step 6 bridge number protocol ieee Enable STP for the bridge group. You must enable STP on each
bridge group that you create with bridge-group commands.
Step 7 bridge number priority priority (Optional) Assign a priority to a bridge group. The lower the
priority, the more likely it is that the bridge becomes the
spanning-tree root.
Step 8 end Return to privileged EXEC mode.
Step 9 show spanning-tree bridge Verify your entries.
Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-21
 Chapter 8 Configuring Spanning Tree Protocol
Configuring STP Features

STP Configuration Examples

These configuration examples show how to enable STP on root and non-root access points with and
without VLANs:
• Root Bridge Without VLANs, page 8-22
• Non-Root Bridge Without VLANs, page 8-23
• Root Bridge with VLANs, page 8-23
• Non-Root Bridge with VLANs, page 8-25

Root Bridge Without VLANs

This example shows the configuration of a root bridge with no VLANs configured and with STP enabled:

hostname master-bridge-south
ip subnet-zero
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid tsunami
authentication open
guest-mode
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
no cdp enable
infrastructure-client
bridge-group 1
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface BVI1
ip address 1.4.64.23 255.255.0.0
no ip route-cache
!
ip default-gateway 1.4.0.1
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 priority 9000
!
line con 0
exec-timeout 0 0
line vty 0 4
login
line vty 5 15
login
!
end

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-22 OL-7690-01
 Chapter 8 Configuring Spanning Tree Protocol
Configuring STP Features

Non-Root Bridge Without VLANs

This example shows the configuration of a non-root bridge with no VLANs configured with STP
enabled:

hostname client-bridge-north
ip subnet-zero
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid tsunami
authentication open
guest-mode
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role non-root
no cdp enable
bridge-group 1
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1 path-cost 40
!
interface BVI1
ip address 1.4.64.24 255.255.0.0
no ip route-cache
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 priority 10000
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Root Bridge with VLANs

This example shows the configuration of a root bridge with VLANs configured with STP enabled:

hostname master-bridge-hq
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
bridge irb

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-23
 Chapter 8 Configuring Spanning Tree Protocol
Configuring STP Features

!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid vlan1
vlan 1
infrastructure-ssid
authentication open
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
no cdp enable
infrastructure-client
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
no cdp enable
bridge-group 2
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 path-cost 500
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
!
interface BVI1
ip address 1.4.64.23 255.255.0.0
no ip route-cache
!
ip default-gateway 1.4.0.1
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 priority 9000
bridge 2 protocol ieee

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-24 OL-7690-01
 Chapter 8 Configuring Spanning Tree Protocol
Configuring STP Features

bridge 2 priority 10000

bridge 3 protocol ieee
bridge 3 priority 3100
!
line con 0
exec-timeout 0 0
line vty 5 15
!
end

Non-Root Bridge with VLANs

This example shows the configuration of a non-root bridge with VLANs configured with STP enabled:

hostname client-bridge-remote
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid vlan1
vlan 1
authentication open
infrastructure-ssid
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role non-root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
no cdp enable
bridge-group 2
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
no cdp enable
bridge-group 3
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-7690-01 8-25
 Chapter 8 Configuring Spanning Tree Protocol
Displaying Spanning-Tree Status

encapsulation dot1Q 1 native

no ip route-cache
bridge-group 1
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 path-cost 400
!
interface BVI1
ip address 1.4.64.24 255.255.0.0
no ip route-cache
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 priority 10000
bridge 2 protocol ieee
bridge 2 priority 12000
bridge 3 protocol ieee
bridge 3 priority 2900
!
line con 0
line vty 5 15
!
end

Displaying Spanning-Tree Status

To display the spanning-tree status, use one or more of the privileged EXEC commands in Table 8-3:

Table 8-3 Commands for Displaying Spanning-Tree Status

Command Purpose
show spanning-tree Displays information on your network’s spanning tree.
show spanning-tree blocked-ports Displays a list of blocked ports on this bridge.
show spanning-tree bridge Displays status and configuration of this bridge.
show spanning-tree active Displays spanning-tree information on active interfaces only.
show spanning-tree root Displays a detailed summary of information on the spanning-tree root.
show spanning-tree interface interface-id Displays spanning-tree information for the specified interface.
show spanning-tree summary [totals] Displays a summary of port states or displays the total lines of the STP state
section.

For information about other keywords for the show spanning-tree privileged EXEC command, refer to
the Cisco Aironet IOS Command Reference for Cisco Aironet Access Points and Bridges for this release.

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
8-26 OL-7690-01