www.cisconetsolutions.

com

Spanning Tree Protocol

The primary reason for deploying Spanning Tree is to prevent Layer 2
loops within a switching domain. The result of Layer 2 loops is broadcast
storms where frames are forwarded in a loop between switches. There
are a variety of Spanning Tree Protocols (STP). The most current STP
mode supports multiple VLANs.

STP creates a loop free Layer 2 topology by configuring some switch

ports to forward traffic and some to block traffic. It is an operational state
that can change as the switch topology changes. STP is based on first
electing a root bridge that has the lowest bridge ID. The switch with the
lowest priority and MAC address is elected root bridge. Once the root
bridge is elected, switch ports are assigned an STP port state and port
type. Any topology change such as link failure triggers STP to recalculate
topology and determine what switch ports to forward and block.

Original STP (802.1d)

The original 802.1d standard was designed for a single broadcast domain
only. It is an older standard characterized by slower link failure detection
and convergence time. All switches enabled with STP will transition
switch ports through four STP port states to arrive at forwarding or
blocking state. Layer 2 convergence occurs when all 802.1d switch ports
are assigned to blocking state or forwarding state. Interconnected switch
ports are assigned a port type as well. Standard port types include root,
designated and blocking ports. The following describe the original STP
port state transitions when starting a switch or enabling a switch interface.
The switch MAC address table is populated during the learning port state.

 Blocking = discarding frames

 Listening = STP port type assigned
 Learning = populate MAC address table
 Forwarding = active forwarding frames

Rapid STP (RSTP)

The advantage of Rapid Spanning Tree Protocol (RSTP) is faster Layer 2
convergence. It is backward compatible with 802.1d enabled switches.
The newer 802.1w (RSTP) standard is comprised of only three port
states. They include discarding, learning and forwarding. STP will
transition switch ports through all STP port states to arrive at either
forwarding or discarding state.
 www.cisconetsolutions.com

Layer 2 convergence occurs when all 802.1d switch ports are assigned to
blocking state or forwarding state. RSTP includes the following features to
minimize convergence time.

 BPDUs are advertised from all switches instead of root bridge only.

 The amount of time is decreased to three hello packets (BPDUs)

before detecting a root bridge link failure.

 There is a single discarding state that replaces the older blocking and
listening port states.

 Newer alternate and backup port types are added to root, designated,
and blocking port types.

Alternate Port
RSTP adds alternate and backup port types for faster Layer 2
convergence. The alternate port actively discards frames (blocking)
initially. It transitions a switch port from discarding to forwarding
immediately when the root port fails to minimize network convergence.

Backup Port
This port type requires a hub with two switch links to provide redundancy
for faster convergence. RSTP proposal/agreement process is based on a
handshake between switch interfaces. It provides current root bridge state
information to all switches.

Rapid Per VLAN Spanning Tree (RPVST+)

This is Cisco proprietary protocol that is based on the newer RSTP
standard. It is designed with all the advantages of RSTP for a switching
domain with multiple VLANs. Most switches are configured with multiple
VLANs that each define a broadcast domain. STP is a Layer 2 protocol
that is only enabled per VLAN. Consider that routing is required for
VLANs to communicate. Rapid Per VLAN Spanning Tree (RPVST+)
enables a separate spanning tree instance per VLAN. It was developed to
support trunking and 802.1q encapsulation for Cisco devices. Rapid
PVST (RPVST) is based on RSTP and only supports 802.1w port states.
The discarding state is new to RPVST+ and equivalent to the blocking
and listening port states of 802.1d standard. The following IOS global
configuration command enables RSTP on a switch.

switch(config)# spanning-tree mode rapid-pvst

 www.cisconetsolutions.com

Root Bridge Selection

Spanning Tree Protocol manages an election process for the root bridge
(per VLAN where applicable). STP is based on first electing a root bridge
that has the lowest bridge ID. The switch with the lowest priority and MAC
address is elected root bridge. Once the root bridge is elected, then
switch ports are assigned an STP port state and port type. Any topology
change such as a link failure triggers STP to recalculate the topology and
determine what switch ports to forward and block. The root bridge can be
reassigned as well.

STP information is advertised with BPDU frames to neighbor switches

during STP election. The hello timer setting is the interval between BPDU
advertisements. BPDU frames are also used to detect link failure and
recalculate STP. Each frame contains updated information such as STP
timers, root bridge ID, sender bridge ID and port (path) cost.

The root bridge elected for a spanning tree instance is the switch with the
lowest bridge ID. STP calculates a unique numerical value for the bridge
ID based on the switch priority setting and MAC address. The switch with
the lowest bridge ID is elected as root bridge. The tie breaker is lowest
MAC address, when switches are assigned the same priority. The bridge
ID is calculated by STP to assign the root bridge per VLAN. The priority
setting for a Cisco switch with a default configuration is 32768. You can
manually configure a lower switch priority as well to assign root bridge.

Example 1: Root Bridge Election

Consider two switches with the same lowest priority of 28673. The tie
breaker is the switch with the lower MAC address. Counting from right to
left, 1 of switch-2 is lower than A of switch-1. Hexadecimal A is equivalent
to the number 10. Switch-2 is elected as root bridge for a particular VLAN.

Switch-1  28673: 0000.000a.aaaa

Switch-2  28673: 0000.0001.2345

IOS command show spanning-tree vlan [number] is used to list the local
bridge ID and STP port states for the local switch. In addition it lists the
root bridge for the VLAN. The elected root bridge is identified by the MAC
address. The command show cdp neighbor detail displays the MAC
address for each connected switch making it easier to identify the root
bridge (switch).
 www.cisconetsolutions.com

Example 2: Root Bridge Election

Refer to the results of the IOS command issued on switch-1 and
determine why it was not elected as root bridge for VLAN 10?

switch-1# show spanning-tree vlan 10

VLAN010
Spanning tree enabled protocol rstp
Root ID priority 20490
Address 0000.000a.aaaa Cost 28
Port 1 (GigabitEthernet1/2)
Hello Time 2 sec max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0000.000b.bbbb
Hello Time 2 sec max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

--------- ----- ------ ----- -------- ------
Gi1/1 Root FWD 4 128.1 P2p
Gi1/2 Desg FWD 28 128.1 P2p
Gi1/4 Desg FWD 28 128.1 P2p
Gi1/3 Altn BLK 54 128.1 P2p

Answer
The results of show spanning tree command list the elected root bridge
for a particular VLAN and port types assigned for each interface. The root
bridge for VLAN 10 is not switch-1. The Root-ID section lists the priority
and MAC address for the elected root bridge. The Bridge-ID section
pertains to switch-1 where the IOS command was issued. The priority is
higher for switch-1 (32769) than the priority (20490) of the switch that was
elected root bridge. In addition, port types are not all designated ports.
The root bridge assigns all switch ports as designated ports.
 www.cisconetsolutions.com

Spanning Tree Port Type

The campus switching topology is comprised of multiple interconnected
switches. Any switch interface that is connected to a neighbor interface is
called an interconnect. STP election or re-election starts with assigning a
root bridge within a Layer 2 switching domain. All switches enabled with
STP will transition switch ports through multiple port states first. At that
time, switch information is exchanged via BPDU frames. Each switch
interface connected to a neighbor switch is assigned a port type as well.

Figure 1 STP Election

Port State BPDU Root Bridge Port Type

Transition Elected Assigned

Convergence Forwarding

Designated Ports
The switch with the lowest bridge ID is assigned as root bridge. Once the
root bridge is elected, all switch ports on the root bridge are assigned as
designated port type in forwarding state. The designated ports of a root
bridge connect to the root port of non-root switches neighbors.

There is a designated port assigned on a non-root network segment as

well. That is the link between non-root neighbor switches to forward
BPDU frames. The designated port connects to a neighbor non-root
switch port. STP compares link cost (bandwidth) for that switch link
(segment). The switch port with the lower cost (highest bandwidth) is
designated port for that link. When the switch ports are equal-cost, the
port of the non-root switch with the lower bridge ID is assigned as a
designated port.

Root Port
The root port is a switch port on a neighbor switch that has the least cost
path to the root bridge. It is a primary forwarding link to the root bridge
that received the best BPDU. There is only a single root bridge elected for
any spanning tree instance (VLAN).
 www.cisconetsolutions.com

STP calculates the least cost path from a non-root switch interface to the
root bridge. The switch interface for that path is assigned as root port to
the root bridge. The forwarding interface is configurable with port priority
setting as well.

Example 3: Designated Port Type

Refer to the network topology drawing. What switch ports from the
topology drawing are Spanning Tree Protocol (STP) designated ports?

Figure 2 Designated Port Type

The first step is to identify the root bridge that was elected. All switches
are assigned the same priority, so root bridge is elected based on the
lowest MAC address. Each switch is assigned a base MAC address for
the device.

The lowest MAC address is calculated from left to right per Ethernet MAC
number. All numbers match until number 9 where switch-3 has the lower
(a) compared with switch-2 (b) and switch-1 (c). Switch-3 is elected as
root bridge and all switch ports on a root bridge are designated ports.

switch-1 = 0000.abcd.cccc
switch-2 = 0000.abcd.bbbb
switch-3 = 0000.abcd.aaaa = root bridge
 www.cisconetsolutions.com

The root port of a non-root bridge is the switch port with the lowest path
cost to the root bridge. That is a directly connected switch port with the
highest bandwidth. That creates the primary links for switch traffic.

The two non-root switches are switch-1 and switch-2. There is a single
Gigabit Ethernet link connecting the non-root switches. As a result the
switch port cost to the network segment is equal. The port of the non-root
switch with the lower bridge ID is assigned as a designated port when
path costs are equal. Switch-2 has a lower bridge-ID than switch-1. As a
result switch-2 port Gi1/2 is a designated port as well. Switch-1 port Gi1/2
is blocking/alternate port type to prevent Layer 2 loops.

Switch-1
 Gi1/1 = Root Port
 Gi1/2 = Blocking/Alternate Port

Switch-2
 Gi1/1 = Root Port
 Gi1/2 = Designated Port

Switch-3
 Gi1/1 = Designated Port
 Gi1/2 = Designated Port

Example 4: Root Port Type

Refer to the results of the IOS command shown. What is the reason that
switch port interface Gi1/1 was not elected root port for VLAN 12?

switch-3# show spanning-tree interface Gigabitethernet1/1

Vlan Role Sts Cost Prio.Nbr Type

-------------- ------ ----- ----- --------- ------
VLAN0010 Root FWD 4 128.1 P2p
VLAN0011 Root FWD 4 128.2 P2p
VLAN0012 Altn BLK 16 128.2 P2p

RPVST+ supports per VLAN spanning tree. There is a separate spanning

tree instance calculated (defined) for each VLAN. As a result each VLAN
is assigned a root bridge (switch). The switch ports for a root bridge are
all assigned as designated ports. All neighbor switches become non-root
bridges with a root port , designated port or alternate port (blocking). The
assignment of root port is based on calculated link cost to the root bridge.
Typically the switch port of the non-root bridge directly connected to the
root bridge is lowest cost and assigned as root port.
 www.cisconetsolutions.com

The non-root switches are assigned a designated port as well. The

designated port connects to a neighbor non-root bridge. The non-root
switches compare link cost (bandwidth) for that switch link (network
segment). The switch port with the lower cost (highest bandwidth) is the
designated port for that link. Where the switch ports have an equal cost,
the port of the non-root switch with the lower bridge ID is assigned as a
designated port. The switch port on the neighbor switch is assigned as
alternate (blocking) port type to prevent Layer 2 loops.

The results of show spanning-tree interface gigabitethernet1/1

indicate switch port Gi1/1 has a higher path cost (lower bandwidth) to the
root bridge for VLAN 12. That is shown with the Altn (alternate/blocking)
status. STP would calculate a new topology and transition the blocking
port to forwarding when link associated with the root port isn’t available.

Example 5: Designated Port Type

Refer to the network drawing. What three switch ports will be assigned as
designated ports by spanning tree when the link bandwidth is equal?

Figure 3 Designated Port Type

Answer
The switch with the lowest bridge ID is elected as root bridge. In addition
all switch ports of a root bridge are assigned as designated ports. The
switch with the lowest priority is elected root bridge. All switches are
assigned the same default priority so the tie breaker is the switch with the
lowest MAC address.
 www.cisconetsolutions.com

The lowest MAC address is calculated from left to right per number. All
numbers match until bit 9 where switch-3 has the lower number (a)
compared with switch-2 (b) and switch-1 (c). As a result, switch-3 is
elected as root bridge. The switch ports Gi1/1 and Gi1/2 on switch-3 are
designated ports.

 switch-1 = 0000.abcd.cccc
 switch-2 = 0000.abcd.bbbb
 switch-3 = 0000.abcd.aaaa = root bridge

All switches become non-root bridges that connect to the root bridge. The
switch ports are assigned as root port, designated port or alternate port
(blocking). The switch port directly connected to the root bridge is lowest
cost and assigned as root port. That would include switch-2 port Gi1/1
and switch-1 port Gi1/1.

The non-root switches are assigned a designated port as well. The

designated port connects to a neighbor non-root switch. The non-root
switches compare link cost (bandwidth) for that switch link (network
segment). The switch port with the lower cost (highest bandwidth) is the
designated port for that link. Where the switch ports have an equal cost,
the port of the non-root switch with the lower bridge ID is assigned as a
designated port. The topology has all equal Gigabit switch links
connecting all non-root switches.

The tie breaker is the non-root switch with the lowest MAC address.
Switch-2 has a lower MAC address than switch-1. From left to right the
Ethernet MAC numbers match until bit 9. switch-2 has a lower Ethernet
MAC number (b) than switch-1 with (c). The result is switch-2 port Gi1/2
is the designated port for the switch link to the non-root neighbor.

switch-1 = 0000.abcd.cccc
switch-2 = 0000.abcd.bbbb

Example 6: STP Port Type

Refer to the network topology drawing. The switches are configured with
RSTP and all links are equal bandwidth. What RSTP port type is
assigned to the switch ports based on the information provided?
 www.cisconetsolutions.com

Figure 4 STP Port Type

Answer
The first step is to identify the root bridge (switch). The switch with the
lowest priority is elected root bridge. All switches have equal priorities
(default) so the switch with the lowest MAC address is elected root
bridge. The priority and MAC address of a switch are used to calculate
bridge ID value. The switch with lowest bridge ID is elected root bridge.

Switch-3 has the lowest MAC address based on numbering from left to
right. All spanning tree ports of the root bridge are assigned as
designated ports. The directly connected switch port of each neighbor
switch is assigned as root port. That is the default when all switch links
are equal bandwidth. Switch-1 (Gi1/1) and switch-2 (Gi1/1) are root ports
as a result. All RSTP switch ports are assigned as a root port, designated
port or alternate port. Switch-1 (Gi1/1) and switch-2 (Gi1/1) are assigned
as root ports already.

The network segment (link) between switch-1 and switch-2 must elect a
designated port. The bridge ID for switch-2 is lower than switch-1. That is
based on the lower MAC address where priority values are equal. As a
result switch-2 (Gi1/2) is designated port for the segment. The connected
neighbor port on switch-1 (Gi1/2) is assigned alternate (discarding) port.

 switch-1 (Gi1/1) = root port

 switch-2 (Gi1/2) = designated port
 switch-3 (Gi1/1) = designated port
 www.cisconetsolutions.com

Example 7: Discarding Port State

Refer to the network topology drawing. Switch-1 and switch-2 were
assigned as non-root bridges (switches) by spanning tree protocol (STP).
What switch and switch port interface is assigned discarding port state?

Figure 5 STP Discarding Port State

Answer
RSTP is based on the original 802.1d however there are enhancements
that lower convergence time. The port states were reassigned with RSTP
so there is discarding, learning and forwarding. The discarding state
includes the original disabled, blocking and listening states of 802.1d.

The switching topology is converged when all ports are either discarding
or forwarding. The discarding state is assigned to the alternate port type
where traffic blocking is enabled to prevent Layer 2 loops.

STP must assign a designated port for the network segment connecting
switch-1 and switch-2. That is based on the switch link with lower
bandwidth. Switch-1 and switch-2 have two equal bandwidth switch links
connecting them. The tie breaker is the switch with the lower bridge ID.
Switch-1 has a lower priority so switch ports Gi1/2 and Gi1/3 of switch-1
are assigned as designated ports. STP transitions designated ports to
forwarding state.
 www.cisconetsolutions.com

Switch-2 must assign a switch port to alternate port type to prevent a

Layer 2 loop. The alternate port type is transitioned to discarding
(blocking) state. Where there are multiple switch links, the lower switch
port number is the tie breaker. Switch-1 has switch ports Gi1/2 and Gi1/3.
Switch-2 considers the lower Gi1/2 as preferred and forwards traffic from
Gi1/2 that is directly connected.

The result is that switch-2 (Gi1/2) is the alternate port in discarding state.
Traffic between switch-1 and switch-2 is forwarded across the Gi1/2 link
between switches. That does include access ports however PortFast
transitions the access edge port immediately to forwarding state.

PortFast
PortFast is a Spanning Tree Protocol (STP) enhancement designed for
access layer network devices. Any host endpoint or a network device
connected to an access switch does not receive STP BPDUs. The switch
interconnection interfaces are part of STP election. That is where Layer 2
loops would occur. PortFast is enabled on switch ports where hosts are
connected. That allows the switch ports to transition from disabled or
blocking state to forwarding immediately on startup. The following is the
interface level IOS command to enable PortFast.

switch(config-if)# spanning-tree portfast

BPDU Guard
IOS command spanning-tree bpduguard enable is configured at the
interface level to prevent network devices from affecting the STP
topology. For example, connecting a network switch at your cubicle would
trigger STP recalculation. The new switch is now connected to an access
switch port causing Layer 2 topology changes. The consequences could
include various errors including a new root bridge.

The purpose of BPDU guard is to errdisable a switch port when a BPDU

is advertised to it. It applies to switch ports with PortFast enabled. The
new switch starts sends BPDUs to the upstream access switch when
connected to the Ethernet jack at a cubicle. The upstream access switch
with BPDU guard enabled would errdisable switch port. That prevents the
new switch from joining the Layer 2 topology. The switch access ports
have hosts connected that do not send or receive BPDUs. PortFast
allows them to transition to forwarding state immediately. As a host, they
should never receive a BPDU from the switch.