What is the Native VLAN?

• The Native VLAN is an often confused concept, though it needn’t

be.
• An Access port (or “untagged port” in the non Cisco world) is a
switch port which carries traffic for only one VLAN.
• A Trunk port (or “tagged port” in the non Cisco world) is a switch
port which carries traffic for multiple VLANs.
• When frames traverse a Trunk port, a VLAN tag is added to
distinguish which frames belong to which VLANs.
• Access ports do not require a VLAN tag, since all incoming and
outgoing frames belong to a single VLAN.
• The Native VLAN is simply the one VLAN which traverses a Trunk
port without a VLAN tag.
Spanning Tree Protocol
Switching Loops
By default, a switch will forward a broadcast or
multicast out all ports, excluding the port the
broadcast/multicast was sent from. When a loop is
introduced into the network, a highly destructive
broadcast storm can develop within seconds.
Broadcast storms occur when broadcasts are
endlessly switched through the loop, choking off all
other traffic.
If the computer connected to Switch 4
sends out a broadcast, the switch will
forward the broadcast out all ports,
including the ports connecting to
Switch 2 and Switch 5. Those switches,
likewise, will forward that broadcast
out all ports, including to their
neighboring switches. The broadcast
will loop around the switches
infinitely. In fact, there will be two
separate broadcast storms cycling in
opposite directions through the
switching loop. Only powering off the
switch or physically removing the loop
will stop the storm.
 Spanning Tree Protocol (STP)

• -Switches (and bridges) needed a mechanism to prevent loops from forming, and
thus Spanning Tree Protocol (STP, or IEEE 802.1D) was developed.
• -STP is enabled by default on all VLANs on Catalyst switches. STP-enabled
switches communicate to form a topology of the entire switching network, and
then shutting down (or blocking) a port if a loop exists.
• -The blocked port can be reactivated if another link on the switching network
goes down, thus preserving fault-tolerance.
• -Once all switches agree on the topology database, the switches are considered
converged.
• -STP switches send BPDU’s (Bridge Protocol Data Units) to each other to form
their topology databases.
• -BPDU’s are sent out all ports every two seconds, are forwarded to a specific
MAC multicast address: 0180.c200.0000.
 STP Types
• Common Spanning Tree (CST) – A single STP process is
used for all VLANs.
• Per-VLAN Spanning Tree (PVST) – Cisco proprietary
version of STP, which employs a separate STP process for each
VLAN.
• Per-VLAN Spanning Tree Plus (PVST+) – Enhanced
version of PVST that allows CST-enabled switches and PVST-
enabled switches to interoperate. This is default on newer
Catalyst switches.
 BDPUs
BPDUs contain enough information so that all switches can do the
following:
• Select a single switch that will act as the root of the
spanning tree
• Calculate the shortest path from itself to the root switch
• Designate one of the switches as the closest one to the
root, for each LAN segment. This bridge is called the
“designated switch”. The designated switch handles all
communication from that LAN towards the root bridge.
• Each non-root switch choose one of its ports as its root
port, this is the interface that gives the best path to the
root switch.
• Select ports that are part of the spanning tree, the
designated ports. Non-designated ports are blocked.
 The STP Process
To maintain a loop-free environment, STP performs the
following functions:
• A Root Bridge is elected
• Root Ports are identified
•Designated Ports are identified
• If a loop exists, a port is placed in Blocking state. If the
loop is removed the blocked port is activated again.
If multiple loops exist in the switching environment,
multiple ports will be placed in a blocking state.
 Electing an STP Root Bridge
The first step in the STP process is electing a Root
Bridge, which serves as the centralized point of the STP
topology. Good design practice dictates that the Root
Bridge be placed closest to the center of the STP
topology. The Root Bridge is determined by a switch’s
priority. The default priority is 32,768, and the lowest
priority wins. In case of a tie in priority, the switch with
the lowest MAC address will be elected root bridge.
The combination of a switch’s priority and MAC
address make up that switch’s Bridge ID
 Consider the following example

Remember that the lowest priority determines the Root Bridge. Switches 2, 3, and 5 have the
default priority set. Switches 1 and 4 each have a priority of 100 configured. However, Switch
1 will become the root bridge, as it has the lowest MAC address. Switches exchange BPDU’s
to perform the election process. By default, all switches “believe” they are the Root Bridge,
until a switch with a lower Bridge ID is discovered. Root Bridge elections are a continuous
process. If a new switch with a lower Bridge ID is added to the topology, it will be elected as
the new Root Bridge.
 Identifying Root Ports
The second step in the STP process is identifying Root Ports, or the
port on each switch that has the lowest path cost to get to the Root
Bridge. Each switch has only one Root Port, and the Root Bridge
cannot have a Root Port. Path Cost is a cumulative cost based on the
bandwidth of the links. The higher the bandwidth, the lower the Path
Cost:
 Consider the following example

Assume the links between all switches are 10Mbps Ethernet, with a Path Cost of
100. Each switch will identify the port with the least cumulative Path Cost to get to
the Root Bridge. For Switch 4, the port leading up to Switch 2 has a Path Cost of
200, and becomes the Root Port. The port to Switch 5 has a higher Path Cost of
300. The Root Port is said to have received the most superior BPDU to the Root
Bridge. Likewise, non-Root Ports are said to have received inferior BPDU’s to the
Root Bridge.
 Identifying Designated Ports

The third and final step in the STP process is to identify

Designated Ports. Each network segment requires a single
Designated Port, which has the lowest path cost leading
to the Root Bridge. This port will not be placed in a
blocking state. A port cannot be both a Designated Port
and a Root Port.
 Consider the following example

Ports on the Root Bridge are never placed in a blocking state, and thus become
Designated Ports for directly attached segments. The network segments between
Switches 2 and 4, and between Switches 3 and 5, both require a Designated Port.
The ports on Switch 2 and Switch 3 have the lowest Path Cost to the Root Bridge for
the two respective segments, and thus both become Designated Ports. The segment
between Switch 4 and Switch 5 does not contain a Root Port. One of the ports must
be elected the Designated Port for that segment, and the other must be placed in a
blocking state. Normally, Path Cost is used to determine which port is blocked.
However, the ports connecting Switches 4 and 5 have the same Path Cost to reach
the Root Bridge (200). Whichever switch has the lowest Bridge ID is awarded the
Designated Port. Whichever switch has the highest Bridge ID has its port placed in a
blocking state. In this example, Switch 4 has the lowest priority, and thus Switch 5’s
port goes into a blocking state.
 Port ID
In certain circumstances, a tie will occur in both Path Cost and Bridge ID. Consider the
following example:

If the bandwidth of both links are equal, then both of Switch 2’s
interfaces have an equal path cost to the Root Bridge. Which
interface will become the Root Port? The tiebreaker should be the
lowest Bridge ID, but that cannot be used in this circumstance. In this
circumstance, Port ID will be used as the tiebreaker. An interface’s
Port ID consists of two parts - a 6-bit port priority value, and the MAC
address for that port. Whichever interface has the lowest Port ID will
become the Root Port.
By default, the port priority of an interface is 128.
Lowering this value will ensure a specific interface
becomes the Root Port:

Switch(config)# int fa0/10

Switch(config-if)# spanning-tree port-priority 50

Remember, that port priority is the last tiebreaker STP

will consider. STP decides Root and Designated Ports
based on the following criteria, and in this order:
• Lowest Path Cost to the Root Bridge
• Lowest Bridge ID
• Lowest Port ID
 Extended System IDs
-Normally, a switch’s Bridge ID is a 64-bit value that consists of a 16-bit Bridge Priority value,
and a 48-bit MAC address.
-However, it is possible to include a VLAN ID, called an extended System ID, into a Bridge ID.
Instead of adding bits to the existing Bridge ID, 12 bits of the Bridge Priority value are used
for this System ID, which identifies the VLAN this STP process represents.
-Because 12 bits have been stolen from the Bridge Priority field, the range of priorities has
been reduced. Normally, the Bridge Priority can range from 0 (or off) to 65,535, with a
default value of 32,768. With extended System ID enabled, the Priority range would be 0 –
61,440, and only in multiples of 4,096.

To enable the extended System ID:

Switch(config)# spanning-tree extend system-id

Enabling extended System ID accomplishes two things:

• Increases the amount of supported VLANs on the switch from 1005 to 4094.
• Includes the VLAN ID as part of the Bridge ID.

Thus, when this command is enabled, the 64-bit Bridge ID will consist of the following:
• 4-bit Priority Value
• 12-bit System ID value (VLAN ID)
• 48-bit MAC address
Spanning Tree Port States