Publish Date: July 6, 2015

Spanning Tree Protocol (STP)

Spanning Tree Protocol is a layer 2 protocol used to prevent switching loops and the broadcast storm that are resulted when switches are interconnected via multiple paths.

STP uses Spanning Tree Algorithm (STA) to create a topology database of a network and then search out and disable redundant links.

Spanning Tree Termininology

Before jumping deep into Spanning Tree Protocol configuration, I am going to discuss some important terms related to STP.

  • Root Bridge: All the switches in the network participate in the process of root bridge selection. The root bridge (also called root switch) is the bridge with the lowest bridge ID. All the other decisions like which port is to be blocked and which port is to be put in forwarding mode are made from the perspective of root bridge. Once a root bridge is elected on the network, all other bridges must make a single path to root bridge or root switch.
  • Bridge Protocol Data Units (BPDU): All the switches exchange information to use in the root bridge selection as well as in subsequent configuration of the network. Each switch compares the parameters in the Bridge Protocol Data Unit (BPDU) that it sends to one neighbor with the ones that it receives from other neighbors.
  • Bridge ID: STP keeps track of all the switches in the network by using bridge ID. It is determined by a combination of the bridge priority (32768 by default for all Cisco switches) and the base MAC address. The bridge with the lowest bridge ID becomes the Root Bridge in the network.
  • Non-root Bridges: All other bridges that are not the Root Bridge are knwon as non-root bridges. Non-root bridges exchange BPDUs with all bridges and update the STP topology database on all switches, preventing loops and providing a measure of defense against link failures.
  • Port Cost: Port cost determines the best path when multiple links are used between two switches. The cost of a link is determined by the bandwidth of a link.
  • Root Port: The root port is always the link directly connected to the root bridge, or the lowest path cost to the root bridge. If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link. The lowest-cost port becomes the root port. If multiple upstream switches have the same cost, the bridge with the lower advertising bridge ID is used. When multiple links connect to the same device, the port connected to the lowest port number on the upstream switch is be used.
  • Designated Port: A Designated port is one that has been determined as having the best (lowest) cost to the root bridge via its root port. A designated port will be marked as a forwarding port.
  • Non-designated Port: A non-designated port is one with a higher cost than the designated port. They are what’s left over after the root ports and designated ports have been determined. Non-designated ports are put in blocking mode.
  • Forwarding Port: A Forwarding Port forwards frames and can be a root port or a designated port.
  • Blocked Port: A blocked port is the port which will not forward frames in order to prevent loops.  A blocked port will always listen to BPDU frames but drop all other frames.

How Spanning Tree Protocol Works

STP detects and disable the redundant links by first electing a root bridge that will forward through all ports and act as a point of reference for all other devices in the STP domain. Remember that every port on the root bridge is a designated port  or forwarding port. Once all switches agree on who the root bridge is, every bridge must find only one root port. Each and every link between two switches must have one, and only one designated port. The designated port provides the highest bandwidth toward the root.

Root Bridge Selection

The bridge ID is used to elect the root bridge in the STP domain and to determine the root port for each of the remaining devices in the STP domain when there are multiple candidate root ports available and path costs are equal. This ID is 8 bytes long and includes both priority and the MAC address of the device. The default priority on all devices running the IEEE STP version is 32768.

To determine the root bridge, the priority of each bridge is combined with its MAC address. If two switches or bridges happen to have the same priority value, the MAC address becomes the tiebreaker for figuring out which one has the lowest (best) bridge ID. In large enterprise networks, you can manually change the bridge ID by lowering its priority so that it will become a root bridge in selection process or you can use a single command to force a switch to be root bridge as shown below.

Switch2#spanning-tree vl
Switch2(config)#spanning-tree vlan 1 ?
  priority  Set the bridge priority for the spanning tree
  root      Configure switch as root

If you want the switch to be elected as root bridge in selection process, you can lower its  priority using priority statement or you can use root statement if you want to force the switch to be a root bridge.

Spanning Tree Convergence

Spanning Tree convergence occurs when all ports on bridges or switches have transitioned to either forwarding or blocking modes. No data will be forwarded until spanning tree is fully converged in a network. Trust me! That’s true. When spanning tree is converging, no data will be forwarded. This is the reason why every network administrator must design their switched network in such a way so that STP converges as quickly as possible. It is recommend that you design your switched network in a hierarchical manner and setup your core switches to be root bridge for fastest STP convergence.

During Spanning Tree Protocol convergence, all the ports on a bridge or switch running can transition through five different states:

Blocking: A blocked port do not forward frames; it just listens to BPDUs. The purpose of the blocking state is to prevent the loops. All ports are in blocking state by default when the switch is powered up.
Listening: The port listens to BPDUs to make sure no loops occur on the network before passing data frames. A port in listening state prepares to forward data frames without populating the MAC address table.
Learning: The switch port listens to BPDUs and learns all the paths in the switched network. A port in learning state populates the MAC address table but still does not forward data frames. Forward delay is the time taken by switch to transition a port from listening to learning mode (or from learning to forwarding mode), which is set to 15 seconds by default and can be seen in the show spanning-tree command output.
Forwarding: The port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it enters the forwarding state.
Disabled: If a port in the disabled state (administratively shutdown), it does not participate in spanning tree protocol and frame forwarding. A port in the disabled state is considered nonoperational.

Convergence time of a typical spanning-tree topology from blocking to forwarding on a switch port is 50 seconds, this could create request time-out problems on your servers or hosts if you are using DHCP. To address this issue, you can use PortFast to disable spanning tree on individual ports.

Spanning Tree PortFast

If you have a server or other devices connected to your switch that will not create a switching loop if you disable STP, you can use what is known as PortFast on these ports. The switchports with PortFast enabled will not spend the usual 50 seconds to come up into forwarding mode while STP is converging. These ports will immediately come into forwarding mode as soon as your switch is powered on.

To enable PortFast, you can use spanning-tree portfast command in interface config mode as shown below.

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fa0/10
Switch(config-if)#spanning-tree portfast 
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/10 but will only
have effect when the interface is in a non-trunking mode.

Portfast is now enabled on port F0/10, but notice that you get a long message marked purple. This is a warning reminding you that disabling spanning-tree can be dangerous as it will increase the risk of creating switching loops.

Spanning Tree UplinkFast

UplinkFast is a Cisco-specific feature that improves the convergence time of STP in case of a link failure. The UplinkFast feature is designed to run in a switched environment when the switch has at least one alternate or backup root port (a port in blocking state). This is the reason Cisco recommends that UplinkFast  should enabled only for switches with blocked ports at the Access layer.
UplinkFast allows a switch to find alternate paths to the root bridge before the primary link fails. This means that if the primary link fails, the alternate port would not wait for the normal STP convergence time of 50 seconds.

Spanning Tree BackboneFast

BackboneFast is a Cisco-proprietary STP extension which is used for speeding up convergence when a link which is not directly connected to the switch fails. If a switch running BackboneFast receives an inferior BPDU from its designated bridge, it knows that a link on the path to the root has failed. An inferior BPDU is one that lists the same switch for the root bridge and the designated bridge. Unlike UplinkFast, which is only configured on Access layer switches or switches with redundant links and at least one link in blocking mode, BackboneFast should be enabled on all Catalyst switches to allow for detection of indirect link failures. Enabling BackboneFast is also beneficial because it starts the spanning tree  reconfiguration more quickly as it can save 20 seconds on the default 50-second STP convergence time.

Rapid Spanning Tree Protocol (RSTP)

Cisco created a lot of technologies like PortFast, UplinkFast and BackboneFast to fix  the slow convergence and other issues which were present in IEEE 802.1d STP standard. The drawbacks to these enhancements are only that these are Cisco proprietary and need additional configuration. But the new RSTP 802.1w standard addresses all these issues. You have to just turn on RSTP and you are good to go. Make sure all the switches in your network are running the 802.1w protocol for RSTP to work properly. However, RSTP can interoperate with older STP 802.1d but the inherent fast convergence capability of RSTP will be lost.

As compared to standard STP 802.1d, the newer Rapid Spanning Tree Protocol defines only three port states:

  1. Discarding
  2. Learning
  3. Forwarding

Disabled, Blocking and Listening states of 802.1d have been summarized into one Discarding state in RSTP 802.1w standard.

The speeds of the link determine the path cost that STP and RSTP uses. The most common values are given in table below:

Data rate STP cost (802.1D) RSTP cost (802.1W)
4 Mbit/s 250 5,000,000
10 Mbit/s 100 2,000,000
16 Mbit/s 62 1,250,000
100 Mbit/s 19 200,000
1 Gbit/s 4 20,000
2 Gbit/s 3 10,000
10 Gbit/s 2 2,000


Instead of having redundant links and allowing STP to put one of the links in blocked mode, we can bundle the links and create a logical aggregation so that our multiple links will then appear as a single one.

Cisco’s version is called Port Aggregation Protocol (PAgP) and the IEEE 802.3ad standard is called Link Aggregation Control Protocol (LACP). Both versions work equally well but configuration is different.

We will cover detailed RSTP and EtherChannel configuration in our next section Cisco Catalyst Switch Configuration.


Microsoft Certified | Cisco Certified