- Spanning Tree Protocol states
- Disabled
- Initializing
- Learning
- Forwarding
- Critical information concerning STP port states
- Spanning tree protocol Cisco configuration
- History of Spanning Tree Protocol
- Spanning tree protocol explained – How Spanning tree protocol works?
- What is BPDU (Bridge Protocol Data Unit)?
- What is a Root Bridge?
- What is the process of election of a root bridge?
- What is the root port, and how is it selected to determine the best path to the root bridge?
- What is a Designated port, and how to choose the designated port on each segment?
- Election of a designated bridge on each segment
- Blocking non-forwarding ports
- STP Show Commands
- Final Word
- What is the purpose of the spanning tree protocol STP?
- Spanning tree protocol types – Spanning tree protocol examples
- How to Build Spanning Tree Protocol (STP) on Layer 2 Switch using GNS3
- How to Configure Spanning Tree
- How to Choose Root Bridge
- How to Set Port Status
- How to Configure PortFast
- How to Configure UplinkFast
- How to Configure BackboneFast
- How to Configure BPDU Guard
- How to Verify Spanning Tree Protocol in GNS3
- Spanning Tree LAB Configuration ⇒ Video
- What are Spanning Tree Topology Change Notifications?
- Selecting the Spanning Tree Mode
- Setting the root bridge
- Manual priority for the Root Bridge
- Tuning Port-Priority
- PortFast and BPDUGuard
- See the packet going
- Frequently Asked Questions – FAQs
Spanning Tree Protocol states
When a port on a switch is brought online, it goes through a series of spanning-tree port states. These states change in a predictable pattern based on the information derived from BPDUs received on the port.
Spanning Tree Protocol states
Disabled
A port is in the downstate and not part of STP.
Initializing
The listening delay is 15 seconds.
Learning
A port in the learning state does not forward frames, but it does analyze frames that come in and retrieve the MAC addresses from those frames and them into the MAC address table or CAM table. The frames are discarded after they have been analyzed.
The learning delay is 15 seconds.
Forwarding
You can think of the forwarding state as the “normal” state. In this state, a port receives and transmits BPDUs, examines incoming packets for MAC address information, and forwards frames from other switch ports.
When a port is in the forwarding state, the device or network connected to it is active and ready to communicate.
A disabled port does not forward frames and is not a member of the spanning tree. It only accepts and responds to network management messages.
Critical information concerning STP port states
Always Configure a Root Bridge
If possible, use routing instead of switching.
“Switch when you can, route when you have to,” used to be the old network expression. This mantra, however, no longer holds in today’s world of fast Layer-3 switching.
Layer-3 switches allow you to route at switching speeds. Layer-3 redundancy is easy to understand than Layer-2 redundancy. Using routing to solve your redundancy concerns is acceptable if the business needs are met, and the result is the same.
Other best practices are looking and avoiding loop contributors mentioned below when designing or troubleshooting the Spanning tree.
Spanning tree protocol Cisco configuration
Spanning tree is enabled by default in all cisco switches.
You can see its status by using the below show commands in IOS and NX-OS based cisco switches:
Spanning Tree Global config Commands in IOS based Cisco switches:-
Spanning Tree Troubleshooting Commands in IOS-based Cisco switches:-
The rest of the STP config commands are mentioned in their respective sections.
History of Spanning Tree Protocol
Dr. Radia Perlman of Sun Microsystems first invented STP and was specified as IEEE 802.1D.
Then the IEEE defined Rapid Spanning Tree Protocol (RSTP) as 802.1w in 2001. RSTP introduces new convergence behaviors and the bridge port roles for faster network change and failure recovery. In addition, RSTP is backward compatible with STP.
STP was initially specified as IEEE 802.1D, but the capability of spanning tree (802.1D), rapid spanning tree (802.1w), and multiple Spanning tree (802.1s) has since been integrated into IEEE 802.1Q-2014. MSTP is also backward compatible with STP.
Spanning tree protocol explained – How Spanning tree protocol works?
The above functions and many more are performed by exchanging BPDUs (Bridge Protocol Data Unit) between the switches every 2 seconds.
Let us understand BPDU first.
What is BPDU (Bridge Protocol Data Unit)?
BPDU (Bridge Protocol Data Unit) carries essential messages for STP. Below are the details.
Let us now look at all the operations performed by STP inside switches:-
What is a Root Bridge?
The root bridge is the authoritative starting point for computing the loop-free spanning-tree structure. As a result, all bridges should only have one active link, known as the root port, to that particular root bridge.
A VLAN’s root bridge ports will be in the designated forwarding state. The root bridge broadcasts BPDUs with a root path cost of 0.
What is the process of election of a root bridge?
The first step of the STP process is to elect the root bridge in the network.
The bridge with the lowest Bridge ID is chosen as the STP root bridge.
When a switch boots, it assumes it is the root bridge and sets the Root ID in all outgoing BPDUs to the local Bridge ID. If it receives a BPDU with a lower root ID, it considers that switch as a root switch. The local switch then starts sending BPDUs with that root ID.
On a root bridge, the output of “show spanning-tree” will show:
Now let us understand Bridge ID and Root ID.
STP Bridge ID
A bridge ID is assigned to each switch. The bridge ID is 8 bytes and it is formed by combining the bridge priority (2 Bytes) and the MAC address (6 bytes) of the switch.
The bridge priority is a two-byte field that can be configured with a default value of 32,768 and configured in increments of 4096.
The lower the bridge ID value, the more likely the bridge becomes the root bridge. The bridge with the lowest bridge ID becomes the root bridge always.
Like Bridge ID, a Root ID consists of a root priority and a MAC address. By default, the root priority is set to 32768 (0×8000) and can be configured in increments of 4096. The lower root MAC address is used to break a tie if the root priorities of the two switches are equal.
What is the root port, and how is it selected to determine the best path to the root bridge?
STP Root Port Election
That port with the lowest/shortest distance to the root bridge is the root port on a switch that is not a root bridge or (NRB – Non-Root Bridge).
Root bridges only have Designated ports rather than root ports.
After the election of the root bridge in the network, the next step is to calculate the best path from each switch to the root bridge.
The local switch checks the BPDUs received on ports. If BPDU packets from the root bridge are received on multiple ports, then multiple paths to the root bridge exist in the network.
The best path is then considered to be through the port that received the BPDU with the lowest path cost. As BPDUs are forwarded from one bridge to another bridge, path costs are calculated by adding each bridge’s port priority to the initial path cost.
– How a Root Port is selected?
What is a Designated port, and how to choose the designated port on each segment?
Designated ports are the ports facing downstream away from the root bridge. And that is the reason the root bridge has designated ports only.
The steps to choosing a Designated port are similar to choosing a root port mentioned above in the root port section.
Quick Tip: Only the Root and Designated ports learn MAC addresses on switches.
Election of a designated bridge on each segment
A designated bridge is a switch/bridge on a given segment with the designated port. That’s why the root bridge becomes the designated bridge for all directly connected segments.
If two switches on a segment have root ports, the bridge with the lowest bridge ID becomes the designated bridge.
Blocking non-forwarding ports
You can use the below commands to change the cost and Priority of the local switch, which in turn will influence the Root and Designated port election process of STP.
STP Show Commands
Spanning-Tree ? Command
This command shows the show commands of the ST protocol supported on the Switch. You can check the outputs of it by selecting the feature you want to use from the commands listed with the command.
With this command, you can view general information about the ST protocol on the Switch. You can view the Root ID, Root Bridge, and Interface ports of the Switch and view the port states of the Switch‘s interfaces.
Also, if Root Bridge is configured manually, you can examine the Switch’s Priority value using this command.
Switch#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0012.6620.0800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0012.6620.0800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Desg FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
Switch#
Spanning-Tree Summary Command
With this command, you can view the connection status of VLANs created on Cisco Switch. You can also view the enabled features of the Standard STP (PVST) protocol with this command. If you have performed the BackboneFast configuration, you can view the information about the BackboneFast feature with this command.
It displays the connection status for VLANs created on the Cisco Switch. You can also view the activated properties of the PVST with this command. If you have performed the BackboneFast configuration steps, you can view the BackboneFast feature information with this command.
You can view Root Bridge information with this command. For example, when you apply this command on a Switch that is not Root Bridge, you can see the Root Bridge ID and Address (0012.66b3.c800).
Switch#show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————— ——— —— — — ————
VLAN0001 32769 0012.6620.0800 0 2 20 15
Switch#
With this command, you can see detailed information on all ports of the Switch. You can view the Priority and Root Bridge information of the Cisco Switch interfaces, Hello Time, Max Age Timer and Forward Delay times as well as the number of BPDU packets sent and received.
It is used to examine the interfaces on the device with this command.
Switch#show spanning-tree interface ?
GigabitEthernet GigabitEthernet IEEE 802.3z
Multilink Multilink-group interface
Port-channel Ethernet Channel of interfaces
Vlan Catalyst Vlans
Switch#show spanning-tree interface gigabitethernet 0/0
Vlan Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
VLAN0001 Desg FWD 4 128.1 Shr
Switch#show spanning-tree interface gigabitethernet 0/1
Vlan Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
VLAN0001 Desg FWD 4 128.2 Shr
Switch#
Switch#show spanning-tree active
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0012.6620.0800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0012.6620.0800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Desg FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
Switch#
Spanning-Tree Bridge Command
This command shows the Bridge ID information of Cisco Switch.
Switch#show spanning-tree bridge
Hello Max Fwd
Vlan Bridge ID Time Age Dly Protocol
—————- ——————————— —— — — ———
VLAN0001 32769 (32768, 1) 0012.6620.0800 2 20 15 ieee
Switch#
Spanning-Tree Inconsistentports Command
This command displays ports that are not properly configured in the configuration. For example, if one port Trunk between two interconnected Switches is configured as an Access port, the STP protocol will name this port inconsistently.
Switch#show spanning-tree inconsistentports
Name Interface Inconsistency
——————— ———————— ——————
Number of inconsistent ports (segments) in the system : 0
Switch#
This command shows whether the BackboneFast feature is enabled on the Switch.
Switch#show spanning-tree backbonefast
BackboneFast is disabled
Switch#
This command shows whether the UplinkFast feature is enabled on the Switch.
Switch#show spanning-tree uplinkfast
UplinkFast is disabled
Switch#
Finally, you can view STP details such as Root ID, Root Bridge, Priority according to the VLAN number selected with this command.
Switch#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0012.6620.0800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0012.6620.0800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Desg FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
Switch#
Final Word
♦ What is Default Route
♦ What is Dynamic Routing Protocol
♦ What are The Methods of Switching
♦ What is Port Security
♦ What is Default Route
In other languages: TR
What is the purpose of the spanning tree protocol STP?
The spanning tree algorithm’s main job is to stop layer2 loops and resulting broadcast storms in the logical layer2 topology.
Because STP always creates a single path between two nodes, another purpose of spanning trees is to design a network with redundancy inbuilt through backup links if an active link goes down.
Spanning tree protocol types – Spanning tree protocol examples
There are IEEE versions of STP and Cisco proprietary versions of STP.
IEEE Versions of STP includes:-
Cisco Proprietary Versions of STP includes:-
Spanning Tree Protocol Explained
How to Build Spanning Tree Protocol (STP) on Layer 2 Switch using GNS3
We must enable these features when configuring the Spanning Tree Protocol. If you have old Cisco Switches, you will probably use the old STP protocol on these Switches. In such a case, you must enable the features mentioned above in order to improve performance for the Standard STP protocol.
In our previous articles, we have examined the GNS3 PortFast Configuration, GNS3 UplinkFast Configuration, and GNS3 BackboneFast Configuration separately. We will configure all the STP features we learned in this article.
You can also configure PortFast, UplinkFast, and BackboneFast by watching videos on our YouTube channel.
How to Configure Spanning Tree
First, create a new project on GNS3 simulator software.
After adding L2 Switch to GNS3 program, create a redundant network topology as in the image below.
Configure the TCP/IP configuration of the GNS3 VPCS computers and then test the network connection between them by pinging VPCS PC1 to VPCS PC5.
How to Choose Root Bridge
Configure Cisco Switch L2-SW1 as Root Bridge and configure L2-SW-2 Switch as Secondary Root Bridge.
Priority values are taken into consideration when selecting manual Root Bridge. You can configure this process in two ways;
1) You can configure it using the spanning-tree vlan 1 priority command.
2) You can configure it using the spanning-tree vlan 1 root command.
In this article, we will use the Root Primary command to select the Root Bridge. To select L2-SW-1 as Root Bridge, use the command below and then check with the show spanning-tree command.
L2-SW-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
L2-SW-1(config)#
L2-SW-1(config)#spanning-tree vlan 1 root primary
L2-SW-1(config)#exit
L2-SW-1#
*Sep 27 17:18:03.648: %SYS-5-CONFIG_I: Configured from console by console
L2-SW-1#
L2-SW-1#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 003f.181f.4800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Desg FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
Gi1/0 Desg FWD 4 128.5 Shr
Gi1/1 Desg FWD 4 128.6 Shr
L2-SW-1#
L2-SW-2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
L2-SW-2(config)#
L2-SW-2(config)#spanning-tree vlan 1 root secondary
L2-SW-2(config)#exit
L2-SW-2#
L2-SW-2#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address 003f.18b2.5800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Desg FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
Gi1/0 Desg FWD 4 128.5 Shr
Gi1/1 Desg FWD 4 128.6 Shr
L2-SW-2#
How to Set Port Status
Cisco Switch L2-SW-3 show spanning-tree command output;
L2-SW-3#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 003f.18f9.da00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Altn BLK 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
L2-SW-3#
Cisco Switch L2-SW-4 show spanning-tree command output;
L2-SW-4#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 003f.18f0.f400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Altn BLK 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
L2-SW-4#
Cisco Switch L2-SW-5 show spanning-tree command output;
L2-SW-5#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
Cost 4
Port 2 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 003f.183a.3300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Altn BLK 4 128.1 Shr
Gi0/1 Root FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
L2-SW-5#
Cisco Switch L2-SW-6 show spanning-tree command output;
L2-SW-6#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
Cost 4
Port 2 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 003f.18a0.2400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Altn BLK 4 128.1 Shr
Gi0/1 Root FWD 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
L2-SW-6#
Cisco Switch L2-SW-7 show spanning-tree command output;
L2-SW-7#show spanning-tree
VLAN0001
ST enabled protocol ieee
Root ID Priority 24577
Address 003f.181f.4800
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 003f.1870.d400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——— ———————————
Gi0/0 Root FWD 4 128.1 Shr
Gi0/1 Altn BLK 4 128.2 Shr
Gi0/2 Desg FWD 4 128.3 Shr
Gi0/3 Desg FWD 4 128.4 Shr
L2-SW-7#
How to Configure PortFast
The purpose of PortFast configuration in Layer 2 Switches is to ensure that interfaces configure as PortFast from STP Convergence processing is not processed during BPDU packet exchange.
Cisco Switch L2-SW-3 Spanning Tree PortFast configuration process;
Cisco Switch L2-SW-4 PortFast configuration process;
Cisco Switch L2-SW-5 PortFast operation;
Cisco Switch L2-SW-6 PortFast operation;
L2-SW-7 PortFast operation;
How to Configure UplinkFast
Switch L2-SW-3 UplinkFast operation;
Switch L2-SW-4 UplinkFast operation;
Switch L2-SW-5 UplinkFast operation;
Switch L2-SW-6 UplinkFast operation;
L2-SW-7 UplinkFast operation;
How to Configure BackboneFast
We need to enable the BackboneFast feature on all Layer 2 Switches on the network topology. The BackboneFast feature saves us 20 seconds by skipping the Max-Age Timer feature. As a result, STP Convergence takes 30 seconds.
L2-SW-1 BackboneFast process;
L2-SW-2 BackboneFast process;
L2-SW-3 BackboneFast process;
L2-SW-4 BackboneFast process;
L2-SW-5 BackboneFast process;
L2-SW-6 BackboneFast process;
L2-SW-7 BackboneFast process;
How to Configure BPDU Guard
We will configure BPDU Guard on Switches configured as PortFast on the network topology.
1) errdisable recovery cause bpduguard
2) errdisable recovery interval 400
L2-SW-3 Switch BPDU Guard operation;
L2-SW-4 BPDU Guard operation;
L2-SW-5 BPDU Guard operation;
L2-SW-6 BPDU Guard operation;
L2-SW-7 BPDU Guard operation;
How to Verify Spanning Tree Protocol in GNS3
The standard STP Convergence time is faster with PortFast, UplinkFast, and BackboneFast, which will be 30 seconds in total.
Rapid Spanning-Tree Protocol combines these three features, and the STP Convergence time is almost 1 second.
Start the continuous Ping operation from VPCS PC1 to VPCS PC5.
Sürekli Ping işlemini başlattıktan hemen sonra, L2-SW-3 ve L2-SW-1 arasındaki ağ kablosunu çıkarınız.
Immediately after starting continuous pinging, disconnect the network cable between L2-SW-3 and L2-SW-1.
As you can see in the image below, there was a delay of about 30 seconds. To see the debug outputs on the Switch L2-SW-3, execute the debug spanning-tree events command.
VPCS PC Configuration and Show IP Commands
Show Running Command Outputs
Spanning Tree LAB Configuration ⇒ Video
You can watch the video below to configure STP on Switches using the GNS3 program and also subscribe to our YouTube channel to support us!
♦ How Switch Works?
♦ How to Configure Loopback Adapter
♦ How to Add L2 Switch
♦ How to Configure Cisco Switch
♦ How to Configure Port Security
What are Spanning Tree Topology Change Notifications?
These are the amber dots on links in Cisco Packet Tracer.
Selecting the Spanning Tree Mode
spanning-tree mode rapid-pvst
Rapid PVST, also known as PVST+, is still a Cisco proprietary implementation. However, it can run on normal 802.1Q trunks, instead of Cisco ISL trunks only. It supports the native VLAN, and it is fully compatible with the 802.1D STP standard.
Setting the root bridge
Now all switches agree on the Spanning Tree version to use. The next thing we want to do when dealing with Spanning Tree is the identification of the root bridge. It should be the switch at the center of the network, possibly the one with the uplinks to the Internet or to the Corporate network. In our lab, it is the “core” switch. We already know that we can influence the root bridge election by changing the priority of each switch.
Cisco offers two ways to do that. We can either set the priority manually or make the switch detect it on its own. If we go for the second option, the switch will look at the current root and use the priority right below the one of the current root. However, it will still write the exact priority in the configuration. To make the switch select the priority, we can use this command:
spanning-tree vlan 10 root primary
You can also use the secondary keyword. In this case, the switch won’t become the root. Instead, it will set its priority to be the next higher to the root. This way, in case the root fails, the switch will become the new root. We are not to use these commands in the lab, we are going to it manually.
Manual priority for the Root Bridge
For this lab, we are going to use manual priority and set the same one for VLAN 1 and VLAN 10. We can specify only values in an increment of 4096, because we can only change the leftmost bits of the priority fields. The others are reserved for the VLAN ID. A good practice is to set the root to be at priority 4096. This way, in case of emergency, you can set another switch to priority zero to be the new root. If you start with the root at priority zero, you won’t be able to elect a new root easily. The default value is 32768. So, on the core, we will use these commands:
spanning-tree vlan 1 priority 4096
spanning-tree vlan 10 priority 4096
This way, we are setting the priority for both VLAN 1 and 10. Remember, every time we modify the Spanning Tree topology, like changing priorities, spanning tree will need to converge.
Then, we can set the DS1 switch to have a priority of 8192 and the DS2 switch to have a priority of 12288. Always on both VLANs.
Tuning Port-Priority
Port priority is a determining factor when selecting the root port. However, the switch considers it only if the remote bridge ID received on two different interfaces is equal. This means that the two interfaces are connected to the same remote switch. You can use the Port Priority to prefer one over the other. A common example is if you have a GigabitEthernet interface and a FastEthernet interface.
In this lab, we tuned the cost of the FastEthernet 0/24 on DS2, but this is completely optional. That is, it won’t count for scoring purposes, it doesn’t add any value to the network, but you might want to try the command. In case you want to do it, use the commands below.
interface FastEthernet 0/24
spanning-tree vlan 10 port-priority 240
This way, we are setting the port priority to the maximum allowed value for VLAN 10. Even there, Cisco allows us to go only in increments, this time by 16 each. Remember that the lowest the priority, the most preferred the port.
PortFast and BPDUGuard
Now the STP topology is converged, but we want to improve the performance on the edge ports. These ports are the one facing clients (or servers), in this case FastEthernet 0/23 of both access switches. We want to enable these ports as soon as something connects to them. This is the role of the portfast. However, in case someone creates a loop (like with an extra unmanaged switch), we still want to protect the port. Since we are not running STP anymore, we need to find a workaround. With BPDU Guard, you can immediately shut down the port as soon as it receives a BPDU. You know, just in case. We recommend using this feature alongside PortFast.
So, we need to enter the interface configuration and enter these commands (on both access switches). The first command enables portfast on the port, the second enables BPDUGuard.
interface FastEthernet0/23
spanning-tree portfast
spanning-tree bpduguard enable
In some other cases, we might want to turn these features on by default on all ports. We can do that by using two global configuration commands:
However, we are not using these commands in our lab. As a best practice, manually configure PortFast on the ports where you need it. Putting it on a wrong port may cause network outages.
See the packet going
Congratulations, you have completed this lab, but continue reading. Packet Tracer has an awesome feature, the Simulation Mode. With this feature, we can easily see where packets are going. If you need a refresh on this mode, we have a Packet Tracer introduction that will help you.
You can switch to this mode, turn on capture for ICMP traffic, and then run a ping from 192.168.1.10 to 192.168.1.11, or vice versa. You will see that switches will funnel traffic through DS1, and not to DS2. This is what we wanted to achieve, a predictable path between devices.
Frequently Asked Questions – FAQs
STP cannot be disabled on a per-port basis, but it can be disabled per-VLAN or globally on the switch.The command “no spanning-tree VLAN vlan-id” can be used to disable STP on a per VLAN basis.Alternatively, the BPDUs on a port could be filtered by the BPDUFilter command to simulate ‘disabling’ STP on the port.FLEX-links can also disable STP on a port, but use it with caution.
«Hey there, network enthusiasts! My name is Afroz, and I’ve been a CCIE for over 14 years. I work as a Network Designer, and my true passion is teaching others about the industry and sharing my knowledge through my blog and courses. I know the struggles of navigating the complex world of networking, but I firmly believe that teaching makes you a better learner and reinforces understanding. So, whether you’re just starting out or a seasoned veteran, join me on this journey of learning and discovery, it will be worth it, and who knows, you might even have some fun along the way!»