5 STP

5.0 Chapter Introduction

5.0.1 Introduction

Page 1:
It is clear that computer networks are critical components of most small- and medium-sized businesses. Consequently IT administrators have to implement redundancy in their hierarchical networks. However adding extra links to switches and routers in the network introduces traffic loops that need to be managed in a dynamic way; when a switch connection is lost, another link needs to quickly take its place without introducing new traffic loops. In this chapter you will learn how spanning-tree protocol (STP) prevents loop issues in the network and how STP has evolved into a protocol that rapidly calculates which ports should be blocked so that a VLAN-based network is kept free of traffic loops.


5.0.1 - Chapter Introduction
The diagram lists the chapter objectives:
- Explain the role of redundancy in a converged network.
- Summarize how STP works to eliminate Layer 2 loops in a converged network.
- Explain how the STP algorithm uses three steps to converge on a loop-free topology.
- Implement rapid PVST+ in a LAN to prevent loops between redundant switches.


5.1 Redundant Layer 2 Topologies

5.1.1 Redundancy

Page 1:
Redundancy in a hierarchical network

The hierarchical design model was introduced in Chapter 1. The hierarchical design model addresses issues found in the flat model network topologies. One of the issues is redundancy. Layer 2 redundancy improves the availability of the network by implementing alternate network paths by adding equipment and cabling. Having multiple paths for data to traverse the network allows for a single path to be disrupted without impacting the connectivity of devices on the network.

As you can see in the animation:

1. PC1 is communicating with PC4 over a redundantly configured network topology.

2. When the network link between switch S1 and switch S2 is disrupted, the path between PC1 and PC4 is automatically adjusted to compensate for the disruption.

3. When the network connection between S1 and S2 is restored, the path is then readjusted to route traffic directly from S2 through S1 to get to PC4.

As businesses become increasingly dependent on the network, the availability of the network infrastructure becomes a critical business concern that must be addressed. Redundancy is the solution for achieving the necessary availability.


5.1.1 - Redundancy
The animation depicts redundancy in a hierarchical network with multiple switches interconnected in a full mesh.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh. The device connections are as follows:
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/3 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6 respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Animation Sequence:
One. PC1 is communicating with PC4 over Trunk 1.

Two. Trunk 1 is broken between switches S2 and S1. The data frame is unable to reach switch S1 over Trunk 1.

Three. Switch S2 detects the broken connection to switch S1 and changes its forwarding path to go through switch S3.

Four. Switch S2 detects that the link to switch S1 has been restored. Switch S2 adjusts the path to PC4 to go back through switch S1.


Page 2:
Examine a redundant design

In a hierarchical design, redundancy is achieved at the distribution and core layers through additional hardware and alternate paths through the additional hardware.

Click the Starting Point Access to Distribution Layer button in the figure.

In this example, there is a hierarchical network with access, distribution, and core layers. Each access layer switch is connected to two different distribution layer switches. Also, each distribution layer switch is connected to both core layer switches. By having multiple paths to get between PC1 and PC4, there is redundancy that can accommodate a single point of failure between the access and distribution layer, and between the distribution and core layer.

STP is enabled on all switches. STP is the topic of this chapter and will be explained at length. For now, notice that STP has placed some switch ports in forwarding state and other switch ports in blocking state. This is to prevent loops in the Layer 2 network. STP will only use a redundant link if there is a failure on the primary link.

In the example, PC1 can communicate with PC4 over the identified path.

Click the Path Failure Access to Distribution Layer button in the figure.

The link between switch S1 and switch D1 has been disrupted, preventing the data from PC1 that is destined for PC4 from reaching switch D1 on its original path. However, because switch S1 has a second path to PC4 through switch D2, the path is updated and the data is able to reach PC4.

Click the Path Failure Distribution to Core Layer button in the figure.

The link between switch D1 and switch C2 has been disrupted, preventing the data from PC1 that is destined for PC4 from reaching switch C2 on its original path. However, because switch D1 has a second path to PC4 through switch C1, the path is updated and the data is able to reach PC4.

Click the Switch Failure Distribution Layer button in the figure.

Switch D1 has now failed preventing the data from PC1, destined for PC4 from reaching switch C2 on its original path. However, since switch S1 has a second path to PC4 through switch D2, the path is updated and the data is able to reach PC4.

Click the Switch Failure Core Layer button in the figure.

Switch C2 has now failed, preventing the data from PC1 that is destined for PC4 from reaching switch D4 on its original path. However, because switch D1 has a second path to PC4 through switch C1, the path is updated and the data is able to reach PC4.

Redundancy provides a lot of flexibility in path choices on a network, allowing data to be transmitted regardless of a single path or device failing in the distribution or core layers. Redundancy does have some complications that need to be addressed before it can be safely deployed on a hierarchical network.


5.1.1 - Redundancy
The diagram depicts various scenarios in examining a three-layer switched-network redundant design. Alternate paths through the switches are taken based on the failure scenario.

Network Topology:
Six Access Layer switches, S1, S2, S3, S4, S5, and S6, are connected to four Distribution Layer switches, D1, D2, D3, and D4. The Distribution Layer switches are connected to Core Layer switches C1 and C2.

The device connections are as follows:
Switches S1, S2, and S3 are each connected to switches D1 and D2.
Switches S4, S5, and S6 are each connected to D3 and D4.
Switches D1 and D2 are connected to C1.
Switches D3 and D4 are connected to C2.
Core Layer switches C1 and C2 are connected.
PC1 is connected to Access Layer switch S1.
PC4 is connected to Access Layer switch S6.

The initial path is shown from host PC1 to PC4 through the Access, Distribution, and Core layers. Alternate paths are selected based on which link or switch fails.

Starting point: Access Layer to Distribution Layer to Core Layer.
Path: PC1 to S1 to D1 to C2 to D4 to S6 to PC4

Path failure: Access Layer to Distribution Layer (S1 to D1 link fails).
Alternate path: PC1 to S1 to D2 to C2 to D4 to S6 to PC4

Path failure distribution to Core Layer (D1 to C2 link fails).
Alternate path: PC1 to S1 to D1 to C1 to D4 to S6 to PC4

Switch failure at Distribution Layer (D1 switch fails).
Alternate path: PC1 to S1 to D2 to C2 to D4 to S6 to PC4

Switch failure at Core Layer (C2 switch fails).
Alternate Path: PC1 to S1 to D1 to C1 to D4 to S6 to PC4


5.1.2 Issues with Redundancy

Page 1:
Layer 2 Loops

Redundancy is an important part of the hierarchical design. Although it is important for availability, there are some considerations that need to be addressed before redundancy is even possible on a network.

When multiple paths exist between two devices on the network and STP has been disabled on those switches, a Layer 2 loop can occur. If STP is enabled on these switches, which is the default, a Layer 2 loop would not occur.

Ethernet frames do not have a time to live (TTL) like IP packets traversing routers. As a result, if they are not terminated properly on a switched network, they continue to bounce from switch to switch endlessly or until a link is disrupted and breaks the loop.

Broadcast frames are forwarded out all switch ports, except the originating port. This ensures that all devices in the broadcast domain are able to receive the frame. If there is more than one path for the frame to be forwarded out, it can result in an endless loop.

Click the Play button in the figure to start the animation.

In the animation:

1. PC1 sends out a broadcast frame to switch S2.

2. When S2 receives the broadcast frame it updates its MAC address table to record that PC1 is available on port F0/11.

3. Because it is a broadcast frame, S2 forwards the frame out all switch ports, including Trunk1 and Trunk2.

4. When the broadcast frame arrives at switches S3 and S1, they update their MAC address tables to indicate that PC1 is available out port F0/1 on S1 and port F0/2 on S3.

5. Because it is a broadcast frame, S3 and S1 forward it out all switch ports, except the one they received the frame on.

6. S3 then sends the frame to S1 and vice versa. Each switch updates its MAC address table with the incorrect port for PC1.

7. Each switch again forwards the broadcast frame out all of its ports, except the one it came in on, resulting in both switches forwarding the frame to S2.

8. When S2 receives the broadcast frames from S3 and S1, the MAC address table is updated once again, this time with the last entry received from the other two switches.

This process repeats over and over again until the loop is broken by physically disconnecting the connections causing the loop, or turning the power off on one of the switches in the loop.

Loops result in high CPU load on all switches caught in the loop. Because the same frames are constantly being forwarded back and forth between all switches in the loop, the CPU of the switch ends up having to process a lot of data. This slows down performance on the switch when legitimate traffic arrives.

A host caught in a network loop is not accessible to other hosts on the network. Because the MAC address table is constantly changing with the updates from the broadcast frames, the switch does not know which port to forward the unicast frames out to reach the final destination. The unicast frames end up looping around the network as well. As more and more frames end up looping on the network, a broadcast storm occurs.


5.1.2 - Issues with Redundancy
The animation depicts Layer 2 loops in a network with multiple switches and redundant links between them.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh. Device connections are as follows:
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/3 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Animation sequence:
One. PC1 sends a broadcast to switch S2. Switch S2 updates its MAC address table with PC1's MAC address on port F0/11.

Two. Switch S2 forwards the broadcast to switch S3 over Trunk 2 and to switch S1 over Trunk 1. Switches S3 and S1 update their MAC address tables with the MAC address of PC1 on their trunk ports.

S1: S1 MAC Table
PC1 = F0/1
S2: S2 MAC Table
PC1 = F0/11
S3: S3 MAC Table
PC1 = F0/2

Three. Switch S3 forwards the broadcast to switch S1. Switch S1 forwards the broadcast to switch S3. Both switches update their MAC address table entries with the new port on which it received the broadcast.

S1: S1 MAC Table
PC1 = F0/2
S2: S2 MAC Table
PC1 = F0/11
S3: S3 MAC Table
PC1 = F0/1

Four. Switches S3 and S1 forward the broadcast back to switch S2. Switch S2 updates its MAC address table entry for PC1 with the last port on which it received the broadcast.

S1: S1 MAC Table
PC1 = F0/2
S2: S2 MAC Table
PC1 = F0/1
S3: S3 MAC Table
PC1 = F0/1

Five. Switch S2 forwards the broadcast frame out trunks 1 and 2 to switches S3 and S1. Switches S3 and S1 update their MAC address tables with the new entry for PC1.

S1: S1 MAC Table
PC1 = F0/1
S2: S2 MAC Table
PC1 = F0/1
S3: S3 MAC Table
PC1 = F0/2


Page 2:
Broadcast Storms

A broadcast storm occurs when there are so many broadcast frames caught in a Layer 2 loop that all available bandwidth is consumed. Consequently, no bandwidth is available bandwidth for legitimate traffic, and the network becomes unavailable for data communication.

A broadcast storm is inevitable on a looped network. As more devices send broadcasts out on the network, more and more traffic gets caught in the loop, eventually creating a broadcast storm that causes the network to fail.

There are other consequences for broadcast storms. Because broadcast traffic is forwarded out every port on a switch, all connected devices have to process all broadcast traffic that is being flooded endlessly around the looped network. This can cause the end device to malfunction because of the high processing requirements for sustaining such a high traffic load on the network interface card.

Click the Play button in the figure to start the animation.

In the animation:

1. PC1 sends a broadcast frame out onto the looped network.

2. The broadcast frame ends up looping between all the interconnected switches on the network.

3. PC4 also sends a broadcast frame out on to the looped network.

4. The PC4 broadcast frame also gets caught in the loop and ends up looping between all the interconnected switches, just like the PC1 broadcast frame.

5. As more and more broadcast frames are sent out onto the network by other devices, more traffic gets caught in the loop, eventually resulting in a broadcast storm.

6. When the network is fully saturated with broadcast traffic looping between the switches, new traffic is discarded by the switch because it is unable to process it.

Because devices connected to a network are constantly sending out broadcast frames, such as ARP requests, a broadcast storm can develop in seconds. As a result, when a loop is created, the network quickly becomes disabled.


5.1.2 - Issues with Redundancy
The animation depicts broadcast storms in a network with multiple switches and redundant links between them.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/3 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Animation sequence:
One. PC1 sends a broadcast onto the network. The broadcast gets caught in a Layer 2 loop.

Two. PC4 sends a broadcast onto the network. The broadcast gets caught in a Layer 2 loop, along with the broadcast frame from PC1.

Three. PC3 sends a broadcast onto the network. The broadcast gets caught in a Layer 2 loop, along with the broadcast frames from PC1 and PC4.

Four. PC2 sends a broadcast onto the network. The broadcast frame cannot be processed because of the high volume of traffic already caught in the loop. The network is unable to process new traffic.


Page 3:
Duplicate Unicast Frames

Broadcast frames are not the only type of frames that are affected by loops. Unicast frames sent onto a looped network can result in duplicate frames arriving at the destination device.

Click the Play button in the figure to start the animation.

In the animation:

1. PC1 sends a unicast frame destined for PC4.

2. Switch S2 does not have an entry for PC4 in its MAC table, so it floods the unicast frame out all switch ports in an attempt to find PC4.

3. The frame arrives at switches S1 and S3.

4. S1 does have a MAC address entry for PC4, so it forwards the frame out to PC4.

5. S3 also has an entry in its MAC address table for PC4, so it forwards the unicast frame out Trunk3 to S1.

6. S1 receives the duplicate frame and once again forwards the frame out to PC4.

7. PC4 has now received the same frame twice.

Most upper layer protocols are not designed to recognize or cope with duplicate transmissions. In general, protocols that make use of a sequence-numbering mechanism assume that the transmission has failed and that the sequence number has recycled for another communication session. Other protocols attempt to hand the duplicate transmission to the appropriate upper layer protocol to be processed and possibly discarded.

Fortunately, switches are capable of detecting loops on a network. The Spanning Tree Protocol (STP) eliminates these loop issues. You will learn about STP in the next section.


5.1.2 - Issues with Redundancy
The animation depicts duplicate unicast frames in a network with multiple switches and redundant links between them.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/5 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Switch MAC address tables:
S1: S1 MAC Table
PC4 = F0/5
S2: S2 MAC Table
PC1 = F0/11
S3: S3 MAC Table
PC4 = F0/1

Animation sequence:
One. PC1 sends a unicast frame to switch S2 destined for PC4.

Two. Switch S2 does not have a record for PC4 in its MAC address table, so it floods the unicast frame out all switch ports.

Three. Switch S1 does have an entry for PC4 in its MAC address table, so it forwards the frame to PC4 on port F0/5. Switch S3 also has a record for PC4 in its MAC address table, so it forwards the unicast frame out Trunk 3 to switch S1.

Four. Switch S1 forwards the duplicate unicast frame received from switch S3 to PC4.


5.1.3 Real-world Redundancy Issues

Page 1:
Loops in the Wiring Closet

Redundancy is an important component of a highly available hierarchical network topology, but loops can arise as a result of the multiple paths configured on the network. You can prevent loops using the Spanning Tree Protocol (STP). However, if STP has not been implemented in preparation for a redundant topology, loops can occur unexpectedly.

Network wiring for small to medium-sized businesses can get very confusing. Network cables between access layer switches, located in the wiring closets, disappear into the walls, floors, and ceilings where they are run back to the distribution layer switches on the network. If the network cables are not properly labeled when they are terminated in the patch panel in the wiring closet, it is difficult to determine where the destination is for the patch panel port on the network. Network loops that are a result of accidental duplicate connections in the wiring closets are a common occurrence.

Click the Loop from two connections to the same switch button in the figure.

The example displays a loop that occurs if two connections from the same switch are connected to another switch. The loop is localized to the switches that are interconnected. However, the loop affects the rest of the network because of high broadcast forwarding that reaches all the other switches on the network. The impact on the other switches may not be enough to disrupt legitimate communications, but it could noticeably affect the overall performance of the other switches.

This type of loop is common in the wiring closet. It happens when an administrator mistakenly connects a cable to the same switch it is already connected to. This usually occurs when network cables are not labeled or mislabeled or when the administrator has not taken the time to verify where the cables are connected.

There is an exception to this problem. An EtherChannel is a grouping of Ethernet ports on a switch that act as a single logical network connection. Because the switch treats the ports configured for the EtherChannel as a single network link, loops are not possible. Configuring EtherChannels is beyond the scope of this course. If you would like to learn more about EtherChannels, visit: http://www.cisco.com/en/US/tech/tk389/tk213/technologies_white_paper09186a0080092944.shtml

Click the Loop from a connection to a second switch on the same network button in the figure.

The example displays a loop that occurs if a switch is connected to two different switches on a network that are both also interconnected. The impact of this type of loop is much greater because it affects more switches directly.


5.1.3 - Real-world Redundancy Issues
The diagram depicts loops in the wiring closet in a hierarchical network with multiple switches. The examples provided are a non-redundant hierarchical network, a loop from two connections to the same switch, and a loop from a connection to a second switch on the same network.

Example One - Non-redundant hierarchical network topology:
Three Access Layer switches, S1, S2, and S3, are connected to two Distribution Layer switches, D1 and D2, which are connected to two Core Layer switches, C1 and C2.

Switch S1 is connected to switch D1.
Switch D1 is connected to C1.
Switches S2 and S3 are connected to D2.
Switch D2 is connected to C2.
Switch C1 is connected to C2.

Example Two - Loop from two connections to the same switch:
Same topology as Example One, but there are two links between switches S1 and D1, which forms a loop.

Example Three - Loop from a connection to a second switch on the same network:
Same topology as Example One, but there is a link from switches S1 to D1 and from switches S1 to D2, which forms a larger multi-switch loop.


Page 2:
Loops in the Cubicles

Because of insufficient network data connections, some end users have a personal hub or switch located in their working environment. Rather than incur the costs of running additional network data connections to the workspace, a simple hub or switch is connected to an existing network data connection allowing all devices connected to the personal hub or switch to gain access to the network.

Wiring closets are typically secured to prevent unauthorized access, so often the network administrator is the only one who has full control over how and what devices are connected to the network. Unlike the wiring closet, the administrator is not in control of how personal hubs and switches are being used or connected, so the end user can accidentally interconnect the switches or hubs.

Click the Loop from two interconnected hubs button in the figure.

In the example, the two user hubs are interconnected resulting in a network loop. The loop disrupts communication between all devices connected to switch S1.


5.1.3 - Real-world Redundancy Issues
The diagram depicts loops in user cubicles in a hierarchical network with multiple switches. The examples provided are two hubs connected to the same switch, and a loop from two interconnected hubs.

Example One - Two hubs connected to the same switch:
Three Access Layer switches, S1, S2, and S3, are connected to two Distribution Layer switches, D1 and D2, which are connected to two Core Layer switches, C1 and C2.

Switch S1 is connected to switch D1.
Switch D1 is connected to C1.
Switches S2 and S3 are connected to D2.
Switch D2 is connected to C2.
Switches C1 and C2 are connected.
PC1 is connected to Hub1
PC2 is connected to Hub2.
Hub1 and Hub2 are connected to switch S1.

Example Two - Loop from two interconnected hubs:
Same topology as Example One. Two hubs are connected to the same switch, but the two hubs are now also connected to each other forming a loop.


Page 3:
In this activity, you will examine how STP operates by default. Switches have been added to the network "out of the box." Cisco switches can be plugged in and connected to a network without any additional action by the network administrator. Therefore, these switches are not yet configured.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


5.1.3 - Real-world Redundancy Issues
Link to Packet Tracer Exploration: Examining a Redundant Design


5.2 Introduction to STP

5.2.1 The Spanning Tree Algorithm

Page 1:
STP Topology

Redundancy increases the availability of the network topology by protecting the network from a single point of failure, such as a failed network cable or switch. When redundancy is introduced into a Layer 2 design, loops and duplicate frames can occur. Loops and duplicate frames can have severe consequences on a network. The Spanning Tree Protocol (STP) was developed to address these issues.

STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. A port is considered blocked when network traffic is prevented from entering or leaving that port. This does not include bridge protocol data unit (BPDU) frames that are used by STP to prevent loops. You will learn more about STP BPDU frames later in the chapter. Blocking the redundant paths is critical to preventing loops on the network. The physical paths still exist to provide redundancy, but these paths are disabled to prevent the loops from occurring. If the path is ever needed to compensate for a network cable or switch failure, STP recalculates the paths and unblocks the necessary ports to allow the redundant path to become active.

Click the Play button in the figure to start the animation.

In the example, all switches have STP enabled:

1. PC1 sends a broadcast out onto the network.

2. Switch S3 is configured with STP and has set the port for Trunk2 to a blocking state. The blocking state prevents ports from being used to forward switch traffic, preventing a loop from occurring. Switch S2 forwards a broadcast frame out all switch ports, except the originating port from PC1, and the port on Trunk2, which leads to the blocked port on S3.

3. Switch S1 receives the broadcast frame and forwards it out all of its switch ports, where it reaches PC4 and S3. S3 does not forward the frame back to S2 over Trunk2 because of the blocked port. The Layer 2 loop is prevented.

Click the STP compensates for network failure button in the figure and click Play to start the animation.

In this example:

1. PC1 sends a broadcast out onto the network.

2. The broadcast is then forwarded around the network, just as in the previous animation.

3. The trunk link between switch S2 and switch S1 fails, resulting in the previous path being disrupted.

4. Switch S3 unblocks the previously blocked port for Trunk2 and allows the broadcast traffic to traverse the alternate path around the network, permitting communication to continue. If this link comes back up, STP reconverges and the port on S3 is again blocked.

STP prevents loops from occurring by configuring a loop-free path through the network using strategically placed blocking state ports. The switches running STP are able to compensate for failures by dynamically unblocking the previously blocked ports and permitting traffic to traverse the alternate paths. The next topic describes how STP accomplishes this process automatically.


5.2.1 - The Spanning Tree Algorithm
The animation depicts normal STP operation and how STP compensates for network failure.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/3 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Normal STP operation:
Animation sequence:
One. PC1 sends a broadcast to switch S2.

Two. Switch S2 forwards the broadcast out all switch ports, except the originating port and the port associated with Trunk 2.

Three. Switch S1 forwards the broadcast out all ports, except the originating port.

Four. Switch S3 receives the frame but does not continue to forward it back to switch S2 because of the blocked port.


STP compensates for network failure:
Animation sequence:
One. PC1 sends a broadcast to switch S2.

Two. Switch S2 forwards the broadcast out all switch ports, except the originating port and the port associated with Trunk 2.
Three. Switch S1 forwards the broadcast out all ports, except the originating port. Switch S3 receives the frame but does not continue to forward it back to switch S2 because of the blocked port.

Four. PC1 sends a broadcast frame to switch S2. The trunk link between switches S2 and S1 has failed.

Five. Switch S3 unblocks the port for Trunk 2, and switch S2 blocks the port for Trunk 1. Switch S2 forwards the broadcast out all switch ports, except the originating port and the failed link for Trunk 1.

Six. Switch S3 forwards the broadcast out all available switch ports, except the originating port.

Seven. Switch S1 forwards the broadcast out all available switch ports, except for the originating port and the port for Trunk 1, because it is not available while the link is down.


Page 2:
STP Algorithm

STP uses the Spanning Tree Algorithm (STA) to determine which switch ports on a network need to be configured for blocking to prevent loops from occurring. The STA designates a single switch as the root bridge and uses it as the reference point for all path calculations. In the figure the root bridge, switch S1, is chosen through an election process. All switches participating in STP exchange BPDU frames to determine which switch has the lowest bridge ID (BID) on the network. The switch with the lowest BID automatically becomes the root bridge for the STA calculations. The root bridge election process will be discussed in detail later in this chapter.

The BPDU is the message frame exchanged by switches for STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The BID contains a priority value, the MAC address of the sending switch, and an optional extended system ID. The lowest BID value is determined by the combination of these three fields. You will learn more about the root bridge, BPDU, and BID in later topics.

After the root bridge has been determined, the STA calculates the shortest path to the root bridge. Each switch uses the STA to determine which ports to block. While the STA determines the best paths to the root bridge for all destinations in the broadcast domain, all traffic is prevented from forwarding through the network. The STA considers both path and port costs when determining which path to leave unblocked. The path costs are calculated using port cost values associated with port speeds for each switch port along a given path. The sum of the port cost values determines the overall path cost to the root bridge. If there is more than one path to choose from, STA chooses the path with the lowest path cost. You will learn more about path and port costs in later topics.

When the STA has determined which paths are to be left available, it configures the switch ports into distinct port roles. The port roles describe their relation in the network to the root bridge and whether they are allowed to forward traffic.

Root ports - Switch ports closest to the root bridge. In the example, the root port on switch S2 is F0/1 configured for the trunk link between switch S2 and switch S1. The root port on switch S3 is F0/1, configured for the trunk link between switch S3 and switch S1.

Designated ports - All non-root ports that are still permitted to forward traffic on the network. In the example, switch ports F0/1 and F0/2 on switch S1 are designated ports. Switch S2 also has its port F0/2 configured as a designated port.

Non-designated ports - All ports configured to be in a blocking state to prevent loops. In the example, the STA configured port F0/2 on switch S3 in the non-designated role. Port F0/2 on switch S3 is in the blocking state.

You will learn more about port roles and states in a later topic.


5.2.1 - The Spanning Tree Algorithm
The diagram depicts the port terminology used with the STP algorithm and points out examples of port types in the meshed switch topology.

Network Topology:
Same as 5.2.1 Diagram 1, with additional labels for port types. Switch S1 is labeled as the root bridge.

STP terms and topology components:
Root bridge: Switch S1.

Root ports: Switch S3 port F0/1 and switch S2 port F0/1.

Designated ports: Switch 1 ports F0/1 and port F0/2, and switch S2 port F0/2.

Non-designated ports: Switch S3 port F0/2.


Page 3:
The Root Bridge

Every spanning-tree instance (switched LAN or broadcast domain) has a switch designated as the root bridge. The root bridge serves as a reference point for all spanning-tree calculations to determine which redundant paths to block.

An election process determines which switch becomes the root bridge.

Click the BID Fields button in the figure.

The figure shows the BID fields. The details of each BID field are discussed later, but it is useful to know now that the BID is made up of a priority value, an extended system ID, and the MAC address of the switch.

All switches in the broadcast domain participate in the election process. After a switch boots, it sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By default, the root ID matches the local BID for all switches on the network. The root ID identifies the root bridge on the network. Initially, each switch identifies itself as the root bridge after bootup.

As the switches forward their BPDU frames, adjacent switches in the broadcast domain read the root ID information from the BPDU frame. If the root ID from the BPDU received is lower than the root ID on the receiving switch, the receiving switch updates its root ID identifying the adjacent switch as the root bridge. Note: It may not be an adjacent switch, but any other switch in the broadcast domain. The switch then forwards new BPDU frames with the lower root ID to the other adjacent switches. Eventually, the switch with the lowest BID ends up being identified as the root bridge for the spanning-tree instance.


5.2.1 - The Spanning Tree Algorithm
The diagram depicts the root bridge election process and Bridge ID (B ID) fields contained in a Bridge Protocol Data Unit (BPDU) frame.

Determining the root bridge using the B ID:

Network Topology:
Same as 5.2.1, Diagram 1, with additional labels for B ID. Switch S1 is labeled as the root bridge.

Switch S1 B ID:
Priority = 24577
MAC Address = 000A00333333

Switch S2 B ID:
Priority = 32769
MAC Address = 000A00111111

Switch S3 B ID:
Priority = 32769
MAC Address = 000A00222222


B ID Fields (from left to right):
Bridge Priority (4 bits)
Extended System ID (12 bits)
MAC Address (48 bits)


Page 4:
Best Paths to the Root Bridge

When the root bridge has been designated for the spanning-tree instance, the STA starts the process of determining the best paths to the root bridge from all destinations in the broadcast domain. The path information is determined by summing up the individual port costs along the path from the destination to the root bridge.

The default port costs are defined by the speed at which the port operates. In the table, you can see that 10-Gb/s Ethernet ports have a port cost of 2, 1-Gb/s Ethernet ports have a port cost of 4, 100-Mb/s Fast Ethernet ports have a port cost of 19, and 10-Mb/s Ethernet ports have a port cost of 100.

Note: IEEE defines the port cost values used by STP. As newer, faster Ethernet technologies enter the marketplace, the path cost values may change to accommodate the different speeds available. The non-linear numbers accommodate some improvements to the Ethernet standard but be aware that the numbers can be changed by IEEE if needed. In the table, the values have already been changed to accommodate the newer 10-Gb/s Ethernet standard.

Although switch ports have a default port cost associated with them, the port cost is configurable. The ability to configure individual port costs gives the administrator the flexibility to control the spanning-tree paths to the root bridge.

Click the Configuring Port Costs button in the figure.

To configure the port cost of an interface, enter the spanning-tree cost value command in interface configuration mode. The range value can be between 1 and 200,000,000.

In the example, switch port F0/1 has been configured with a port cost of 25 using the spanning-tree cost 25 interface configuration command on the F0/1 interface.

To revert the port cost back to the default value, enter the no spanning-tree cost interface configuration command.

Click the Path Costs button in the figure.

Path cost is the sum of all the port costs along the path to the root bridge. The paths with the lowest path cost become the preferred path, and all other redundant paths are blocked. In the example, the path cost from switch S2 to the root bridge switch S1, over path 1 is 19 (based on the IEEE-specified individual port cost), while the path cost over path 2 is 38. Because path 1 has a lower overall path cost to the root bridge, it is the preferred path. STP then configures the redundant path to be blocked, preventing a loop from occurring.

Click the Verify Port and Path Costs button in the figure.

To verify the port and path cost to the root bridge, enter the show spanning-tree privileged EXEC mode command. The Cost field in the output is the total path cost to the root bridge. This value changes depending on how many switch ports need to be traversed to get to the root bridge. In the output, each interface is also identified with an individual port cost of 19.

Another command to explore is the show spanning-tree detail privileged EXEC mode command.


5.2.1 - The Spanning Tree Algorithm
The diagram depicts information on best paths to the root bridge. This includes port costs, configuring port costs, path costs, and verifying port and path costs.

Port Costs:
Link Speed: 10 Gigabits per second
Cost (Revised i e e e Spec): 2
Cost (Previous i e e e Spec): 1

Link Speed: 1 Gigabits per second
Cost (Revised i e e e Spec): 4
Cost (Previous i e e e Spec): 1

Link Speed: 100 Megabits per second
Cost (Revised i e e e Spec): 19
Cost (Previous i e e e Spec): 10

Link Speed: 10 Megabits per second
Cost (Revised i e e e Spec): 100
Cost (Previous i e e e Spec): 100


Configuring Port Costs:
Configure port cost:
S2#configure terminal
Enter configuration commands, one per line. End with Ctrl Z.
S2(config)#interface f0/1
S2(config-i f)#spanning-tree cost 25
S2(config-i f)#end
S2#
Highlighted portion of configuration includes spanning-tree cost 25.

Reset port cost:
S2#configure terminal
Enter configuration commands, one per line. End with Ctrl Z.
S2(config)#interface f0/1
S2(config-i f)#no spanning-tree cost 25
S2(config-i f)#end
S2#
Highlighted portion of configuration includes no spanning-tree cost.

Path Costs:
Network Topology:
Same as 5.2.1, Diagram 3. Switch S1 is labeled as the root bridge. Path costs are shown from switch S2 to S1 directly (Path 1) and via Switch S3 (Path 2).

Path 1:
From switch S2 to S1 directly.
Link speed: 100 Megabits per second (one link).
Path cost = 19 times 1 = 19.

Path 2:
From switch S2 to S1 via switch S3.
Link speed: 100 Megabits per second (two links).
Path cost = 19 times 2 = 38.

Path 1 is the preferred path.

Verify Port and Path Costs:
Output from the show spanning-tree command on switch S2 shows port costs:
S2#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root IDPriority 27577
Address000A.0033.3333
Cost19
Port 1
Hello Time2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority32769 (priority 32769 sys-id-ext 1)
Address000A.0011.1111
Hello Time2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface:Role StsCostPrio. NbrType
F0/1RootFWD19128.1Edge P2p
F0/2DesgFWD19128.2Edge P2p

Highlighted portion of output includes Cost 19, Bridge ID Priority 32769 (priority 32769 sys-id-ext 1), F 0/1 Cost 19, and F 0/1 Cost 19.


5.2.2 STP BPDU

Page 1:
The BPDU Fields

In the previous topic, you learned that STP determines a root bridge for the spanning-tree instance by exchanging BPDUs. In this topic, you will learn the details of the BPDU frame and how it facilitates the spanning-tree process.

The BPDU frame contains 12 distinct fields that are used to convey path and priority information that STP uses to determine the root bridge and paths to the root bridge.

Roll over the BPDU fields in the figure to learn what they contain.

  • The first four fields identify the protocol, version, message type, and status flags.
  • The next four fields are used to identify the root bridge and the cost of the path to the root bridge.
  • The last four fields are all timer fields that determine how frequently BPDU messages are sent, and how long the information received through the BPDU process (next topic) is retained. The role of the timer fields will be covered in more detail later in this course.

Click the BPDU Example button in the figure.

The example in the figure was captured using Wireshark. In the example, the BPDU frame contains more fields than previously described. The BPDU message is encapsulated in an Ethernet frame when it is transmitted across the network. The 802.3 header indicates the source and destination addresses of the BPDU frame. This frame has a destination MAC address of 01:80:C2:00:00:00, which is a multicast address for the spanning-tree group. When a frame is addressed with this MAC address, each switch that is configured for spanning tree accepts and reads the information from the frame. By using this multicast group address, all other devices on the network that receive this frame disregard it.

In the example, the root ID and the BID are the same in the captured BPDU frame. This indicates that the frame was captured from a root bridge switch.

The timers are all set to the default values.


5.2.2 - STP BPDU
The diagram depicts the BPDU fields and an example of a BPDU frame captured by Wireshark.

BPDU fields:
Field numbers: 1 to 4
Protocol ID (2 bytes): Indicates the type of protocol being used. This field contains the value zero.
Version (1 byte): Indicates the version of the protocol. This field contains the value zero.
Message type (1 byte): Indicates the type of message. This field contains the value zero.
Flags (1 byte): Includes one of the following:
- Topology change (TC) bit, which signals a topology change in the event that a path to the root bridge has been disrupted.
- Topology change acknowledges (TCA) bit, which is set to acknowledge receipt of a configuration message with the TC bit set.

Field numbers: 5 to 8
Root ID (8 bytes): Indicates the root bridge by listing its 2-byte priority followed by its 6-byte MAC address ID. When a switch first boots, the root ID is the same as the bridge ID. However, as the election process occurs, the lowest bridge ID replaces the local root ID to identify the root bridge switch.
Cost of path (4 bytes): Indicates the cost of the path from the bridge sending the configuration message to the root bridge. The path cost field is updated by each switch along the path to the root bridge.
Bridge ID (8 byte): Indicates the priority and MAC address ID of the bridge sending the message. This label allows the root bridge to identify where the BPDU originated, as well as identify the multiple paths from the switch to the root bridge. When the root bridge receives more than one BPDU from a switch with different path costs, it knows that there are two distinct paths and uses the path with the lower cost.
Port ID (2 bytes): Indicates the port number from which the configuration message was sent. This field allows loops created by multiple attached bridges to be detected and corrected.

Field numbers: 9 to 12
Message age (2 bytes): Indicates the amount of time that has elapsed since the root sent the configuration message on which the current configuration message is based.
Max age (2 bytes): Indicates when the current configuration message should be detected. When the message age reaches the maximum age, the switch expires the current configuration and initiates a new election to determine a new root bridge because it assumes that it has been disconnected from the root bridge. By default, this is 20 seconds, but it can be set between 6 and 40 seconds.
Hello time (2 bytes): Indicates the time between root bridge configuration messages. The interval defines how long the root bridge waits between sending configuration message BPDU's. By default, this is 2 seconds, but it can be set between 1 and 10 seconds.
Forward delay (2 bytes): Indicates the length of time that bridges wait before transitioning to a new state after a topology change. If a bridge transitions too soon, all network links might not be ready to change their state and loops can result. By default, this is 15 seconds for each state, but it can be set between 4 and 30 seconds.

BPDU Example - Wireshark frame capture:
A screen capture from the Wireshark protocol analyzer shows the BPDU fields listed above and the actual values captured.


Page 2:
The BPDU Process

Each switch in the broadcast domain initially assumes that it is the root bridge for the spanning-tree instance, so the BPDU frames sent contain the BID of the local switch as the root ID. By default, BPDU frames are sent every 2 seconds after a switch is booted; that is, the default value of the hello timer specified in the BPDU frame is 2 seconds. Each switch maintains local information about its own BID, the root ID, and the path cost to the root.

When adjacent switches receive a BPDU frame, they compare the root ID from the BPDU frame with the local root ID. If the root ID in the BPDU is lower than the local root ID, the switch updates the local root ID and the ID in its BPDU messages. These messages serve to indicate the new root bridge on the network. Also, the path cost is updated to indicate how far away the root bridge is. For example, if the BPDU was received on a Fast Ethernet switch port, the path cost would be set to 19. If the local root ID is lower than the root ID received in the BPDU frame, the BPDU frame is discarded.

After a root ID has been updated to identify a new root bridge, all subsequent BPDU frames sent from that switch contain the new root ID and updated path cost. That way, all other adjacent switches are able to see the lowest root ID identified at all times. As the BPDU frames pass between other adjacent switches, the path cost is continually updated to indicate the total path cost to the root bridge. Each switch in the spanning tree uses its path costs to identify the best possible path to the root bridge.

Click each step in the figure to learn about the BPDU process.

The following summarizes the BPDU process:

Note: Priority is the initial deciding factor when choosing a root bridge. If the priority of all the switches was the same, the MAC address would be the deciding factor.

Step 1. Initially, each switch identifies itself as the root bridge. Switch S2 forwards BPDU frames out all switch ports.

Step 2. When switch S3 receives a BPDU from switch S2, S3 compares its root ID with the BPDU frame it received. The priorities are equal, so the switch is forced to examine the MAC address portion to determine which MAC address has a lower value. Because S2 has a lower MAC address value, S3 updates its root ID with the S2 root ID. At that point, S3 considers S2 as the root bridge.

Step 3. When S1 compares its root ID with the one in the received BPDU frame, it identifies the local root ID as the lower value and discards the BPDU from S2.

Step 4. When S3 sends out its BPDU frames, the root ID contained in the BPDU frame is that of S2.

Step 5. When S2 receives the BPDU frame, it discards it after verifying that the root ID in the BPDU matched its local root ID.

Step 6. Because S1 has a lower priority value in its root ID, it discards the BPDU frame received from S3.

Step 7. S1 sends out its BPDU frames.

Step 8. S3 identifies the root ID in the BPDU frame as having a lower value and therefore updates its root ID values to indicate that S1 is now the root bridge.

Step 9. S2 identifies the root ID in the BPDU frame as having a lower value and therefore updates its root ID values to indicate that S1 is now the root bridge.


5.2.2 - STP BPDU
The diagram depicts the BPDU root bridge determination process.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).

All switches are initially labeled "Root Bridge" and the following information applies.

Switch S1 Bridge ID:
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

Switch S2 Bridge ID:
Root ID: 32769.000A00111111
Bridge ID: 32769.000A00111111
Path Cost = 19

Switch S3 Bridge ID:
Root ID: 32769.000A00222222
Bridge ID: 32769.000A00222222
Path Cost = 19

Step 1: Switch S2 forwards BPDU frames out of all switch ports. The BPDU frame contains the bridge ID and the root ID of switch S2, indicating that it is the root bridge.

Step 2: Switch S3 compares the received root ID with its own and identifies switch S2 as the lower root ID.
Switch S3 updates its root ID with the root ID switch S2.
Switch S3 now considers switch S2 as the root bridge.
Switch S3 updates the path cost to 19 because the BPDU was received on a Fast Ethernet port.

Step 3: When S1 compares its root ID with the one in the BPDU frame received from S2, it identifies the local root ID as the lower value and discards the BPDU from S2. Switch S1 still considers itself the root bridge.

Step 4: Switch S3 forwards BPDU frames out all switch ports. The BPDU frame contains the root ID of switch S2, indicating that it is the root bridge.

Step 5: Switch S2 compares the received BPDU root ID with its own and identifies that it matches. Switch S2 continues to think it is the root bridge on the network. Switch S2 does not update the path cost.

Step 6: Switch S1 compares the received BPDU root ID with its own and identifies that its own is lower. Switch S1 continues to think it is the root bridge on the network. Switch S1 does not update the path cost.

Step 7: Switch S1 forwards BPDU frames out all switch ports. The BPDU frame contains the bridge ID and root ID of switch S1, indicating that it is the root bridge.

Step 8: Switch S3 compares the received root ID with its own and identifies switch S1 as the lower root ID. Switch S3 updates its root ID with the root ID of switch S1. Switch S3 now considers switch S1 as the root bridge. Switch S3 updates the path cost to 19 because the BPDU was received on a Fast Ethernet port.

Step 9: Switch S2 compares the received root ID with its own and identifies switch S1 as the lower root ID. Switch S2 updates its root ID with the root ID of switch S1. Switch S2 now considers switch S1 as the root bridge. Switch S2 updates the path cost to 19 because the BPDU was received on a Fast Ethernet port.

When all BPDU's have been exchanged to determine the root bridge, the following information applies:

Switch S1 Bridge ID:
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

Switch S2 Bridge ID:
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00111111
Path Cost = 19

Switch S3 Bridge ID:
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00222222
Path Cost = 19


5.2.3 Bridge ID

Page 1:
BID Fields

The bridge ID (BID) is used to determine the root bridge on a network. This topic describes what makes up a BID and how to configure the BID on a switch to influence the election process to ensure that specific switches are assigned the role of root bridge on the network.

The BID field of a BPDU frame contains three separate fields: bridge priority, extended system ID, and MAC address. Each field is used during the root bridge election.

Bridge Priority

The bridge priority is a customizable value that you can use to influence which switch becomes the root bridge. The switch with the lowest priority, which means lowest BID, becomes the root bridge (the lower the priority value, the higher the priority). For example, to ensure that a specific switch is always the root bridge, you set the priority to a lower value than the rest of the switches on the network. The default value for the priority of all Cisco switches is 32768. The priority range is between 1 and 65536; therefore, 1 is the highest priority.

Extended System ID

As shown in the example, the extended system ID can be omitted in BPDU frames in certain configurations. The early implementation of STP was designed for networks that did not use VLANs. There was a single common spanning tree across all switches. When VLANs started to become common for network infrastructure segmentation, STP was enhanced to include support for VLANs. As a result, the extended system ID field contains the ID of the VLAN with which the BPDU is associated.

When the extended system ID is used, it changes the number of bits available for the bridge priority value, so the increment for the bridge priority value changes from 1 to 4096. Therefore, bridge priority values can only be multiples of 4096.

The extended system ID value is added to the bridge priority value in the BID to identify the priority and VLAN of the BPDU frame.

You will learn about per VLAN spanning tree (PVST) in a later section of this chapter.

MAC Address

When two switches are configured with the same priority and have the same extended system ID, the switch with the MAC address with the lowest hexadecimal value has the lower BID. Initially, all switches are configured with the same default priority value. The MAC address is then the deciding factor on which switch is going to become the root bridge. This results in an unpredictable choice for the root bridge. It is recommended to configure the desired root bridge switch with a lower priority to ensure that it is elected root bridge. This also ensures that the addition of new switches to the network does not trigger a new spanning-tree election, which could disrupt network communication while a new root bridge is being selected.

Click the Priority-based decision button in the figure.

In the example, S1 has a lower priority than the other switches; therefore, it is preferred as the root bridge for that spanning-tree instance.

Click the MAC Address-based decision button in the figure.

When all switches are configured with the same priority, as is the case with all switches kept in the default configuration with a priority of 32768, the MAC address becomes the deciding factor for which switch becomes the root bridge.

Note: In the example, the priority of all the switches is 32769. The value is based on the 32768 default priority and the VLAN 1 assignment associated with each switch (1+32768).

The MAC address with the lowest hexadecimal value is considered to be the preferred root bridge. In the example, S2 has the lowest value for its MAC address and is therefore designated as the root bridge for that spanning-tree instance.


5.2.3 - Bridge ID
The diagram depicts the B ID fields and root bridge selection examples based on priority and MAC address.

B ID fields:
Without the Extended System ID:
Bridge Priority (2 bytes)
MAC Address (6 bytes)

With the Extended System ID:
Bridge Priority (4 bits)
Extended System ID (12 bits)
MAC Address (48 bits or 6 bytes)

Priority-based decision:
Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/3 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Switch S1 Bridge ID:
Priority = 24577
MAC Address = 000A00333333

Switch S2 Bridge ID:
Priority = 32769
MAC Address = 000A00111111

Switch S3 Bridge ID:
Priority = 32769
MAC Address = 000A00222222

Switch S1 is determined to be the root bridge based on its better (lower) priority number of 24577.

MAC address-based decision:
Network Topology:
Same topology as the priority-based decision.

Switch S1 Bridge ID:
Priority = 32769
MAC Address = 000A00333333

Switch S2 Bridge ID:
Priority = 32769
MAC Address = 000A00111111

Switch S3 Bridge ID:
Priority = 32769
MAC Address = 000A00222222

Switch S2 is determined to be the root bridge based on its lower MAC address of 000A00111111.


Page 2:
Configure and Verify the BID

When a specific switch is to become a root bridge, the bridge priority value needs to be adjusted to ensure it is lower than the bridge priority values of all the other switches on the network. There are two different configuration methods that you can use to configure the bridge priority value on a Cisco Catalyst switch.

Method 1 - To ensure that the switch has the lowest bridge priority value, use the spanning-tree vlan vlan-id root primary command in global configuration mode. The priority for the switch is set to the predefined value of 24576 or to the next 4096 decrement value below the lowest bridge priority detected on the network.

If an alternate root bridge is desired, use the spanning-tree vlan vlan-id root secondary global configuration mode command. This command sets the priority for the switch to the predefined value of 28672. This ensures that this switch becomes the root bridge if the primary root bridge fails and a new root bridge election occurs and assuming that the rest of the switches in the network have the default 32768 priority value defined.

In the example, switch S1 has been assigned as the primary root bridge using the spanning-tree vlan 1 root primary global configuration mode command, and switch S2 has been configured as the secondary root bridge using the spanning-tree vlan 1 root secondary global configuration mode command.

Method 2 - Another method for configuring the bridge priority value is using the spanning-tree vlan vlan-id priority value global configuration mode command. This command gives you more granular control over the bridge priority value. The priority value is configured in increments of 4096 between 0 and 65536.

In the example, switch S3 has been assigned a bridge priority value of 24576 using the spanning-tree vlan 1 priority 24576 global configuration mode command.

Click the Verification button in the figure.

To verify the bridge priority of a switch, use the show spanning-tree privileged EXEC mode command. In the example, the priority of the switch has been set to 24576. Also notice that the switch is designated as the root bridge for the spanning-tree instance.


5.2.3 - Bridge ID
The diagram depicts configuring bridge priority and verifying the B ID.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).

Switch Priority Configuration Options:
Method 1
Switch S1:
S1(config)#spanning-tree v lan 1 root primary

Switch S2:
S2(config)#spanning-tree v lan 1 root secondary

Method 2
Switch S3:
S3(config)#spanning-tree v lan 1 priority 24576

Switch S1 becomes the root bridge based on the spanning-tree v lan 1 root primary command issued.

Switch S1 Verification:

S1#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24577 (priority 24577 sys-id-ext 1)
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 4 128.1 Shr
F0/2 Desg FWD 4 128.2 Shr

Highlighted portion of the output includes This bridge is the root, and 24577 (priority 24577 sys-id-ext 1).


5.2.4 Port Roles

Page 1:
Port Roles

The root bridge is elected for the spanning-tree instance. The location of the root bridge in the network topology determines how port roles are calculated. This topic describes how the switch ports are configured for specific roles to prevent the possibility of loops on the network.

There are four distinct port roles that switch ports are automatically configured for during the spanning-tree process.

Root Port

The root port exists on non-root bridges and is the switch port with the best path to the root bridge. Root ports forward traffic toward the root bridge. The source MAC address of frames received on the root port are capable of populating the MAC table. Only one root port is allowed per bridge.

In the example, switch S1 is the root bridge and switches S2 and S3 have root ports defined on the trunk links connecting back to S1.

Designated Port

The designated port exists on root and non-root bridges. For root bridges, all switch ports are designated ports. For non-root bridges, a designated port is the switch port that receives and forwards frames toward the root bridge as needed. Only one designated port is allowed per segment. If multiple switches exist on the same segment, an election process determines the designated switch, and the corresponding switch port begins forwarding frames for the segment. Designated ports are capable of populating the MAC table.

In the example, switch S1 has both sets of ports for its two trunk links configured as designated ports. Switch S2 also has a designated port configured on the trunk link going toward switch S3.

Non-designated Port

The non-designated port is a switch port that is blocked, so it is not forwarding data frames and not populating the MAC address table with source addresses. A non-designated port is not a root port or a designated port. For some variants of STP, the non-designated port is called an alternate port.

In the example, switch S3 has the only non-designated ports in the topology. The non-designated ports prevent the loop from occurring.

Disabled Port

The disabled port is a switch port that is administratively shut down. A disabled port does not function in the spanning-tree process. There are no disabled ports in the example.


5.2.4 - Port Roles
The diagram depicts spanning-tree port roles.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S1 port F0/3 is connected to PC4 with IP address 172.17.10.27.
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18. and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

STP Port Roles:
Root Bridge: Switch S1
Root Ports: Switch S3 port F0/1 and switch S2 port F0/1
Designated ports: Switch 1 ports F0/1 and F0/2, and switch S2 port F0/2
Non-designated ports: Switch S3 port F0/2

Note: Switch S3 port F0/2 is placed in blocking state by STP to prevent switching loops. This port has a red "X" on it.


Page 2:
Port Roles

The STA determines which port role is assigned to each switch port.

When determining the root port on a switch, the switch compares the path costs on all switch ports participating in the spanning tree. The switch port with the lowest overall path cost to the root is automatically assigned the root port role because it is closest to the root bridge. In a network topology, all switches that are using spanning tree, except for the root bridge, have a single root port defined.

When there are two switch ports that have the same path cost to the root bridge and both are the lowest path costs on the switch, the switch needs to determine which switch port is the root port. The switch uses the customizable port priority value, or the lowest port ID if both port priority values are the same.

The port ID is the interface ID of the switch port. For example, the figure shows four switches. Port F0/1 and F0/2 on switch S2 have the same path cost value back to the root bridge. However, port F0/1 on switch S2 is the preferred port because it has a lower port ID value.

The port ID is appended to the port priority. For example, switch port F0/1 has a default port priority value of 128.1, where 128 is the configurable port priority value, and .1 is the port ID. Switch port F0/2 has a port priority value of 128.2, by default.


5.2.4 - Port Roles
The diagram depicts spanning-tree port roles.

Network Topology:
Four switches, S1, S2, S3, and S4, are interconnected in a partial mesh.
Switch S1 port F0/1 is connected to S4 port F0/2 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
Switch S2 port F0/1 is connected to S4 port F0/1 (Trunk 4).

STP port roles:
Root Bridge: Switch S1
Root Ports: Switch S3 port F0/1, switch S2 port F0/1, and switch S4 port F0/2
Designated ports: Switch 1 ports F0/1 and F0/2, switch S3 port F0/2, and switch S4 port F0/2.
Non-designated ports: Switch S2 port F0/2

Note: Switch S2 port F0/2 is placed in blocking state by STP to prevent switching loops. This port has a red "X" on it.


Page 3:
Configure Port Priority

You can configure the port priority value using the spanning-tree port-priority value interface configuration mode command. The port priority values range from 0 - 240, in increments of 16. The default port priority value is 128. As with bridge priority, lower port priority values give the port higher priority.

In the example, the port priority for port F0/1 has been set to 112, which is below the default port priority of 128. This ensures that the port is the preferred port when competing with another port for a specific port role.

When the switch decides to use one port over another for the root port, the other is configured as a non-designated port to prevent a loop from occurring.


5.2.4 - Port Roles
The diagram depicts configuring port priority.

Network Topology:
Same as 5.2.4, Diagram 2. The root bridge is switch S1. Switch S2 port F0/1 is identified as a root port.

Switch Port Priority Configuration:
S1(config)#interface f0/1
S1(config-i f)#spanning-tree port-priority 112


Page 4:
Port Role Decisions

In the example, switch S1 is the root bridge. Switches S2 and S3 have root ports configured for the ports connecting back to S1.

After a switch has determined which of its ports is configured in the root port role, it needs to decide which ports have the designated and non-designated roles.

The root bridge automatically configures all of its switch ports in the designated role. Other switches in the topology configure their non-root ports as designated or non-designated ports.

Designated ports are configured for all LAN segments. When two switches are connected to the same LAN segment, and root ports have already been defined, the two switches have to decide which port gets to be configured as a designated port and which one is left as the non-designated port.

The switches on the LAN segment in question exchange BPDU frames, which contain the switch BID. Generally, the switch with the lower BID has its port configured as a designated port, while the switch with the higher BID has its port configured as a non-designated port. However, keep in mind that the first priority is the lowest path cost to the root bridge and that only if the port costs are equal, is the BID of the sender used.

As a result, each switch determines which port roles are assigned to each of its ports to create the loop-free spanning tree.

Click each step in the figure to learn about how port roles are determined.


5.2.4 - Port Roles
The diagram depicts STP port role decisions.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).

Step 1: Switch S1 has the lowest bridge priority and is therefore the root bridge.

Step 2: Switch S1 configures both of its trunk ports as designated ports.

Step 3: Switch S2 configures port F0/1 as a root port.
Switch S3 configures port F0/1 as a root port.

Step 4: Switches S2 and S3 share a common LAN segment. They need to determine which switch has the lower B ID to identify which switch can configure its port as a designated port.

Step 5: Switches S2 and S3 exchange BPDU frames. Switch 3 identifies switch S2 as having a lower B ID based on the lower MAC address of switch S2.

Step 6: Switch 3 configures port F0/2 as a non-designated port and enters the blocked state preventing the loop.

Step 7: Because switch S2 has the lower B ID, it configures its F0/2 port as a designated port to complete the spanning tree.

At the end of Step 7 the following information applies to the switch ports:

Port Roles:
Root port = R
Designated port = D
Non-designated port = N.

Switch S1 Port F0/1 (D):
Root ID = 24577.000A00333333
Bridge ID = 24577.000A00333333
Path Cost = 19

Switch S1 Port F0/2 (D):
Root ID = 24577.000A00333333
Bridge ID = 24577.000A00333333
Path Cost = 19

Switch S2 Port F0/1 (R):
Root ID = 24577.000A00333333
Bridge ID = 32769.000A00111111
Path Cost = 19

Switch S2 Port F0/2 (D):
Root ID = 24577.000A00333333
Bridge ID = 32769.000A00111111
Path Cost = 19

Switch S3 Port F0/1 (R):
Root ID = 24577.000A00333333
Bridge ID = 32769.000A00222222
Path Cost = 19

Switch S3 Port F0/2 (N):
Root ID = 24577.000A00333333
Bridge ID = 32769.000A00222222
Path Cost = 19


Page 5:
Verifying Port Roles and Port Priority

Now that spanning tree has determined the logical loop-free network topology, you may want to confirm which port roles and port priorities are configured for the various switch ports in the network.

To verify the port roles and port priorities for the switch ports, use the show spanning-tree privileged EXEC mode command.

In the example, the show spanning-tree output displays all switch ports and their defined roles. Switch port F0/1 and F0/2 are configured as designated ports. The output also displays the port priority of each switch port. Switch port F0/1 has a port priority of 128.1.


5.2.4 - Port Roles
The diagram depicts verifying port roles and port priority using the show spanning-tree command on switch S2.

S2#show spanning-tree

V LAN 0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 0019.aa9e.b000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24577 (priority 24577 sys-id-ext 1)
Address 0019.aa9e.b000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Desg FWD 19 128.1 P2p
F0/2 Desg FWD 19 128.2 P2p

The highlighted portion of the output shows spanning-tree and interface information of F 0/1 Desg FWD 19 128.1 P2p, and F 0/2 Desg FWD 19 128.2 P2p .


5.2.5 STP Port States and BPDU Timers

Page 1:
Port States

STP determines the logical loop-free path throughout the broadcast domain. The spanning tree is determined through the information learned by the exchange of the BPDU frames between the interconnected switches. To facilitate the learning of the logical spanning tree, each switch port transitions through five possible port states and three BPDU timers.

The spanning tree is determined immediately after a switch is finished booting up. If a switch port were to transition directly from the blocking to the forwarding state, the port could temporarily create a data loop if the switch was not aware of all topology information at the time. For this reason, STP introduces five port states. The table summarizes what each port state does. The following provides some additional information on how the port states ensure that no loops are created during the creation of the logical spanning tree.

  • Blocking - The port is a non-designated port and does not participate in frame forwarding. The port receives BPDU frames to determine the location and root ID of the root bridge switch and what port roles each switch port should assume in the final active STP topology.
  • Listening - STP has determined that the port can participate in frame forwarding according to the BPDU frames that the switch has received thus far. At this point, the switch port is not only receiving BPDU frames, it is also transmitting its own BPDU frames and informing adjacent switches that the switch port is preparing to participate in the active topology.
  • Learning - The port prepares to participate in frame forwarding and begins to populate the MAC address table.
  • Forwarding - The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames.
  • Disabled - The Layer 2 port does not participate in spanning tree and does not forward frames. The disabled state is set when the switch port is administratively disabled.


5.2.5 - STP Port States and BPDU Timers
The diagram depicts various switch port processes and how they are handled by the five STP port states.

Process: Receive and process BPDU's
Blocking = YES (But return to blocking if not the lowest cost path to the root bridge.)
Listening = YES
Learning = YES
Forwarding = YES
Disable = NO

Process: Forward data frames received on the interface
Blocking = NO
Listening = NO
Learning = NO
Forwarding = YES
Disable = NO

Process: Forward data frames switched from another interface
Blocking = NO
Listening = NO
Learning = NO
Forwarding = YES
Disable = NO

Process: Learn MAC addresses
Blocking = NO
Listening = NO
Learning = YES
Forwarding = YES
Disable = NO


Page 2:
BPDU Timers

The amount of time that a port stays in the various port states depends on the BPDU timers. Only the switch in the role of root bridge may send information through the tree to adjust the timers. The following timers determine STP performance and state changes:

  • Hello time
  • Forward delay
  • Maximum age

Click the Roles and Timers button in the figure.

When STP is enabled, every switch port in the network goes through the blocking state and the transitory states of listening and learning at power up. The ports then stabilize to the forwarding or blocking state, as seen in the example. During a topology change, a port temporarily implements the listening and learning states for a specified period called the forward delay interval.

These values allow adequate time for convergence in a network with a switch diameter of seven. To review, switch diameter is the number of switches a frame has to traverse to travel from the two farthest points on the broadcast domain. A seven-switch diameter is the largest diameter that STP permits because of convergence times. Convergence in relation to spanning tree is the time it takes to recalculate the spanning tree if a switch or a link fails. You will learn how convergence works in the next section.

Click the Configure Network Diameter button in the figure.

It is recommended that the BPDU timers not be adjusted directly because the values have been optimized for the seven-switch diameter. Adjusting the spanning-tree diameter value on the root bridge to a lower value automatically adjusts the forward delay and maximum age timers proportionally for the new diameter. Typically, you do not adjust the BPDU timers nor reconfigure the network diameter. However, if after research, a network administrator determined that the convergence time of the network could be optimized, the administrator would do so by reconfiguring the network diameter, not the BPDU timers.

To configure a different network diameter for STP, use the spanning-tree vlan vlan id root primary diameter value global configuration mode command on the root bridge switch.

In the example, the spanning-tree vlan 1 root primary diameter 5 global configuration mode command was entered to adjust the spanning tree diameter to five switches.


5.2.5 - STP Port States and BPDU Timers
The diagram depicts information on BPDU timers, the STP states and timers, and configuring network diameter.

BPDU Timers:
Hello time - The time between each BPDU frame that is sent on a port. By default, this is 2 seconds, but it can be set between 1 and 10 seconds.

Forward delay - The time spent in the listening and learning state. By default, this is 15 seconds for each state, but it can be set between 4 and 30 seconds.

Maximum age - The max age timer controls the maximum length of time a switch port saves configuration BPDU information. By default, this is 20 seconds, but it can be set between 6 and 40 seconds.

Port States and Timers:
Blocking
(loss of BPDU detected)
(max age = 20 sec)

Listening
(forward delay = 15 sec)

Learning
(forward delay = 15 sec)

Forwarding

Note: When a link comes up, it is initially in the blocking state and moves to listening after it decides if it is a root port or a designated port.

Configuring Network Diameter:
S1(config)#spanning-tree v lan 1 root primary diameter 5


Page 3:
Cisco PortFast Technology

PortFast is a Cisco technology. When a switch port configured with PortFast is configured as an access port, that port transitions from blocking to forwarding state immediately, bypassing the typical STP listening and learning states. You can use PortFast on access ports, which are connected to a single workstation or to a server, to allow those devices to connect to the network immediately rather than waiting for spanning tree to converge. If an interface configured with PortFast receives a BPDU frame, spanning tree can put the port into the blocking state using a feature called BPDU guard. Configuring BPDU guard is beyond the scope of this course.

Note: Cisco PortFast technology can be used to support DHCP. Without PortFast, a PC can send a DHCP request before the port is in forwarding state, denying the host from getting a usable IP address and other information. Because PortFast immediately changes the state to forwarding, the PC always gets a usable IP address.

For more information on configuring BPDU guard, see:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml.

Note: Because the purpose of PortFast is to minimize the time that access ports must wait for spanning tree to converge, it should be used only on access ports. If you enable PortFast on a port connecting to another switch, you risk creating a spanning-tree loop.

Click the Configure PortFast button in the figure.

To configure PortFast on a switch port, enter the spanning-tree portfast interface configuration mode command on each interface that PortFast is to be enabled.

To disable PortFast, enter the no spanning-tree portfast interface configuration mode command on each interface that PortFast is to be disabled.

Click the Verify PortFast button in the figure.

To verify that PortFast has been enabled for a switch port, use the show running-config privileged EXEC mode command. The absence of the spanning-tree portfast command in the running configuration for an interface indicates that PortFast has been disabled for that interface. PortFast is disabled on all interfaces by default.


5.2.5 - STP Port States and BPDU Timers
The animation depicts Cisco PortFast technology, including configuring and verifying PortFast.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
PC1, PC2, and PC3 are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively.
The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Note: Switch S3 port F0/2 is placed in blocking state by STP to prevent switching loops. This port has a red "X" on it.

PortFast:
The three ports, F0/11, F0/18, and F0/6, that are connected to PC1, PC2, and PC3 are configured using PortFast.

Configuring PortFast:
Enable PortFast:
S2(config)#interface f0/11
S2(config-i f)#spanning-tree portfast

Warning: PortFast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, and so on to this interface when PortFast is enabled, can cause temporary bridging loops. Use with caution.

PortFast has been configured on FastEthernet 0/11, but only takes effect when the interface is in non-trunking mode.
S2(config-i f)#end

Disable PortFast:
S2(config)#interface f0/11
S2(config-i f)#no spanning-tree portfast

Verify PortFast:
S2#show running-config
{output omitted}
!
Interface FastEthernet 0/11
Switchport mode access
Spanning-tree portfast
!
{output omitted}
End
S2#


Page 4:
In this activity, the switches are "out of the box" without any configuration. You will manipulate the root bridge election so that the core switches are chosen before the distribution or access layer switches.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


5.2.5 - STP Port States and BPDU Timers
Link to Packet Tracer Exploration: Configuring STP


5.3 STP Convergence

5.3.1 STP Convergence

Page 1:
STP Convergence Steps

The previous section described the components that enable STP to create the logical loop-free network topology. In this section, you will examine the whole STP process from start to finish.

Convergence is an important aspect of the spanning-tree process. Convergence is the time it takes for the network to determine which switch is going to assume the role of the root bridge, go through all the different port states, and set all switch ports to their final spanning-tree port roles where all potential loops are eliminated. The convergence process takes time to complete because of the different timers used to coordinate the process.

To understand the convergence process more thoroughly, it has been broken down into three distinct steps:

Step 1. Elect a root bridge

Step 2. Elect root ports

Step 3. Elect designated and non-designated ports

The remainder of this section explores each step in the convergence process.


5.3.1 - STP Convergence
The diagram depicts the three STP convergence steps.

Step 1: Elect a root bridge.
Step 2: Elect the root ports.
Step 3: Elect the designated and non-designated ports.


5.3.2 Step 1. Electing A Root Bridge

Page 1:
Step 1. Electing a Root Bridge

The first step of the spanning-tree convergence process is to elect a root bridge. The root bridge is the basis for all spanning-tree path cost calculations and ultimately leads to the assignment of the different port roles used to prevent loops from occurring.

A root bridge election is triggered after a switch has finished booting up, or when a path failure has been detected on a network. Initially, all switch ports are configured for the blocking state, which by default lasts 20 seconds. This is done to prevent a loop from occurring before STP has had time to calculate the best root paths and configure all switch ports to their specific roles. While the switch ports are in a blocking state, they are still able to send and receive BPDU frames so that the spanning-tree root election can proceed. Spanning tree supports a maximum network diameter of seven switch hops from end to end. This allows the entire root bridge election process to occur within 14 seconds, which is less than the time the switch ports spend in the blocking state.

Immediately after the switches have finished booting up, they start sending BPDU frames advertising their BID in an attempt to become the root bridge. Initially, all switches in the network assume that they are the root bridge for the broadcast domain. The flood of BPDU frames on the network have the root ID field matching the BID field, indicating that each switch considers itself the root bridge. These BPDU frames are sent every 2 seconds based on the default hello timer value.

As each switch receives the BPDU frames from its neighboring switches, they compare the root ID from the received BPDU frame with the root ID configured locally. If the root ID from the received BPDU frame is lower than the root ID it currently has, the root ID field is updated indicating the new best candidate for the root bridge role.

After the root ID field is updated on a switch, the switch then incorporates the new root ID in all future BPDU frame transmissions. This ensures that the lowest root ID is always conveyed to all other adjacent switches in the network. The root bridge election ends once the lowest bridge ID populates the root ID field of all switches in the broadcast domain.

Even though the root bridge election process has completed, the switches continue to forward their BPDU frames advertising the root ID of the root bridge every 2 seconds. Each switch is configured with a max age timer that determines how long a switch retains the current BPDU configuration in the event it stops receiving updates from its neighboring switches. By default, the max age timer is set to 20 seconds. Therefore, if a switch fails to receive 10 consecutive BPDU frames from one of its neighbors, the switch assumes that a logical path in the spanning tree has failed and that the BPDU information is no longer valid. This triggers another spanning-tree root bridge election.

Click the Play button in the figure to review the steps STP uses to elect a root bridge.

As you review how STP elects a root bridge, recall that the root bridge election process occurs with all switches sending and receiving BPDU frames simultaneously. Performing the election process simultaneously allows the switches to determine which switch is going to become the root bridge much faster.


5.3.2 - Step 1. Electing a Root Bridge
The animation depicts STP convergence step 1: electing a root bridge.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).

All switches are initially labeled "root bridge" and the following information applies.

Switch S1:
F0/1 BPDU
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

Switch S2:
F0/1 BPDU:
Root ID: 32769.000A00111111
Bridge ID: 32769.000A00111111
Path Cost = 19

F0/2 BPDU:
Root ID: 32769.000A00111111
Bridge ID: 32769.000A00111111
Path Cost = 19

Switch S3:
F0/2 BPDU:
Root ID: 32769.000A00222222
Bridge ID: 32769.000A00222222
Path Cost = 19

Animation sequence:
One. Switch S2 forwards BPDU frames out all switch ports. The BPDU frame contains S2's bridge ID and root ID, indicating that switch S2 is the root bridge.

Two. Switch S3 compares the received root ID with its own and identifies switch S2 as the lower root ID. Switch S3 updates its root ID with the root ID of switch S2. Switch S3 now considers switch S2 the root bridge. Switch S3 updates the path cost to 19, because the BPDU was received on a Fast Ethernet port.

Three. Switch S1 compares the root ID with its own and identifies its own root ID as the lower root ID. Switch S1 keeps its root ID as the root ID and does not increment the path cost to the root. Switch S1 still considers itself the root bridge.

Four. Switch S3 forwards BPDU frames out all switch ports. The BPDU frame has the switch S2 root ID populated, indicating that switch S2 is the root bridge.

Five. Switch S2 compares the received BPDU root ID with its own and identifies that it matches its own. Switch S2 continues to think it is the root bridge. Switch S2 does not update the path cost.

Six. Switch S1 compares the received BPDU root ID with its own and identifies that its own is lower. Switch S1 continues to think it is the root bridge. Switch S1 does not update the path cost.

Seven. Switch S1 forwards BPDU frames out all switch ports. The BPDU frame has the switch S1 bridge ID and root ID populated, indicating that switch S1 is the root bridge.

Eight. Switch S3 compares the received root ID with its own and identifies switch S1 as the lower root ID. Switch S3 updates its root ID with the root ID of switch S1. Switch S3 now considers switch S1 as the root bridge. Switch S3 updates the path cost to 19, because the BPDU was received on a Fast Ethernet port.

Nine. Switch S2 compares the received root ID with its own and identifies switch S1 as the lower root ID. Switch S2 updates its root ID with the root ID of switch S1.

Ten. Switch S2 now considers switch S1 the root bridge. Switch S2 updates the path cost to 19, because the BPDU was received on a Fast Ethernet port.

After BPDU's have been exchanged, switch S1 is elected the root bridge and the following information applies:

Switch S1 (root bridge):
F0/1 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

F0/2 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

Switch S2:
F0/2 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00111111
Path Cost = 19

Switch S3:
F0/1 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00222222
Path Cost = 19


Page 2:
Verify Root Bridge Election

When the root bridge election is completed, you can verify the identity of the root bridge using the show spanning-tree privileged EXEC mode command

In the topology example, switch S1 has the lowest priority value of the three switches, so we can assume it will become the root bridge.

Click the Switch S1 Output button in the figure.

In the example, the show spanning-tree output for switch S1 reveals that it is the root bridge. You can see that the BID matches the root ID, confirming that S1 is the root bridge.

Click the Switch S2 Output button in the figure.

In the example, the show show spanning-tree output for switch S2 shows that the root ID matches the expected root ID of switch S1, indicating that S2 considers S1 the root bridge.

Click the Switch S3 Output button in the figure.

In the example, the show spanning-tree output for switch S3 shows that the root ID matches the expected root ID of switch S1, indicating that S3 considers S1 the root bridge.


5.3.2 - Step 1. Electing a Root Bridge
The diagram depicts the verification of the root bridge election on switches S1, S2, and S3.

Network Topology:
Same as 5.3.2, Diagram 1.

Switch S1 Output:

S1#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24577 sys-id-ext 1)
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Desg FWD 19 128.1 Shr
F0/2 Desg FWD 19 128.2 Shr

The highlighted portion of the output includes Root ID, Priority 24577, Address 000A.0033.3333, and This bridge is the root.

Switch S2 Output:

S2#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0011.1111
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 Shr
F0/2 Desg FWD 19 128.2 Shr

The highlighted portion of the output includes Root ID Priority 24577, Address 000A.0033.3333, Bridge ID, Priority 32769 (priority 32768 sys-id-ext 1), and Address 000A.0011.1111 .


S3#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0022.2222
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 Shr
F0/2 Altn FWD 19 128.2 Shr

The highlighted portion of the output includes Root ID, Priority 24577, Address 000A.0033.3333, Bridge ID, Priority 32769 (priority 32768 sys-id-ext 1), and Address 000A.0022.2222.


5.3.3 Step 2. Elect Root Ports

Page 1:
Step 2. Elect Root Ports

Now that the root bridge has been determined, the switches start configuring the port roles for each of their switch ports. The first port role that needs to be determined is the root port role.

Every switch in a spanning-tree topology, except for the root bridge, has a single root port defined. The root port is the switch port with the lowest path cost to the root bridge. Normally path cost alone determines which switch port becomes the root port. However, additional port characteristics determine the root port when two or more ports on the same switch have the same path cost to the root. This can happen when redundant links are used to uplink one switch to another switch when an EtherChannel configuration is not used. Recall that Cisco EtherChannel technology allows you to configure multiple physical Ethernet type links as one logical link.

Switch ports with equivalent path costs to the root use the configurable port priority value. They use the port ID to break a tie. When a switch chooses one equal path cost port as a root port over another, the losing port is configured as the non-designated to avoid a loop.

The process of determining which port becomes a root port happens during the root bridge election BPDU exchange. Path costs are updated immediately when BPDU frames arrive indicating a new root ID or redundant path. At the time the path cost is updated, the switch enters decision mode to determine if port configurations need to be updated. The port role decisions do not wait until all switches settle on which switch is going to be the final root bridge. As a result, the port role for a given switch port may change multiple times during convergence, until it finally settles on its final port role after the root ID changes for the last time.

Click each step in the figure to learn about electing root ports.


5.3.3 - Step 2. Elect Root Ports
The diagram depicts STP convergence step 2: electing root ports.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).

Step One. Switch S2 compares the path cost for each of its switch ports.

Step Two. Switch S2 port F0/1 has a lower path cost to the root bridge and therefore becomes the root port.

Step Three. Switch S3 compares the path cost for each of its switch ports.

Step Four. Switch S3 port F0/1 has a lower path cost to the root bridge and therefore becomes the root port.

After BPDU's have been exchanged and path costs analyzed, switch S2 port F0/1 and switch S3 port F0/1 are elected as root ports and the following information applies:

Switch S1 (root bridge):
F0/1 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

F0/2 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

Switch S2:
F0/1 BPDU (root port):
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00111111
Path Cost = 19

F0/2 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00111111
Path Cost = 38

Switch S3 Bridge ID:
F0/1 BPDU (root port):
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00222222
Path Cost = 19

F0/2 BPDU:
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00222222
Path Cost = 38


Page 2:
Verify the Root Port

When the root bridge election has completed, you can verify the configuration of the root ports using the show spanning-tree privileged EXEC mode command.

In the topology example, switch S1 has been identified as the root bridge. The switch S2 F0/1 port and switch S3 F0/1 port are the two closest ports to the root bridge and, therefore, should be configured as root ports. You can confirm the port configuration using the show spanning-tree privileged EXEC mode command.

Click the Switch S1 Output button in the figure.

In the example, the show spanning-tree output for switch S1 reveals that it is the root bridge and consequently does not have any root ports configured.

Click the Switch S2 output button in the figure.

In the example, the show spanning-tree output for switch S2 shows that switch port F0/1 is configured as a root port. The Root ID shows the Priority and MAC Address of switch S1.

Click the Switch S3 output button in the figure.

In the example, the show spanning-tree output for switch S3 shows that switch port F0/1 is configured as a root port. The Root ID shows the Priority and MAC Address of switch S1.


5.3.3 - Step 2. Elect Root Ports
The diagram depicts the verification of the root port election process.

Network Topology:
Same as 5.3.3, Diagram 1.

Switch S1 Output:

S1#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24577 sys-id-ext 1)
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Desg FWD 19 128.1 P2p
F0/2 Desg FWD 19 128.2 P2p

There are no root ports on S1.

Switch S2 Output:

S2#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0011.1111
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 P2p
F0/2 Desg FWD 19 128.2 P2p

There is one root port on S2. The highlighted portion of the output includes Root ID, Priority 247577, Address 000A.0033.3333, and F0/1 Root FWD.

S3#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 24577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0022.2222
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 P2p
F0/2 Altn FWD 19 128.2 P2p

There is one root port on S3.The highlighted portion of the output includes F0/1 Root FWD.


5.3.4 Step 3. Electing Designated Ports and Non-Designated Ports

Page 1:
Step 3. Electing Designated Ports and Non-Designated Ports

After a switch determines which of its ports is the root port, the remaining ports must be configured as either a designated port (DP) or a non-designated port (non-DP) to finish creating the logical loop-free spanning tree.

Each segment in a switched network can have only one designated port. When two non-root port switch ports are connected on the same LAN segment, a competition for port roles occurs. The two switches exchange BPDU frames to sort out which switch port is designated and which one is non-designated.

Generally, when a switch port is configured as a designated port, it is based on the BID. However, keep in mind that the first priority is the lowest path cost to the root bridge and that only if the port costs are equal, is the BID of the sender.

When two switches exchange their BPDU frames, they examine the sending BID of the received BPDU frame to see if it is lower than its own. The switch with the lower BID wins the competition and its port is configured in the designated role. The losing switch configures its switch port to be non-designated and, therefore, in the blocking state to prevent the loop from occurring.

The process of determining the port roles happens concurrently with the root bridge election and root port designation. As a result, the designated and non-designated roles may change multiple times during the convergence process until the final root bridge has been determined. The entire process of electing the root bridge, determining the root ports, and determining the designated and non-designated ports happens within the 20-second blocking port state. This convergence time is based on the 2-second hello timer for BPDU frame transmission and the seven-switch diameter supported by STP. The max age delay of 20 seconds provides enough time for the seven-switch diameter with the 2-second hello timer between BPDU frame transmissions.

Click each step in the figure to learn about electing designated ports and non-designated ports.


5.3.4 - Step 3. Electing Designated Ports and Non-Designated Ports
The diagram depicts STP convergence step 3: electing designated ports and non-designated ports.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).

Step One. Switch S1 configures both of its switch ports in the designated role because it is the root bridge.
Step Two. Switch S3 sends out a BPDU frame to switch S2.
Step Three. Switch S2 compares B ID values and determines that it has the lower value.
Step Four. Switch S2 configures port F0/2 in the designated role.
Step Five. Switch S2 sends out a BPDU frame to switch S3.
Step Six. Switch S3 compares B ID values and determines that it has the higher value.
Step Seven. Switch S3 configures port F0/2 to a non-designated role.

After BPDU's have been exchanged, the following switch ports are elected as designated and non-designated:

Switch S1 (root bridge):
F0/1 BPDU (Designated):
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

F0/2 BPDU (designated):
Root ID: 24577.000A00333333
Bridge ID: 24577.000A00333333
Path Cost = 19

Switch S2:
F0/1 BPDU (root port):
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00111111
Path Cost = 19

F0/2 BPDU (designated):
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00111111
Path Cost = 38

Switch S3 Bridge ID:
F0/1 BPDU (root port):
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00222222
Path Cost = 19

F0/2 BPDU (non-designated, blocking):
Root ID: 24577.000A00333333
Bridge ID: 32769.000A00222222
Path Cost = 38


Page 2:
Verify DP and Non-DP

After the root ports have been assigned, the switches determine which remaining ports are configured as designated and non-designated ports. You can verify the configuration of the designated and non-designated ports using the show spanning-tree privileged EXEC mode command.

In the topology:

1. Switch S1 is identified as the root bridge and therefore configures both of its switch ports as designated ports.

2. The switch S2 F0/1 port and switch S3 F0/1 port are the two closest ports to the root bridge and are configured as root ports.

3. The remaining switch S2 F0/2 port and switch S3 F0/2 port need to decide which of the two remaining ports will be the designated port and which will be the non-designated port.

4. Switch S2 and switch S3 compare their BID values to determine which one is lower The one with the lower BID is configured as the designated port.

5. Because both switches have the same priority, the MAC address becomes the deciding factor.

6. Because switch S2 has a lower MAC address, it configures its F0/2 port as a designated port.

7. Switch S3 consequently configures its F0/2 port as a non-designated port to prevent the loop from occurring.

You can confirm the port configuration using the show spanning-tree privileged EXEC mode command.

Click the Switch S1 Output button in the figure.

In the example, the show spanning-tree output for switch S1 reveals that it is the root bridge and consequently has both of its ports configured as designated ports.

Click the Switch S2 Output button in the figure.

In the example, the show spanning-tree output for switch S2 shows that switch port F0/2 is configured as a designated port.

Click the Switch S3 Output button in the figure.

In the example, the show spanning-tree output for switch S3 shows that switch port F0/2 is configured as a non-designated port.


5.3.4 - Step 3. Electing Designated Ports and Non-Designated Ports
The diagram depicts the verification of the designated and non-designated port election on switches S1, S2, and S3.

Network Topology:
Same as 5.3.4, Diagram 1.

Switch S1 Output:

S1#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 24577
Address 000A.0033.3333
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24577 sys-id-ext 1)
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Desg FWD 19 128.1 P2p
F0/2 Desg FWD 19 128.2 P2p

There are two designated ports on S1. The highlighted portion of the output includes This bridge is the root, F0/1 Desg FWD 19, and F0/2 Desg FWD 19.

Switch S2 Output:

S2#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 24577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0011.1111
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 P2p
F0/2 Desg FWD 19 128.2 P2p

There is one designated port on S2. The highlighted portion of the output includes F0/2 Desg FWD 19.

Switch S3 Output:

S3#show spanning-tree
V LAN0001
Spanning tree enabled protocol i e e e
Root ID Priority 24577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0022.2222
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 P2p
F0/2 Altn BLK 19 128.2 P2p

There is one non-designated (alternate) blocking port on S3. The highlighted portion of the output includes F0/2 Altn BLK.


5.3.5 STP Topology Change

Page 1:
STP Topology Change Notification Process

A switch considers it has detected a topology change either when a port that was forwarding is going down (blocking for instance) or when a port transitions to forwarding and the switch has a designated port. When a change is detected, the switch notifies the root bridge of the spanning tree. The root bridge then broadcasts the information into the whole network.

In normal STP operation, a switch keeps receiving configuration BPDU frames from the root bridge on its root port. However, it never sends out a BPDU toward the root bridge. To achieve that, a special BPDU called the topology change notification (TCN) BPDU was introduced. When a switch needs to signal a topology change, it starts to send TCNs on its root port. The TCN is a very simple BPDU that contains no information and is sent out at the hello time interval. The receiving switch is called the designated bridge and it acknowledges the TCN by immediately sending back a normal BPDU with the topology change acknowledgement (TCA) bit set. This exchange continues until the root bridge responds.

For example, in the figure switch S2 experiences a topology change. It sends a TCN to its designated bridge, which in this case is switch D1. Switch D1 receives the TCN, acknowledges it back to switch S2 with a TCA. Switch D1 generates a TCN, and forwards it to its designated bridge, which in this case is the root bridge.

Click the Broadcast Notification button in the figure.

Broadcast Notification

Once the root bridge is aware that there has been a topology change event in the network, it starts to send out its configuration BPDUs with the topology change (TC) bit set. These BPDUs are relayed by every switch in the network with this bit set. As a result, all switches become aware of the topology change and can reduce their aging time to forward delay. Switches receive topology change BPDUs on both forwarding and blocking ports.

The TC bit is set by the root for a period of max age + forward delay seconds, which is 20+15=35 seconds by default.


5.3.5 - STP Topology Change
The diagram depicts the STP topology change notification process.

Network Topology:
There are three Access Layer switches, S1, S2, and S3; two Distribution Layer switches, D1 and D2; and one Core Layer switch, C1, which is the root bridge. Switches S1 and S2 are connected to D1. Switch S3 is connected to D2. Switches D1 and D2 are connected to C1.

Topology Change:
Switch S2 experiences a topology change. Switch S2 sends a topology change notification (TCN) BPDU to its designated bridge, which is switch D1. Switch D1 receives the TCN, acknowledges it back to switch S2 with a topology change acknowledgement (TCA) BPDU. Switch D1 generates a TCN and forwards it to its designated bridge, which is the root bridge.

Broadcast Notification:
The root bridge sends out its configuration BPDU's with the topology change (TC) bit set. These BPDU's are relayed by every switch in the network with this bit set. All switches become aware of the topology change and can alter port roles accordingly.


5.4 PVST+, RSTP and Rapid-PVST+

5.4.1 Cisco and STP Variants

Page 1:
Like many networking standards, the evolution of STP has been driven by the need to create industry-wide specifications when proprietary protocols become de facto standards. When a proprietary protocol becomes so prevalent that all competitors in the market need to support it, agencies like the IEEE step in and create a public specification. The evolution of STP has followed this same path, as seen in the table.

When you read about STP on the Cisco.com site, you notice that there are many types or variants of STP. Some of these variants are Cisco proprietary and others are IEEE standards. You will learn more details on some of these STP variants, but to get started you need to have a general knowledge of what the key STP variants are. The table summarizes the following descriptions of the key Cisco and IEEE STP variants.

Cisco Proprietary

Per-VLAN spanning tree protocol (PVST) - Maintains a spanning-tree instance for each VLAN configured in the network. It uses the Cisco proprietary ISL trunking protocol that allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. Because PVST treats each VLAN as a separate network, it can load balance traffic at Layer 2 by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a loop. For PVST, Cisco developed a number of proprietary extensions to the original IEEE 802.1D STP, such as BackboneFast, UplinkFast, and PortFast. These Cisco STP extensions are not covered in this course. To learn more about these extensions, visit: http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html.

Per-VLAN spanning tree protocol plus (PVST+) - Cisco developed PVST+ to provide support for IEEE 802.1Q trunking. PVST+ provides the same functionality as PVST, including the Cisco proprietary STP extensions. PVST+ is not supported on non-Cisco devices. PVST+ includes the PortFast enhancement called BPDU guard, and root guard. To learn more about BPDU guard, visit: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml.

To learn more about root guard, visit: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml.

Rapid per-VLAN spanning tree protocol (rapid PVST+) - Based on the IEEE 802.1w standard and has a faster convergence than STP (standard 802.1D). Rapid PVST+ includes Cisco-proprietary extensions such as BackboneFast, UplinkFast, and PortFast.

IEEE Standards

Rapid spanning tree protocol (RSTP) - First introduced in 1982 as an evolution of STP (802.1D standard). It provides faster spanning-tree convergence after a topology change. RSTP implements the Cisco-proprietary STP extensions, BackboneFast, UplinkFast, and PortFast, into the public standard. As of 2004, the IEEE has incorporated RSTP into 802.1D, identifying the specification as IEEE 802.1D-2004. So when you hear STP, think RSTP. You will learn more about RSTP later in this section.

Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree instance, reducing the number of instances needed to support a large number of VLANs. MSTP was inspired by the Cisco-proprietary Multiple Instances STP (MISTP) and is an evolution of STP and RSTP. It was introduced in IEEE 802.1s as amendment to 802.1Q, 1998 edition. Standard IEEE 802.1Q-2003 now includes MSTP. MSTP provides for multiple forwarding paths for data traffic and enables load balancing. A discussion of MSTP is beyond the scope of this course. To learn more about MSTP, visit: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swmstp.html.


5.4.1 - Cisco and STP Variants
The diagram depicts Cisco and other STP variants.
Cisco Proprietary STP Variants.

PVST:
Uses the Cisco proprietary ISL trunking protocol.
Each V LAN has an instance of spanning tree.
Ability to load balance traffic at Layer 2.
Includes the BackboneFast, UplinkFast, and PortFast extensions.
PVST+:
Supports ISL and i e e e 802 dot 1Q trunking.
Supports Cisco proprietary STP extensions.
Adds BPDU guard and Root guard enhancements.
rapid-PVST+:
Based on the i e e e 802 dot 1w standard.
Has faster convergence than 802 dot 1D.

i e e e Standard STP Variants.

RSTP:
Introduced in 1982, it provides faster convergence than 802 dot 1D.
Implements generic versions of the Cisco proprietary STP extensions.
i e e e has incorporated RSTP into 802 dot 1D, identifying the specification as i e e e 802 dot 1D-2004.

MSTP
Multiple V LAN's can be mapped to the same spanning-tree instance.
Inspired by the Cisco Multiple Instances Spanning Tree Protocol (MISTP).
i e e e 802 dot 1Q-2003 now includes MSTP.


5.4.2 PVST+

Page 1:
PVST+

Cisco developed PVST+ so that a network can run an STP instance for each VLAN in the network. With PVST+, more than one trunk can block for a VLAN and load sharing can be implemented. However, implementing PVST+ means that all switches in the network are engaged in converging the network, and the switch ports have to accommodate the additional bandwidth used for each PVST+ instance to send its own BPDUs.

In a Cisco PVST+ environment, you can tune the spanning-tree parameters so that half of the VLANs forward on each uplink trunk. In the figure, port F0/3 on switch S2 is the forwarding port for VLAN 20, and F0/2 on switch S2 is the forwarding port for VLAN 10. This is accomplished by configuring one switch to be elected the root bridge for half of the total number of VLANs in the network, and a second switch to be elected the root bridge for the other half of the VLANs. In the figure, switch S3 is the root bridge for VLAN 20, and switch S1 is the root bridge for VLAN 10. Creating different STP root switches per VLAN creates a more redundant network.


5.4.2 - PVST+
The diagram depicts how Cisco PVST+ functions with multiple V LAN's.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/2 is connected to S2 port F0/2.
Switch S2 port F0/3 is connected to S3 port F0/1
Switch S3 port F0/4 is connected to S1 port F0/4.
All inter-switch links are 801 dot 1Q trunks.

Switch S1 is the root bridge for V LAN 10.
Switch S3 is the root bridge for V LAN 20.
Port F0/3 on switch S2 is the forwarding port for V LAN 20.
Port F0/2 on switch S2 is the forwarding port for V LAN 10.
Port F0/3 on switch S2 is the blocking port for V LAN 10
Port F0/2 on switch S2 is the blocking port for V LAN 20.


Page 2:
PVST+ Bridge ID

As you recall, in the original 802.1D standard, an 8-byte BID is composed of a 2-byte bridge priority and a 6-byte MAC address of the switch. There was no need to identify a VLAN because there was only one spanning tree in a network. PVST+ requires that a separate instance of spanning tree run for each VLAN. To support PVST+, the 8-byte BID field is modified to carry a VLAN ID (VID). In the figure, the bridge priority field is reduced to 4 bits and a new 12-bit field, the extended system ID field, contains the VID. The 6-byte MAC address remains unchanged.

The following provides more details on the PVST+ fields:

  • Bridge priority - A 4-bit field carries the bridge priority. Because of the limited bit count, the priority is conveyed in discrete values in increments of 4096 rather than discreet values in increments of 1, as they would be if the full 16-bit field was available. The default priority, in accordance with IEEE 802.1D, is 32,768, which is the midrange value.
  • Extended system ID - A 12-bit field carrying the VID for PVST+.
  • MAC address - A 6-byte field with the MAC address of a single switch.

The MAC address is what makes a BID unique. When the priority and extended system ID are prepended to the switch MAC address, each VLAN on the switch can be represented by a unique BID.

Click on the PVST+ Bridge ID Example button in the figure.

In the figure, the values for priority, VLAN, and MAC address for switch S1 are shown. They are combined to form the BID.

Caution: If no priority has been configured, every switch has the same default priority, and the election of the root bridge for each VLAN is based on the MAC address. Therefore, to ensure that you get the root bridge you want, it is advisable to assign a lower priority value to the switch that should serve as the root bridge.


5.4.2 - PVST+
The diagram depicts the structure of the Cisco PVST+ Bridge ID.

PVST+ requires that a separate instance of spanning tree run for each V LAN. To support PVST+, the 8-byte B ID field is modified to carry a V LAN ID (V ID). In the diagram, the bridge priority field is reduced from 2 bytes in the original 802 dot 1D standard to 4 bits, and a new 12-bit field, the extended system ID field, contains the V ID. The 6-byte MAC address remains unchanged.

The following provides more details on the PVST+ fields:
Bridge priority - A 4-bit field carries the bridge priority.
Extended system ID - A 12-bit field carries the V ID for PVST+.
MAC address - A 6-byte field with the MAC address of a single switch.

The MAC address is what makes a B ID unique. When the priority and extended system ID are prepended to the switch MAC address, each V LAN on the switch can be represented by a unique B ID.

PVST+ Bridge ID Example:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/2 is connected to S2 port F0/2.
Switch S2 port F0/3 is connected to S3 port F0/1
Switch S3 port F0/4 is connected to S1 port F0/4.

Switch S1 is the root bridge for V LAN 10.
Switch S3 is the root bridge for V LAN 20.

Switch S1 Bridge ID:
Priority + V LAN ID + MAC Address = B ID
32768 + 10 + 000A.0033.3333 = 32778.000A.0033.3333
32768 + 20 + 000A.0033.3333 = 32788.000A.0033.3333


Page 3:
The table shows the default spanning-tree configuration for a Cisco Catalyst 2960 series switch. Notice that the default spanning-tree mode is PVST+.


5.4.2 - PVST+
The diagram depicts the default configuration for a 2960 Series Switch, which uses PVST+.

Feature: Enable state
Default Setting: Enabled on V LAN 1

Feature: Spanning-tree mode
Default Setting: PVST+ (Rapid PVST+ and MSTP are disabled.)

Feature: Switch priority
Default Setting: 32768

Feature: Spanning-tree port priority (configurable on a per-interface basis)
Default Setting: 128

Feature: Spanning-tree port cost (configurable on a per-interface basis)
Default Setting: 1000 Megabits per second: 4, 100 Megabits per second: 19, 10 Megabits per second: 100

Feature: Spanning-tree V LAN port priority (configurable on a per-V LAN basis)
Default Setting: 128

Feature: Spanning-tree V LAN port cost (configurable on a per-V LAN basis)
Default Setting: 128

Feature: Spanning-tree timers
Default Setting: Hello time: 2 seconds, Forward-delay time: 15 seconds, Maximum-aging time: 20 seconds, Transmit hold count: 6 BPDU's


Page 4:
Configure PVST+

The topology shows three switches with 802.1Q trunks connecting them. There are two VLANs, 10 and 20, which are being trunked across these links. This network has not been configured for spanning tree. The goal is to configure S3 as the root bridge for VLAN 20 and S1 as the root bridge for VLAN 10. Port F0/3 on S2 is the forwarding port for VLAN 20 and the blocking port for VLAN 10. Port F0/2 on S2 is the forwarding port for VLAN 10 and the blocking port for VLAN 20. The steps to configure PVST+ on this example topology are:

Step 1. Select the switches you want for the primary and secondary root bridges for each VLAN.

Step 2. Configure the switch to be a primary bridge for one VLAN, for example switch S3 is a primary bridge for VLAN 20.

Step 3. Configure the switch to be a secondary bridge for the other VLAN, for example, switch S3 is a secondary bridge for VLAN 10.

Optionally, set the spanning-tree priority to be low enough on each switch so that it is selected as the primary bridge.

Click the Primary and Secondary Root Bridges button in the figure.

Configure the Primary Root Bridges

The goal is to configure switch S3 as the primary root bridge for VLAN 20 and configure switch S1 as the primary root bridge for VLAN 10. To configure a switch to become the root bridge for a specified VLAN, use the spanning-tree vlan vlan-ID root primary global configuration mode command. Recall that you are starting with a network that has not been configured with spanning tree, so assume that all the switches are in their default configuration. In this example, switch S1, which has VLAN 10 and 20 enabled, retains its default STP priority.

Configure the Secondary Root Bridges

A secondary root is a switch that may become the root bridge for a VLAN if the primary root bridge fails. To configure a switch as the secondary root bridge, use the spanning-tree vlan vlan-ID root secondary global configuration mode command. Assuming the other bridges in the VLAN retain their default STP priority, this switch becomes the root bridge if the primary root bridge fails. This command can be executed on more than one switch to configure multiple backup root bridges.

The graphic shows the Cisco IOS command syntax to specify switch S3 as the primary root bridge for VLAN 20 and as the secondary root bridge for VLAN 10. Also, switch S1 becomes the primary root bridge for VLAN 10 and the secondary root bridge for VLAN 20. This configuration permits spanning tree load balancing, with VLAN 10 traffic passing through switch S1 and VLAN 20 traffic passing through switch S3.

Click the PVST+ Switch Priority button in the figure.

PVST+ Switch Priority

Earlier in this chapter you learned that the default settings used to configure spanning tree are adequate for most networks. This is true for Cisco PVST+ as well. There are a number of ways to tune PVST+. A discussion on how to tune a PVST+ implementation is beyond the scope of this course. However, you can set the switch priority for the specified spanning-tree instance. This setting affects the likelihood that this switch is selected as the root switch. A lower value increases the probability that the switch is selected. The range is 0 to 61440 in increments of 4096. For example, a valid priority value is 4096x2 = 8192. All other values are rejected.

The examples show the Cisco IOS command syntax.

Click the Verify button in the figure.

The privileged EXEC command show spanning tree active shows spanning-tree configuration details for the active interfaces only. The output shown is for switch S1 configured with PVST+. There are a lot of Cisco IOS command parameters associated with the show spanning tree command. For a complete description, visit: http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_37_se/command/reference/cli2.html#wpxref47293.

Click the show run button in the figure.

You can see in the output that the priority for VLAN 10 is 4096, the lowest of the three VLAN priorities. This priority setting ensures that this switch is the primary root bridge for VLAN 10.


5.4.2 - PVST+
The diagram depicts configuring and verifying Cisco PVST+ with multiple V LAN's.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/2 is connected to S2 port F0/2.
Switch S2 port F0/3 is connected to S3 port F0/1.
Switch S3 port F0/4 is connected to S1 port F0/4.
All inter-switch links are 801 dot 1Q trunks.

Switch S1 is the primary root bridge for V LAN 10 and secondary root bridge for V LAN 20. Switch S3 is the primary root bridge for V LAN 20 and secondary root bridge for V LAN 10.

Configuring primary and secondary root bridges for V LAN 10 and 20:

S3(config)#spanning-tree v lan 20 root primary
Forces switch S3 to be the primary root for V LAN 20.

S3(config)#spanning-tree v lan 10 root secondary
Forces S3 to be the secondary root for V LAN 10.

S1(config)#spanning-tree v lan 10 root primary
Forces switch S1 to be the primary root for V LAN 10.

S1(config)#spanning-tree v lan 20 root secondary
Forces S1 to be the secondary root for V LAN 20.


Configuring PVST+ switch priority:

S3(config)#spanning-tree v lan 20 priority 4096
Sets the priority for switch S3 to the lowest possible, making it most likely that S3 will be the primary root for V LAN 20.

S1(config)#spanning-tree v lan 10 priority 4096
Sets the priority for switch S1 to the lowest possible, making it most likely that S1 will be the primary root for V LAN 10.

Verifying PVST+ settings:
S1#show spanning-tree active
Output omitted.

V LAN0010
Spanning tree enabled protocol i e e e
Root ID Priority 4106
Address 0019.aa9e.b000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4106 (priority 4096 sys-id-ext 1)
Address 0019.aa9e.b000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. NbrType
F0/2 Desg FWD 19 128.2 P2p
F0/4 Desg FWD 19 128.4 P2p
The highlighted portion of the output includes Address 0019.aa9e.b000 and Address 0019.aa9e.b000 for both the root and bridge ID's.

S1#show run
Building configuration...
Current configuration: 1595 bytes
!
Version 12.2
Output omitted.
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree v lan 1 priority 24576
spanning-tree v lan 10 priority 4096
spanning-tree v lan 20 priority 28672
!
Output omitted.
The highlighted portion of the output includes spanning-tree v lan 1 priority 24576, spanning-tree v lan 10 priority 4096, and spanning-tree v lan 20 priority 28672.


5.4.3 RSTP

Page 1:
What is RSTP?

RSTP (IEEE 802.1w) is an evolution of the 802.1D standard. The 802.1w STP terminology remains primarily the same as the IEEE 802.1D STP terminology. Most parameters have been left unchanged, so users familiar with STP can rapidly configure the new protocol.

In the figure, a network shows an example of RSTP. Switch S1 is the root bridge with two designated ports in a forwarding state. RSTP supports a new port type. Port F0/3 on switch S2 is an alternate port in discarding state. Notice that there are no blocking ports. RSTP does not have a blocking port state. RSTP defines port states as discarding, learning, or forwarding. You will learn more about port types and states later in the chapter.

Click the RSTP Characteristics button in the figure.

RSTP Characteristics

RSTP speeds the recalculation of the spanning tree when the Layer 2 network topology changes. RSTP can achieve much faster convergence in a properly configured network, sometimes in as little as a few hundred milliseconds. RSTP redefines the type of ports and their state. If a port is configured to be an alternate or a backup port it can immediately change to a forwarding state without waiting for the network to converge. The following briefly describes RSTP characteristics:

  • RSTP is the preferred protocol for preventing Layer 2 loops in a switched network environment. Many of the differences were informed by Cisco-proprietary enhancements to 802.1D. These enhancements, such as BPDUs carrying and sending information about port roles only to neighboring switches, require no additional configuration and generally perform better than the earlier Cisco-proprietary versions. They are now transparent and integrated in the protocol's operation.
  • Cisco-proprietary enhancements to 802.1D, such as UplinkFast and BackboneFast, are not compatible with RSTP.
  • RSTP (802.1w) supersedes STP (802.1D) while retaining backward compatibility. Much of the STP terminology remains, and most parameters are unchanged. In addition, 802.1w is capable of reverting back to 802.1D to interoperate with legacy switches on a per-port basis. For example, the RSTP spanning-tree algorithm elects a root bridge in exactly the same way as 802.1D.
  • RSTP keeps the same BPDU format as IEEE 802.1D, except that the version field is set to 2 to indicate RSTP, and the flags field uses all 8 bits. The RSTP BPDU is discussed later.
  • RSTP is able to actively confirm that a port can safely transition to the forwarding state without having to rely on any timer configuration.


5.4.3 - RSTP
The diagram depicts Rapid Spanning Tree Protocol (RSTP). RSTP (i e e e 802 dot 1w) is an evolution of the 802 dot 1D standard. RSTP characteristics are listed.

Network Topology:
Three switches, S1, S2, and S3 are interconnected in a full mesh.
Switch S1 port F0/2 is connected to S2 port F0/2.
Switch S2 port F0/3 is connected to S3 port F0/1.
Switch S3 port F0/4 is connected to S1 port F0/4.
All inter-switch links are 801 dot 1Q trunks.

The diagram depicts switch S1 as the root bridge, with two designated ports in a forwarding state. RSTP supports a new port type. Port F0/3 on switch S2 is an alternate port in discarding state. There are no blocking ports, because RSTP does not have a blocking port state. RSTP defines port states as discarding, learning, or forwarding.

RSTP Characteristics:
Preferred protocol for preventing Layer 2 loops in a switched network.
Transparently integrates Cisco-proprietary enhancements, such as BPDU's sending proposals and agreements to neighbor switches.
Performs better than the earlier Cisco-proprietary enhancements.
Not compatible with some Cisco-proprietary enhancements, such as UplinkFast and BackboneFast.
Defines different port states and port roles.
Backward compatible with 802 dot 1D.
Most configuration parameters unchanged.
Same BPDU format as the i e e e 802 dot 1D BPDU.
Does not need 802 dot 1D timers.


Page 2:
RSTP BPDU

RSTP (802.1w) uses type 2, version 2 BPDUs, so an RSTP bridge can communicate 802.1D on any shared link or with any switch running 802.1D. RSTP sends BPDUs and populates the flag byte in a slightly different manner than in 802.1D:

  • Protocol information can be immediately aged on a port if hellos are not received for three consecutive hello times, 6 seconds by default, or if the max age timer expires.
  • Because BPDUs are used as a keepalive mechanism, three consecutively missed BPDUs indicate lost connectivity between a bridge and its neighboring root or designated bridge. The fast aging of the information allows failures to be detected quickly.

Note: Like STP, an RSTP bridge sends a BPDU with its current information every hello time period (2 seconds by default), even if the RSTP bridge does not receive any BPDUs from the root bridge.

RSTP uses the flag byte of version 2 BPDU as shown in the figure:

  • Bits 0 and 7 are used for topology change and acknowledgment as they are in 802.1D.
  • Bits 1 and 6 are used for the Proposal Agreement process (used for rapid convergence).
  • Bits 2-5 encode the role and state of the port originating the BPDU.
  • Bits 4 and 5 are used to encode the port role using a 2-bit code.


5.4.3 - RSTP
The diagram depicts the structure of an RSTP BPDU.

RSTP Version 2 BPDU:
Field: Protocol ID=0x0000
Byte Length: 2

Field: Protocol Version ID= 0x02
Byte Length: 1

Field: BPDU Type= 0x02
Byte Length: 1

Field: Flags
Byte Length: 1

Field: Root ID
Byte Length: 8

Field: Root Path Cost
Byte Length: 4

Field: Bridge ID
Byte Length: 8

Field: Port ID
Byte Length: 2

Field: Message Age
Byte Length: 2

Field: Max Age
Byte Length: 2

Field: Hello Time
Byte Length: 2

Field: Forward Delay
Byte Length: 2

Flag Field (expanded):
Field Bit: Topology Change, Bit: 0

Field Bit: Proposal, Bit: 1

Field Bit: Port Role, Bit: 2-3
Unknown Port, Bit: 00

Alternate or Backup Port, Bit: 01

Root Port, Bit: 10

Designated Port, Bit: 11

Field Bit: Learning, Bit: 4

Field Bit: Forwarding, Bit: 5

Field Bit: Agreement, Bit: 6

Field Bit: Topology Change Acknowledgement, Bit: 7


5.4.4 Edge Ports

Page 1:
Edge Ports

An RSTP edge port is a switch port that is never intended to be connected to another switch device. It immediately transitions to the forwarding state when enabled.

The edge port concept is well known to Cisco spanning-tree users, because it corresponds to the PortFast feature in which all ports directly connected to end stations anticipate that no switch device is connected to them. The PortFast ports immediately transition to the STP forwarding state, thereby skipping the time-consuming listening and learning stages. Neither edge ports nor PortFast-enabled ports generate topology changes when the port transitions to a disabled or enabled status.

Unlike PortFast, an RSTP edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning-tree port.

The Cisco RSTP implementation maintains the PortFast keyword using the spanning-tree portfast command for edge port configuration. Therefore making an overall network transition to RSTP more seamless. Configuring an edge port to be attached to another switch can have negative implications for RSTP when it is in sync state because a temporary loop can result, possibly delaying the convergence of RSTP due to BPDU contention with loop traffic.


5.4.4 - Edge Ports
The diagram depicts the concepts of edge and non-edge ports and terminology used with RSTP.

Network Topology:
Four switches, S1, S2, S3, and S4, are interconnected. Switches S1, S2, and S3 are connected in a full mesh. Switch S4 connects to S1. Three PC's are connected to switch S2. A database is connected to S4.

The switch ports to which the PC's and the database are connected are all edge ports. All ports interconnecting the switches are non-edge ports.

Edge Ports:
Never have a switch connected to them.
Immediately transition to forwarding.
Function similarly to a port configured with Cisco PortFast.
On a Cisco switch, configure using the spanning-tree portfast command.

Non-Edge Ports:
Always attached to another switch port.


5.4.5 Link Types

Page 1:
Link Types

The link type provides a categorization for each port participating in RSTP. The link type can predetermine the active role that the port plays as it stands by for immediate transition to forwarding state if certain conditions are met. These conditions are different for edge ports and non-edge ports. Non-edge ports are categorized into two link types, point-to-point and shared. The link type is automatically determined, but can be overwritten with an explicit port configuration.

Edge ports, the equivalent of PortFast-enabled ports, and point-to-point links are candidates for rapid transition to a forwarding state. However, before the link type parameter is considered, RSTP must determine the port role. You will learn about port roles next, but for now know that:

  • Root ports do not use the link type parameter. Root ports are able to make a rapid transition to the forwarding state as soon as the port is in sync.
  • Alternate and backup ports do not use the link type parameter in most cases.
  • Designated ports make the most use of the link type parameter. Rapid transition to the forwarding state for the designated port occurs only if the link type parameter indicates a point-to-point link.


5.4.5 - Link Types
The diagram depicts the two RSTP link types, point-to-point and shared.

Network Topology:
Three switches, S1, S2, and S3, are connected in a full mesh. Hub H1 connects to S1. Router R1 connects to H1. Three PC's are connected to switch S2.

The links from the PC's to the switches and the links interconnecting the switches are point-to-point links. The link from the hub to switch S1 is a shared link.

Switch S1 is the root bridge. The S2 ports to the PC's are edge ports. The S2 port to S1 and the S3 port to S1 are root ports (F in the diagram = Forwarding). The S2 port to S3 is an alternate port (DIS in the diagram = Discarding). The S1 ports to S2 and S3 are designated ports (F), as is the S3 port to S2.

Point-to-Point Link Type:
This link type is attached to switch ports that are operating in full-duplex mode.
This link connects to a single switch device.

Shared Link Type:
This link type is attached to a port that is operating in half-duplex mode.
The port is connected to a shared media where multiple switches might exist.


5.4.6 RSTP Port States and Port Roles

Page 1:
RSTP Port States

RSTP provides rapid convergence following a failure or during re-establishment of a switch, switch port, or link. An RSTP topology change causes a transition in the appropriate switch ports to the forwarding state through either explicit handshakes or a proposal and agreement process and synchronization. You will learn more about the proposal and agreement process later.

With RSTP, the role of a port is separated from the state of a port. For example, a designated port could be in the discarding state temporarily, even though its final state is to be forwarding. The figure shows the three possible RSTP port states: discarding, learning, and forwarding.

Click the Descriptions button in the figure.

The table in the figure describes the characteristics of each of the three RSTP port states. In all port states, a port accepts and processes BPDU frames.

Click the STP and RSTP Ports button in the figure.

The table in the figure compares STP and RSTP port states. Recall how the ports in the STP blocking, listening and disabled port states do not forward any frames. These port states have been merged into the RSTP discarding port state.


5.4.6 - RSTP Port States and Port Roles
The diagram depicts the three RTSP port states: discarding, learning, and forwarding.

Discarding:
The discarding state occurs in both a stable active topology and during topology synchronization and changes. The discarding state prevents the forwarding of data frames, thus breaking the continuity of a Layer 2 loop.

Learning:
The learning state occurs in both a stable active topology and during topology synchronization and changes. The learning state accepts data frames to populate the MAC table to limit the flooding of unknown unicast frames.

Forwarding:
The forwarding state occurs only in stable active topologies. The forwarding switch ports determine the topology. After a topology change or during synchronization, data frames are forwarded only after a proposal and agreement process.

Comparing STP and RSTP Port States:

Operational Port State: Enabled
STP Port State: Blocking
RSTP Port State: Discarding

Operational Port State: Enabled
STP Port State: Listening
RSTP Port State: Discarding

Operational Port State: Enabled
STP Port State: Learning
RSTP Port State: Learning

Operational Port State: Enabled
STP Port State: Forwarding
RSTP Port State: Forwarding

Operational Port State: Disabled
STP Port State: Disabled
RSTP Port State: Discarding


Page 2:
RSTP Port Roles

The port role defines the ultimate purpose of a switch port and how it handles data frames. Port roles and port states are able to transition independently of each other. Creating the additional port roles allows RSTP to define a standby switch port before a failure or topology change. The alternate port moves to the forwarding state if there is a failure on the designated port for the segment.

Roll over the port roles in the figure to learn more about each RSTP port role.


5.4.6 - RSTP Port States and Port Roles
The diagram depicts the RSTP port roles.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh. Switch S1 port F0/2 is connected to S2 port F0/2. Switch S1 port F0/6 is connected to S2 port F0/6. Switch S2 port F0/3 is connected to S3 port F0/1, and switch S3 port F0/4 is connected to S1 port F0/4. Switch S1 is the root bridge.

F = Forwarding
DIS = Discarding

Root Ports (F): Switches S2 port F0/2 and S2 port F0/2.
The root port is the switch port on every non-root bridge that is the chosen path to the root bridge. A switch can only have one root port. The root port assumes the forwarding state in a stable active topology. The diagram depicts the root port as port F0/2 on switch S2 and port F0/4 on switch S3.

Designated Ports (F): Switch S1 ports F0/2 and F0/4, and switch S3 port F0/1.
Each segment has at least one switch port that is the designated port. The diagram depicts ports F0/1 on switch S3 and F0/2 on switch S1 as the designated ports.
In a stable active topology, the switch with the designated port receives frames on the segment that are destined for the root bridge. Each segment can only have one designated port. The designated port assumes the forwarding state. Therefore, F0/1 on switch S3 and F0/2 and F0/4 on switch S1 are in the forwarding state. All switches connected to a given segment listen to all BPDU's and determine the switch that will be the designated switch for a particular segment.

Alternate Ports (DIS): Switch S2 port F0/3.
The alternate port is a switch port that offers an alternate path toward the root bridge. Port F0/3 on switch S2 is in the alternate role. The alternate port assumes a discarding state in a stable active topology. An alternate port is present on non-designated switches and transitions to a designated port if the current designated path fails.

Backup Ports (DIS): Switch S2 port F0/6.
The backup port is an additional switch port on the designated switch with a redundant link to the segment for which the switch is designated. A backup port has a higher port ID than the designated port on the designated switch. The backup port assumes the discarding state in a stable active topology. The diagram depicts port F0/6 on switch S2 as the backup port, and it has assumed the discard role.


Page 3:
RSTP Proposal and Agreement Process

In IEEE 802.1D STP, when a port has been selected by spanning tree to become a designated port, it must wait two times the forward delay before transitioning the port to the forwarding state. RSTP significantly speeds up the recalculation process after a topology change, because it converges on a link-by-link basis and does not rely on timers expiring before ports can transition. Rapid transition to the forwarding state can only be achieved on edge ports and point-to-point links. In RSTP, this condition corresponds to a designated port in the discarding state.

Click the Play button in the figure to start the animation.


5.4.6 - RSTP Port States and Port Roles
The animation depicts the RSTP STP proposal and agreement process.

Network Topology:
Four switches, S1, S2, S3, and S4, are interconnected with no redundant paths. Switch S2 port F0/2 is connected to S4 port F0/2. Switch S2 port F0/3 is connected to S3 port F0/1, and switch S3 port F0/4 is connected to S1 port F0/4. Switch S1 is the root bridge.

When the animation starts, a new link is added between switches S1 port F0/5 and S4 port F0/5, which creates a potential for switching loops.

Animation Sequence:
One. Switches S1 and S4 start a proposal and agreement process.
Two. Switch S1 sends S4 a proposal BPDU.
Three. Synchronization begins for switches S1 and S4.
Four. Switch S4 sends S1 an agreement.
Five. Synchronization ends for switches S1 and S4.
Six. Switches S4 and S2 start a proposal and agreement process.
Seven. Switch S4 sends S2 a proposal BPDU.
Eight. Synchronization begins for switches S4 and S2.
Nine. Synchronization continues for switches S4 and S2.
Ten. A BPDU is exchanged between S2 and S3.
Eleven. Switch S3 compares the local B ID to the B ID in the proposal BPDU from S2.
Twelve. Switch S3 blocks F0/4 and turns port F0/1 to designated discarding.
Thirteen. S3 determines that the B ID in the proposal BPDU from S2 is higher.
Fourteen. S3 sends back an agreement BPDU with its lower B ID to S2.
Fifteen. Switch S2 changes port F0/3 to alternate discarding.
Sixteen. Switch S3 changes port F0/1 to designated forwarding and port F0/4 to root port forwarding.
Seventeen. A BPDU is exchanged between switches S3 and S1.
Eighteen. Switch S1 compares the local B ID to the B ID in the proposal BPDU from S3.
Nineteen. Switch S1 blocks F0/5 and turns port F0/4 to designated discarding.
Twenty. S1 determines that the B ID in the proposal BPDU from S3 is higher.
Twenty One. S1 sends back an agreement BPDU with its lower B ID to S3.
Twenty Two. Switch S1 changes ports F0/4 and F0/5 to designated forwarding.

When the animation ends, the switch ports roles are as follows:

Switch S1 Port F0/4: Designated (Forwarding)
Switch S1 Port F0/5: Designated (Forwarding)
Switch S2 Port F0/2: Root (Forwarding)
Switch S2 Port F0/3: Alternate (Discarding)
Switch S3 Port F0/1: Designated (Forwarding)
Switch S3 Port F0/4: Root (Forwarding)
Switch S4 Port F0/2: Designated (Forwarding)
Switch S4 Port F0/5: Root (Forwarding)


5.4.7 Configuring Rapid-PVST+

Page 1:
Rapid-PVST+ is a Cisco implementation of RSTP. It supports spanning tree for each VLAN and is the rapid STP variant to use in Cisco-based networks. The topology in the figure has two VLANs: 10 and 20. The final configuration will implement rapid-PVST+ on switch S1, which is the root bridge.

Configuration Guidelines

It is useful to review some of the spanning tree configuration guidelines. If you would like to review the default spanning-tree configuration on a Cisco 2960 switch, see the Default Switch Configuration section earlier in this chapter. Keep these guidelines in mind when you implement rapid-PVST+.

Rapid-PVST+ commands control the configuration of VLAN spanning-tree instances. A spanning-tree instance is created when an interface is assigned to a VLAN and is removed when the last interface is moved to another VLAN. As well, you can configure STP switch and port parameters before a spanning-tree instance is created. These parameters are applied when a loop is created and a spanning-tree instance is created. However, ensure that at least one switch on each loop in the VLAN is running spanning tree, otherwise a broadcast storm can result.

The Cisco 2960 switch supports PVST+, rapid-PVST+, and MSTP, but only one version can be active for all VLANs at any time.

For details on configuring the STP software features on a Cisco 2960 series switch visit this Cisco site:

http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a0080875377.html.

Click the Configuration Commands button in the figure.

The figure shows the Cisco IOS command syntax needed to configure rapid-PVST+ on a Cisco switch. There are other parameters that can also be configured.

Note: If you connect a port configured with the spanning-tree link-type point-to-point command to a remote port through a point-to-point link and the local port becomes a designated port, the switch negotiates with the remote port and rapidly changes the local port to the forwarding state.

Note: When a port is configured with the clear spanning-tree detected-protocols command and that port is connected to a port on a legacy IEEE 802.1D switch, the Cisco IOS software restarts the protocol migration process on the entire switch. This step is optional, though recommended as a standard practice, even if the designated switch detects that this switch is running rapid-PVST+.

For complete details on all the parameters associated with specific Cisco IOS commands, visit: http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_37_se/command/reference/cli3.html.

Click the Example Configuration button in the figure.

The example configuration shows the rapid-PVST+ commands being enabled on switch S1.

Click the Verify button in the figure.

The show spanning-tree vlan vlan-id command shows the configuration of VLAN 10 on switch S1. Notice that the BID priority is set to 4096. The BID was set using the spanning-tree vlan vlan-id priority priority-number command.

Click the show run button in the figure.

In this example, the show running-configuration command has been used to verify the rapid-PVST+ configuration on S1.


5.4.7 - Configuring Rapid-PVST+
The diagram depicts configuring and verifying Cisco Rapid-PVST+

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh. Switch S1 port F0/2 is connected to S2 port F0/2. Switch S2 port F0/3 is connected to S3 port F0/1, and switch S3 port F0/4 is connected to S1 port F0/4. All inter-switch links are 801 dot 1Q trunks carrying V LAN 10 and V LAN 20. Switch S1 is the root bridge.

Configuration Commands:
Enter global configuration mode.
configure terminal
Configure rapid PVST+ spanning-tree mode.
spanning-tree mode rapid-pvst
Specify an interface to configure, and enter interface configuration mode. The V LAN ID range is 1 to 4094. The port-channel range is 1 to 6.
interface
Specify that the link type for this port is point-to-point.
spanning-tree link-type point-to-point
Return to privileged EXEC mode.
end
Clear all detected STP's.
clear spanning-tree detected-protocols

Example Configuration:
S1#configure terminal
S1(config)#spanning-tree mode rapid-pvst
S1(config)#interface f0/2
S1(config-i f)#spanning-tree link-type point-to-point
S1(config-i f)#end
S1#clear spanning-tree detected-protocols

Verification:
S1#show spanning-tree v lan 10

S1#show spanning-tree
V LAN 0010
Spanning tree enabled protocol i e e e
Root ID Priority 4106
Address 0019.aa9e.b000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4106 (priority 4096 sys-id-ext 1)
Address 0019.aa9e.b000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/2 Desg LRN 19 128.2 P2p
F0/4 Desg LRN 19 128.4 P2p
Output omitted.


Show run output:
S1# show run

Output omitted.

Spanning-tree mode rapid-pvst
Spanning-tree extend system-id
Spanning-tree v lan 1 priority 24576
Spanning-tree v lan 10 priority 4096
Spanning-tree v lan 20 priority 28672
!
Output omitted.
S1#


5.4.8 Design STP for Trouble Avoidance

Page 1:
Know Where the Root Is

You now know that the primary function of the STA is to break loops that redundant links create in bridge networks. STP operates at Layer 2 of the OSI model. STP can fail in some specific cases. Troubleshooting the problem can be very difficult and depends on the design of the network. That is why it is recommended that you perform the most important part of the troubleshooting before the problem occurs.

Very often information about the location of the root is not available at troubleshooting time. Do not leave it up to the STP to decide which bridge is root. For each VLAN, you can usually identify which switch can best serve as root. Generally, choose a powerful bridge in the middle of the network. If you put the root bridge in the center of the network with a direct connection to the servers and routers, you reduce the average distance from the clients to the servers and routers.

The figure shows:

  • If switch S2 is the root, the link from S1 to S3 is blocked on S1 or S3. In this case, hosts that connect to switch S2 can access the server and the router in two hops. Hosts that connect to bridge S3 can access the server and the router in three hops. The average distance is two and one-half hops.
  • If switch S1 is the root, the router and the server are reachable in two hops for both hosts that connect on S2 and S3. The average distance is now two hops.
The logic behind this simple example transfers to more complex topologies.

Note: For each VLAN, configure the root bridge and the backup root bridge using lower priorities.


5.4.8 - Designing an STP for Trouble Avoidance
The diagram depicts a major factor in STP design, which is know where the root is. A switched network is shown with the questions: "What if S1 is the root?" and "What if S2 is the root?"

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh. Switch S1 has a router and a mainframe type computer attached. Switches S2 and S3 each have a PC attached.


Page 2:
To make it easier to solve STP problems, plan the organization of your redundant links. In non-hierarchical networks you might need to tune the STP cost parameter to decide which ports to block. However, this tuning is usually not necessary if you have a hierarchical design and a root bridge in a good location.

Note: For each VLAN, know which ports should be blocking in the stable network. Have a network diagram that clearly shows each physical loop in the network and which blocked ports break the loops.

Knowing the location of redundant links helps you identify an accidental bridging loop and the cause. Also, knowing the location of blocked ports allows you to determine the location of the error.

Minimize the Number of Blocked Ports

The only critical action that STP takes is the blocking of ports. A single blocking port that mistakenly transitions to forwarding can negatively impact a large part of the network. A good way to limit the risk inherent in the use of STP is to reduce the number of blocked ports as much as possible.

VTP Pruning

You do not need more than two redundant links between two nodes in a switched network. However, a configuration shown in the figure is common. Distribution switches are dual-attached to two core switches, switches, C1 and C2. Users on switches S1 and S2 that connect on distribution switches are only in a subset of the VLANs available in the network. In the figure, users that connect on switch D1 are all in VLAN 20; switch D2 only connects users in VLAN 30. By default, trunks carry all the VLANs defined in the VTP domain. Only switch D1 receives unnecessary broadcast and multicast traffic for VLAN 20, but it is also blocking one of its ports for VLAN 30. There are three redundant paths between core switch C1 and core switch C2. This redundancy results in more blocked ports and a higher likelihood of a loop.

Note: Prune any VLAN that you do not need off your trunks.

Click the Manual Pruning button in the figure.

Manual Pruning

VTP pruning can help, but this feature is not necessary in the core of the network. In this figure, only an access VLAN is used to connect the distribution switches to the core. In this design, only one port is blocked per VLAN. Also, with this design, you can remove all redundant links in just one step if you shut down C1 or C2.


5.4.8 - Designing an STP for Trouble Avoidance
The diagram depicts the benefits of hierarchical design and pruning V LAN's using STP and manual pruning.

Network Topology:
Six switches are shown. S1 and S2 are Access Layer switches, each with three PC's attached. D1 and D2 are Distribution Layer switches, and C1 and C2 are Core Layer switches.
Switch S1 connects to D1.
Switch S2 connects to D2.
Switch D1 connects C1 and C2.
Switch D2 connects C1 and C2.
Switches C1 and C2 are connected to each other.
Users on V LAN 20 are connected to switch S1.
Users on V LAN 30 are connected to switch S2.
Switches D1 and D2 are each blocking one of the ports to C1 or C2.

All switch links are trunks.

VTP Pruning:
The diagram depicts the Distribution Layer switches as dual-attached to two Core Layer switches, C1 and C2. Users that connect on switch D1 are all in V LAN 20; switch D2 only connects users in V LAN 30. By default, trunks carry all the V LAN's defined in the VTP domain. Only switch D1 receives unnecessary broadcast and multicast traffic for V LAN 20, but it is also blocking one of its ports for V LAN 30. There are three redundant paths between C1 and C2. This redundancy results in more blocked ports and a higher likelihood of a loop.

Manual Pruning:
VTP pruning can help, but it is not necessary in the core of the network. The diagram shows only an access V LAN used to connect the distribution switches to the core. In this design, only one port is blocked per V LAN.


Page 3:
Use Layer 3 Switching

Layer 3 switching means routing approximately at the speed of switching. A router performs two main functions:

  • It builds a forwarding table. The router generally exchanges information with peers by way of routing protocols.
  • It receives packets and forwards them to the correct interface based on the destination address.

High-end Cisco Layer 3 switches are now able to perform this second function, at the same speed as the Layer 2 switching function. In the figure:

  • There is no speed penalty with the routing hop and an additional segment between C1 and C2.
  • Core switch C1 and core switch C2 are Layer 3 switches. VLAN 20 and VLAN 30 are no longer bridged between C1 and C2, so there is no possibility for a loop.

Redundancy is still present, with a reliance on Layer 3 routing protocols. The design ensures a convergence that is even faster than convergence with STP.

  • STP no longer blocks any single port, so there is no potential for a bridging loop.
  • Leaving the VLAN by Layer 3 switching is as fast as bridging inside the VLAN.


5.4.8 - Designing an STP for Trouble Avoidance
The diagram depicts the benefits of Layer 3 switching in hierarchical network design.

Network Topology:
Six switches are shown. S1 and S2 are Access Layer switches, each with three PC's attached. D1 and D2 are Distribution Layer switches, and C1 and C2 are Core Layer switches.
Switch S1 connects to D1.
Switch S2 connects to D2.
Switch D1 connects C1 and C2.
Switch D2 connects C1 and C2.
Switches C1 and C2 are connected to each other.
Users on V LAN 20 are connected to switch S1.
Users on V LAN 30 are connected to switch S2.

C1 and C2 are Layer 3 switches and are connected to each other using a routed link. Redundancy is still present, with a reliance on Layer 3 routing protocols. The design ensures a convergence that is even faster than convergence with STP. STP no longer blocks any single port, so there is no potential for a bridging loop.


Page 4:
Final Points

Keep STP Even If It Is Unnecessary

Assuming you have removed all the blocked ports from the network and do not have any physical redundancy, it is strongly suggested that you do not disable STP.

STP is generally not very processor intensive; packet switching does not involve the CPU in most Cisco switches. Also, the few BPDUs that are sent on each link do not significantly reduce the available bandwidth. However, if a technician makes a connection error on a patch panel and accidentally creates a loop, the network will be negatively impacted. Generally, disabling STP in a switched network is not worth the risk.

Keep Traffic off the Administrative VLAN and Do Not Have a Single VLAN Span the Entire Network

A Cisco switch typically has a single IP address that binds to a VLAN, known as the administrative VLAN. In this VLAN, the switch behaves like a generic IP host. In particular, every broadcast or multicast packet is forwarded to the CPU. A high rate of broadcast or multicast traffic on the administrative VLAN can adversely impact the CPU and its ability to process vital BPDUs. Therefore, keep user traffic off the administrative VLAN.

Until recently, there was no way to remove VLAN 1 from a trunk in a Cisco implementation. VLAN 1 generally serves as an administrative VLAN, where all switches are accessible in the same IP subnet. Though useful, this setup can be dangerous because a bridging loop on VLAN 1 affects all trunks, which can bring down the whole network. Of course, the same problem exists no matter which VLAN you use. Try to segment the bridging domains using high-speed Layer 3 switches.

Note: As of Cisco IOS Software Release 12.1(11b)E, you can remove VLAN 1 from trunks. VLAN 1 still exists, but it blocks traffic, which prevents any loop possibility.


5.4.8 - Designing an STP for Trouble Avoidance
The diagram depicts the final points of this section.

Keep STP even if it is unnecessary.
Do not disable STP.
STP is not very processor-intensive.
The few BPDU's sent on each link do not reduce bandwidth.
A bridge network without STP can go down in a fraction of a second.

Keep traffic off the administrative V LAN.
A high rate of broadcast or multicast traffic on the administrative V LAN adversely affects the ability of a CPU to process vital BPDU's.

Do not have a single V LAN span the entire network.
V LAN 1 serves as an administrative V LAN, where all switches are accessible in the same IP subnet.
A bridging loop on V LAN 1 affects all trunks and can bring down the network.
Segment the bridging domains using high-speed Layer 3 switches.


5.4.9 Troubleshoot STP Operation

Page 1:
Switch or Link Failure

In the animation you see that when a port fails in a network configured with STP, a broadcast storm may result.

In the intial state of the STP failure scenario, switch S3 has a lower BID than S2 consequently the designated port between S3 and S2 is port F0/1 on switch S3. Switch S3 is considered to have a "better BPDU" than switch S2.

Click the Play button in the figure to see STP fail.


5.4.9 - Troubleshooting STP Operation
The animation depicts an STP failure scenario.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh. Switch S1 port F0/5 is connected to S2 port F0/2. Switch S1 port F0/4 is connected to S3 port F0/4. Switch S2 port F0/3 is connected to S3 port F0/1, and switch S3 port F0/4 is connected to S1 port F0/4. Switch S1 is the root bridge. S2 port F0/3 is currently blocked by STP.

Initial switch and port status:

Switch S1 (Root bridge):
Root ID: 32768.00-00-00-00-00-01
Bridge ID: 32768.00-00-00-00-00-01
F0/4: Designated port (Forwarding)
F0/5: Designated port (Forwarding)

Switch S2:
Root ID: 32768.00-00-00-00-00-03
Bridge ID: 32768.00-00-00-00-00-01
F0/2: Root port (Forwarding)
F0/3: Non-designated port (Blocking)

Switch S3 Bridge ID:
Root ID: 32768.00-00-00-00-00-02
Bridge ID: 32768.00-00-00-00-00-01
F0/1: Designated port (Forwarding)
F0/4: Root port (Forwarding)

Animation sequence:
One. The network in its current state is fully converged.
Two. Switch S3 has a better BPDU than switch S2, and as long as port F0/3 on switch S2 receives BPDU's from switch S3, port F0/3 on switch S2 will stay in blocking mode and discard all broadcasts received from switch S3.

Three. For some reason, port F0/3 on switch S2 fails to receive BPDU's for the default max_age time of 20 seconds. Most spanning-tree algorithm failures occur because of excessive losses of BPDU's causing blocked ports to transition to forwarding mode.

Four. Port F0/3 on switch S2 transitions to the forwarding state. The F0/3 port on switch S2 has gone from blocking to forwarding, and switching loops can now occur.

Five. The result is a spanning-tree failure. A broadcast storm is occurring.


Page 2:
Troubleshoot a Failure

Unfortunately, there is no systematic procedure to troubleshoot an STP issue. This section summarizes some of the actions that are available to you. Most of the steps apply to troubleshooting bridging loops in general. You can use a more conventional approach to identify other failures of STP that lead to a loss of connectivity. For example, you can explore the path being taken by the traffic that is experiencing a problem.

Note: In-band access may not be available during a bridging loop. For example, during a broadcast storm you may not be able to Telnet to the infrastructure devices. Therefore, out-of-band connectivity, such as console access may be required.

Before you troubleshoot a bridging loop, you need to know at least these items:

  • Topology of the bridge network
  • Location of the root bridge
  • Location of the blocked ports and the redundant links

This knowledge is essential. To know what to fix in the network, you need to know how the network looks when it works correctly. Most of the troubleshooting steps simply use show commands to try to identify error conditions. Knowledge of the network helps you focus on the critical ports on the key devices.

The rest of this topic briefly looks at two common spanning tree problems, a PortFast configuration error and network diameter issues. To learn about other STP issues, visit: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.shtml.


5.4.9 - Troubleshooting STP Operation
The diagram depicts what you need to know to troubleshoot a failure.

To troubleshoot a bridging loop, you need to know:
- The topology of the bridge network.
- The location of the root bridge.
- The location of the blocked ports and the redundant links.


Page 3:
PortFast Configuration Error

You typically enable PortFast only for a port or interface that connects to a host. When the link comes up on this port, the bridge skips the first stages of the STA and directly transitions to the forwarding mode.

Caution: Do not use PortFast on switch ports or interfaces that connect to other switches, hubs, or routers. Otherwise, you may create a network loop.

In this example, port F0/1 on switch S1 is already forwarding. Port F0/2 has erroneously been configured with the PortFast feature. Therefore, when a second connection from switch S2 is connected to F0/2 on S1, the port automatically transitions to forwarding mode and creates a loop.

Eventually, one of the switches will forward a BPDU and one of these switches will transition a port into blocking mode.

However, there is a problem with this kind of transient loop. If the looped traffic is very intensive, the switch can have trouble successfully transmitting the BPDU that stops the loop. This problem can delay the convergence considerably or in some extreme cases can actually bring down the network.

Even with a PortFast configuration, the port or interface still participates in STP. If a switch with a lower bridge priority than that of the current active root bridge attaches to a PortFast-configured port or interface, it can be elected as the root bridge. This change of root bridge can adversely affect the active STP topology and can render the network suboptimal. To prevent this situation, most Catalyst switches that run Cisco IOS software have a feature called BPDU guard. BPDU guard disables a PortFast-configured port or interface if the port or interface receives a BPDU.

For more information on using PortFast on switches that run Cisco IOS software, refer to the document "Using PortFast and Other Commands to Fix Workstation Startup Connectivity Delays," available at: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00800b1500.shtml.

For more information on using the BPDU guard feature on switches that run Cisco IOS software, visit: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml.


5.4.9 - Troubleshooting STP Operation
The diagram depicts a PortFast configuration error on a switch port that connects two switches.

Switch S1 is connected to switch S2 with a single link, initially using designated port F0/1, which is in the forwarding state. Then a second link is added to port F0/2 that is configured with PortFast, but should not be.

Step 1. The second link cable is connected from S2 to S1 PortFast F0/2.
Step 2. A transparent loop results, with port F0/1 and F0/2 forwarding.
Step 3. Port F0/2 receives a BPDU, and port F0/2 is in blocking mode.


Page 4:
Network Diameter Issues

Another issue that is not well known relates to the diameter of the switched network. The conservative default values for the STP timers impose a maximum network diameter of seven. In the figure this design creates a network diameter of eight. The maximum network diameter restricts how far away swtiches in the network can be from each other. In this case, two distinct switches cannot be more than seven hops away. Part of this restriction comes from the age field that BPDUs carry.

When a BPDU propagates from the root bridge toward the leaves of the tree, the age field increments each time the BPDU goes though a switch. Eventually, the switch discards the BPDU when the age field goes beyond maximum age. If the root is too far away from some switches of the network, BPDUs will be dropped. This issue affects convergence of the spanning tree.

Take special care if you plan to change STP timers from the default value. There is danger if you try to get faster convergence in this way. An STP timer change has an impact on the diameter of the network and the stability of the STP. You can change the switch priority to select the root bridge, and change the port cost or priority parameter to control redundancy and load balancing.


5.4.9 - Troubleshooting STP Operation
The diagram depicts network diameter issues.

Two PC's are interconnected by many switches, resulting in more than seven switches to get from one PC to another. This is a problem for STP default timer values.


Page 5:


5.4.9 - Troubleshooting STP Operation
Activity One. The diagram depicts an activity in which you must indicate which STP or RSTP port states are related to each other when associated with a specific operation port state.

Operation Port States:
- Enabled
- Disabled

STP Port States:
- Blocking
- Listening
- Learning
- Forwarding
- Disabled

RSTP Port States:
- Discarding
- Learning
- Forwarding

Activity Two. The diagram depicts an activity in which you must indicate which port type is associated with each port in the diagram.

Network Topology:
Four switches, S1, S2, S3, and S4, are interconnected. Switches S1, S2, and S3 are connected in a full mesh. Switch S4 connects to S1. Three PC's are connected to switch S3. A database is connected to S4.

RP = Root port
DP = Designated port
AP = Alternate port
EP = Edge port

Switch S1 has the following information associated with it:
Priority = 32769
MAC Address = 000A00111111

Switch S2 has the following information associated with it:
Priority = 24577
MAC Address = 000A00333333

Switch S3 has the following information associated with it:
Priority = 32769
MAC Address = 000A00222222

Switch S4 has the following information associated with it:
Priority = 32769
MAC Address = 000A00444444


Note: Contact your instructor for assistance with this activity.


5.5 Chapter Labs

5.5.1 Basic Spanning Tree Protocol

Page 1:
One of the design goals of any network is redundancy. If a network link fails, is there a backup link that can immediately switch the traffic that was previously going over the down link? Physical redundancy in the network is necessary to prevent network outages or down time. However that same physical redundancy in the network creates a logical problem. If there is physical redundancy in the switch network, how do you prevent Layer 2 loops from occuring? Spanning Tree Protocol (STP) was written to solve this problem. In this lab we will learn how to configure STP.


5.5.1 - Basic Spanning Tree Protocol
Link to Hands-on Lab: Basic Spanning Tree Protocol


5.5.2 Challenge Spanning Tree Protocol

Page 1:
A strong understanding of how to configure Spanning Tree Protocol is fundamental to implementing switched networks. This lab will give you additional practice in configuring it.


5.5.2 - Challenge Spanning Tree Protocol
Link to Hands-on Lab: Challenge Spanning Tree Protocol


Page 2:
This activity is a variation of Lab 5.5.2. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


5.5.2 - Challenge Spanning Tree Protocol
Link to Packet Tracer Exploration: Challenge Spanning Tree Protocol


5.5.3 Troubleshooting Spanning Tree Protocol

Page 1:
You are responsible for the operation of the redundant switched LAN shown in the topology diagram. You and your users have been observing increased latency during peak usage times, and your analysis points to congested trunks. You recognize that of the six trunks configured, only three are forwarding packets in the default STP configuration currently running. The solution to this problem requires more effective use of the available trunks. The PVST+ feature of Cisco switches provides the required flexibility to distribute the inter-switch traffic using all six trunks.

This lab is complete when all wired trunks are carrying traffic, and all three switches are participating in per-VLAN load balancing for the three user VLANs.


5.5.3 - Troubleshooting Spanning Tree Protocol
Link to Hands-on Lab: Troubleshooting Spanning Tree Protocol


Page 2:
This activity is a variation of Lab 5.5.3. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


5.5.3 - Troubleshooting Spanning Tree Protocol
Link to Packet Tracer Exploration: Troubleshooting Spanning Tree Protocol


5.6 Chapter Summary

5.6.1 Summary

Page 1:
Implementing redundancy in a hierarchical network introduces physical loops that result in Layer 2 issues which impact network availability. To prevent problems resulting from physical loops introduced to enhance redundancy, the spanning-tree protocol was developed. The spanning-tree protocol uses the spanning-tree algorithm to compute a loop-free logical topology for a broadcast domain.

The spanning-tree process uses different port states and timers to logically prevent loops by constructing a loop-free topology. The determination of the spanning-tree topology is constructed in terms of the distance from the root bridge. The distance is determined by the exchange of BPDUs and spanning-tree algorithm. In the process, port roles are determined: designated ports, non-designated ports, and root ports.

Using the original IEEE 802.1D spanning-tree protocol involves a convergence time of up to 50 seconds. This time delay is unacceptable in modern switched networks, so the IEEE 802.1w rapid spanning-tree protocol was developed. The per-VLAN Cisco implementation of IEEE 802.1D is called PVST+ and the per-VLAN Cisco implementation of rapid spanning-tree protocol is rapid PVST+. RSTP reduces convergence time to approximately 6 seconds or less.

We discussed point-to-point and shared link types with RSTP, as well as edge ports. We also discussed the new concepts of alternate ports and backup ports used with RSTP.

Rapid PVST+ is the preferred spanning-tree protocol implementation used in a switched network running Cisco Catalyst switches.


5.6.1 - Summary and Review
In this chapter, you have learned:
STP prevents loops from being formed in a hierarchical network that implements redundant links.
STP uses different port states and timers to prevent loops from occurring.
One switch in the network is designated as the root bridge. The root bridge is determined through an election process where BPDU frames are exchanged between neighboring switches in a broadcast domain.
All other switches in the network use the spanning-tree algorithm to determine their switch port roles. Switch ports closest to the root bridge become root ports. The remaining non-root ports compete for designated or non-designated roles.
Because STP convergence can take up to 50 seconds to complete, RSTP and rapid PVST+ were developed.
RSTP reduces the convergence time to a little over 6 seconds.
Rapid PVST+ adds V LAN support to RSTP. Rapid PVST+ is the preferred implementation used on a Cisco switch network.


Page 2:


5.6.1 - Summary and Review
This is a review and is not a quiz. Questions and answers are provided.
Question One. Which of the following statements are true and which are false?
Answers:
A. Ethernet frames do not have a time to live (TTL). True.

B. Broadcast frames are forwarded out all switch ports, except the originating port. True.

C. In a hierarchical design, redundancy is achieved at the Distribution Layer and Core Layer through additional hardware and alternate paths through the additional hardware. True.

D. Layer 2 loops result in low CPU load on all switches caught in the loop. False.

E. A broadcast storm results when there are so many broadcast frames caught in a Layer 2 loop that all available bandwidth is consumed. True.

F. Most upper layer protocols are designed to recognize or cope with duplicate transmissions. False.

G. Layer 2 loops arise as a result of multiple paths, and STP can be used to block these loops. True.

Question Two. A converged STP topology is pictured with switch S1 as the root bridge. Fill in the boxes with the appropriate description: root port, designated port, or non-designated port.
Answer:
Refer to the following diagram description to answer the question.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh.
Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk 1).
Switch S2 port F0/2 is connected to S3 port F0/2 (Trunk 2).
Switch S3 port F0/1 is connected to S1 port F0/2 (Trunk 3).
The S3 port F0/2 is in the blocking state.
Switch S1 is connected to PC3, which has IP address 172.17.10.27.
Three PC's, PC1, PC2, and PC3, are connected to switch S2 ports F0/11, F0/18, and F0/6, respectively. The PC1 IP address is 172.17.10.21, the PC2 IP address is 172.17.10.22, and the PC3 IP address is 172.17.10.23.

Ports to be identified their role:
Switch S1 Port F0/1 = Designated port
Switch S1 Port F0/2 = Designated port
Switch S2 Port F0/1 = Root port
Switch S2 Port F0/2 = Designated port
Switch S3 Port F0/1 = Root port
Switch S3 Port F0/2 = Non-designated port

Question Three. Refer to the command output below. What can be concluded about interface Fa0/2?

Command output:

S3#show spanning-tree
V LAN 0001
Spanning tree enabled protocol i e e e
Root ID Priority 27577
Address 000A.0033.3333
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000A.0022.2222
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface: Role Sts Cost Prio. Nbr Type
F0/1 Root FWD 19 128.1 Shr
F0/2 Altn FWD 19 128.2 Shr

A. It is a designated port.
B. It is a non-designated port.
C. It is a root port.

The answer is B.

Question Four. Match the term on the left with the appropriate description.

Terms:
PVST = Answer D
PVST+ = Answer C
RSTP = Answer E
MSTP = Answer B
802 dot 1D = Answer A

Descriptions:
A. Original STP.
B. V LAN's are mapped to instances.
C. Proprietary, but supports 802 dot 1Q trunking.
D. Relies on ISL trunking.
E. Faster convergence after a topology change.


Page 3:
In this activity, you will configure a redundant network with VTP, VLANs, and STP. In addition, you will design an addressing scheme based on user requirements. The VLANs in this activity are different than what you have seen in previous chapters. It is important for you to know that the management and default VLAN does not have to be 99. It can be any number you choose. Therefore, we use VLAN 5 in this activity.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.


5.6.1 - Summary and Review
Link to Packet Tracer Exploration: Packet Tracer Skills Integration Challenge



5.7 Chapter Quiz

5.7.1 Chapter Quiz

Page 1:


5.7.1 - Chapter Quiz
1.Which are two problems associated with redundant switched Ethernet topologies? (Choose two.)
A.Broadcast storms.
B.Routing loops.
C.Multiple frame copies.
D.Load balancing.
E.Incorrect frame addressing.
F.Unicast frame flooding.

2.Refer to the following diagram description to answer the question.
Switch SW-1 and SW-2 are connected to each other using two links, Segment A and Segment B. A PC and router are also attached to Segment A.

The network described above is not running spanning-tree algorithm. What would be the result if an ARP request were sent by the workstation?
A.The frame will loop between SW-1 and SW-2 until the TTL field drops to zero.
B.The frame will loop until the TTL field reaches the default maximum value.
C.The frame will be prevented from traveling the network by the router.
D.The frame will loop between SW-1 and SW-2 repeatedly.

3.Refer to the following diagram description to answer the question.
Four switches are interconnected. Switch-A is connected to Switch-C, Switch-D, and a router. Switch-B is connected to Switch-A, Switch-C, Switch-D, and the same router. Switch-C is connected to Switch-A, Switch-B, Switch-D, and Switch-E. Switch-D is connected to Switch-A, Switch-B, Switch-C, and Switch-E.

How will spanning tree prevent switching loops in this network if all switches have only the default V LAN configured?
A.Traffic will be load-balanced between all switches.
B.A single switch will be elected as the root switch, and redundant paths to this switch will be blocked.
C.Two of the switches will be elected root bridges, thus blocking traffic between the other two switches.
D.Two of the switches will be elected designated switches, thus blocking traffic between the other two switches.
E.Either Switch-A or Switch-B will be elected as the root switch, and Switch-C or Switch-D will become the designated switch.

4.What must a switch running spanning tree do when it is first turned on?
A.Adjust its bridge priority value.
B.Learn the B ID's of all other switches in the network.
C.Request the MAC address of all connected hosts.
D.Select the BPDU with the greatest MAC address.
E.Adjust its bridge priority value to network conditions.

5.Match the spanning-tree protocol variants to the appropriate description.

Protocol Variants:
A. CST.
B. MSTP.
C. PVST.
D. PVST+.
E. Rapid PVST+.
F. RSTP.

Descriptions:
One. Supports the use of ISL trunking and load balancing.
Two. Incorporated into i e e e 8 0 2 dot 1D-2004; supports BackboneFast, UplinkFast, and PortFast.
Three. Supports BackboneFast, UplinkFast, and PortFast and is based on i e e e 8 0 2 dot 1w.
Four. Supports BPDU guard, root guard, and i e e e 8 0 2 dot 1Q trunking.
Five. Reduces the number of spanning-tree instances required to support large numbers of V LAN's.
Six. Only one spanning-tree instance encompassing every V LAN in the network.

6.Which three port types will discard data traffic during STP operation? (Choose three.)
A.blocking ports.
B.disabled ports.
C.designated ports.
D.root ports.
E.forwarding ports.
F.listening ports.

7.Match the spanning-tree port states with their activities.

States:
A. Learning.
B. Disabled.
C. Forwarding.
D. Listening.
E. Blocking.

Activities:
One. Does not receive BPDU's.
Two. Receives BPDU's only.
Three. Receives BPDU's and processes BPDU's.
Four. Receives BPDU's, processes BPDU's, and fills the MAC address table.
Five. Receives BPDU's, processes BPDU's, fills the MAC table, and sends data.

8.Which three timers determine STP performance and state changes? (Choose three.)
A.blocking delay.
B.hello time.
C.port speed.
D.forward delay.
E.maximum age.
F.backward delay.

9.Refer to the following diagram description to answer the question.
Three switches are interconnected. Switch Cat-A is connected to switch Cat-B, Cat-C, Cat-D, and a router. Switch Cat-B is connected to switch Cat-A, Cat-C, and the same router. Switch Cat-C is connected to switch Cat-A and Cat-B.

Bridge information provided:
Switch Cat-A:
Bridge Priority: 32768
MAC Address: 0010.0da2.000c

Switch Cat-B:
Bridge Priority: 48252
MAC Address: 0010.0da2.0001

Switch Cat-C:
Bridge Priority: 32768
MAC Address: 0010.0da2.000a

What will be the result of the spanning-tree root bridge selection process in the network described above if each switch contains only one V LAN?
A.Cat-A will be the root bridge.
B.Cat-B will be the root bridge.
C.Cat-C will be the root bridge.
D.Cat-A and Cat-B will be the root bridges.
E.Cat-A and Cat-C will be the root bridges.

10.Per-V LAN Spanning Tree Protocol plus (PVST+) provides support for which i e e e standard?
A.8 0 2 dot 1Q
B.8 0 2 dot 1D
C.8 0 2 dot 1w
D.8 0 2 dot 1

11.Which two characteristics are associated with Rapid Spanning Tree Protocol (RSTP)? (Choose two.)
A.Supports UplinkFast and BackboneFast.
B.Preferred protocol for preventing Layer 2 loops.
C.Forward delay and max-age timers are unneeded.
D.Lacks backward compatibility with i e e e 8 0 2 dot 1D.
E.Compatible with rapid PVST+.

12.What is a characteristic of an RSTP edge port?
A.It remains in the learning state until it receives a BPDU from the root bridge.
B.It goes directly from the listening state to the forwarding state.
C.After it is enabled, it immediately transitions to the forwarding state.
D.It generates and propagates topology changes when it transitions to a disabled status.

13.When implementing RSTP for non-edge ports, which two categories of link types are available? (Choose two.)
A.Shared.
B.Multipoint.
C.Redundant.
D.Point-to-point.
E.Dedicated.

14.What method does RSTP use to decrease the time it takes to designate a new root port when the existing root port fails?
A.Smaller values for forward-delay and max-age timers than STP.
B.Pre-negotiated alternate ports for the root port.
C.TCN BPDU's originating from the affected switch.
D.Improved spanning-tree algorithm.

15.A switch currently has only one V LAN configured and is running a single instance of RSTP. Which action will create a second RSTP instance?
A.Creating a second V LAN.
B.Entering the spanning-tree mode rapid pvst command.
C.Assigning a port to a V LAN other than V LAN 1.
D.Connecting to another switch.

16.Refer to the following diagram description to answer the question.
Four switches are interconnected.
Switch S1 port Gigabit 0/1 is connected to S2 port Gigabit 0/1.
Switch S1 port Gigabit 0/2 is connected to S3 port Gigabit 0/1.
Switch S2 port Gigabit 0/2 is connected to S4 port Gigabit 0/1.
Switch S3 port Gigabit 0/2 is connected to S4 port Gigabit 0/2.

Bridge information provided:
S1 Bridge Priority: 24576
MAC Address: 000A00333333

S2 Bridge Priority: 32768
MAC Address: 000A00222222

S3 Bridge Priority: 32768
MAC Address: 000A00111111

S4 Bridge Priority: 36864
MAC Address: 000A00111110

Spanning-tree port priorities are listed beneath each interface. S4 port Gigabit 0/2 is currently in RSTP discarding state. What action would change the state to forwarding?
A.Changing the physical port connections so that Gigabit 0/2 connects to S2, and Gigabit 0/1 connects to S3.
B.Using the spanning-tree v lan priority command to increase the priority of Gigabit 0/2 for all V LAN's.
C.Changing the port role for Gigabit 0/1 to non-designated, using the spanning-tree port priority command.
D.Making S4 the root bridge by manually configuring the MAC address to a lower value than S1.

17.Refer to the following command output to answer the question.
SW4#show spanning-tree
V LAN 0001
Spanning tree enabled protocol i e e e
Root IDPriority 24577
Address0019.2f8d.d200
Cost 27
Port 16 (FastEthernet 0/14)
Hello Time3 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority28673 (priority 28672 sys-id-ext 1)
Address0019.2f94.a480
Hello Time2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Which two statements are true regarding the V LAN 0001 spanning-tree environment that switch SW4 is participating in? (Choose two.)
A.Spanning tree for V LAN 0001 is using the default hello time interval.
B.The root bridge was selected because of its lower MAC address.
C.The root port on SW4 is FastEthernet 0/14.
D.SW4 is directly connected to port 16 on the root switch.
E.The root bridge does not have an aging time.
F.SW4 is using the timers advertised by the root switch.

18.Refer to the following command output to answer the question.

SW4(config)#interface range FA0/1 - 24
SW4(config-i f-range)#spanning-tree portfast
output omitted.

SW4#show spanning-tree interface FA0/1 portfast
V LAN 0001enabled

SW4#show spanning-tree interface FA0/2 portfast
V LAN 0001enabled

SW4#show spanning-tree interface FA0/3 portfast
V LAN 0001enabled

SW4#show spanning-tree interface FA0/4 portfast
V LAN 0001disabled

Why would interface FA0/4 have spanning-tree portfast disabled?
A.Interface FA0/4 is not active.
B.Interface FA0/4 could not transition into forwarding mode and was thus disabled.
C.Interface FA0/4 did not receive a BPDU, allowing PortFast to be enabled.
D.Interfaces FA0/1 to 3 are connected to end workstations, while interface FA0/4 is connected to another Layer 2 device.

0 comments:

Post a Comment