Cis187 Switch 3 STP

STP Spanning Tree Protocol
CIS 187 Multilayer Switched Networks

CCNP SWITCH
Rick Graziani
Spring 2014
Follow along with Packet Tracer
Download the following Packet Tracer file from my

web site: PT-Topology-STP.pkt
Rick Graziani [email protected]
Spanning Tree Protocol (STP)
STP often accounts for more

than 50 % of the configuration,
troubleshooting, and
maintenance headaches in realworld campus networks
(especially if they are poorly
designed).
Complex protocol that is
generally poorly understood.
Radia Perlman Developer of
STP
Configuring STP
Switch(config)# spanning-tree vlan vlan-id
Switch(config)# no spanning-tree vlan vlan-id
By default, STP is enabled for every port on the switch.

If for some reason STP has been disabled, you can
reenable it.
Spanning Tree Protocol (STP)
IEEE 802.1D
A loop-prevention protocol
Allows L2 devices to
communicate with each
other to discover physical
loops in the network.
Algorithm that creates a
loop-free logical topology.
STP creates a tree
structure of loop-free
leaves and branches that
spans the entire Layer 2
network.
Redundancy Creates Loops
L2 Loops
Broadcasts and Layer 2

loops can be a dangerous
combination.
Ethernet frames have no
TTL field
After an Ethernet frame
starts to loop, it will probably
continue until someone
shuts off one of the switches
or breaks a link.
IP has a mechanism to
prevent loops.
IP Packet
L2 Loops
Bridge loops can occur any

time there is a redundant
path or loop in the bridge
network.
The switches will flip flop the
MAC address table entries
(creating extremely high
CPU utilization).
Unicasts, unknown unicasts
and broadcasts are all
problems.
STP Prevents Loops
The purpose of STP is to avoid and eliminate loops in the network by

negotiating a loop-free path through a root bridge.
STP determines where the are loops and blocks links that are redundant.
Ensures that there will be only one active path to every destination.
Spanning Tree Algorithm
STP executes an algorithm

called Spanning Tree
Algorithm (STA).
STA chooses a
reference point, called a
root bridge.
Then determines the
available paths to that
reference point.
If more than two paths
exists, STA picks the
best path and blocks the
rest
10
Two-key STP Concepts
STP calculations make extensive use of two key concepts in

creating a loop-free topology:
Bridge ID
Path Cost
Link Speed
Cost (Revised IEEE

Spec)
Cost (Previous IEEE

Spec)
10 Gbps
1 Gbps
100 Mbps
19
10
10 Mbps
100
100
11
Bridge ID (BID)
Bridge ID (BID) is used to identify each bridge/switch.
The BID is used in determining the center of the network, in respect to
STP, known as the root bridge.
Bridge ID
Without the
Extended
System ID
Bridge ID with
the Extended
System ID
12
Bridge ID (BID)
Consists of two components:

A 2-byte Bridge Priority: Cisco switch defaults to
32,768 or 0x8000.
Usually expressed in decimal format
A 6-byte MAC address
Usually expressed in hexadecimal format.
13
Bridge ID (BID)
Each switch has a unique BID.

Original 802.1D standard, the BID = Priority Field +MAC address of
the switch.
All VLANs were represented by a CST one spanning tree for all
vlans (later).
PVST requires that a separate instance of spanning tree run for each
VLAN
BID field is required to carry VLAN ID (VID).
Extended system ID to carry a VID.
14
What is the Priority of Access1?

Priority = Priority (Default 32,768) + VLAN
Access1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
5(FastEthernet0/5)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
32769 (priority 32768 sys-id-ext 1)
Address
0003.E461.46EC
Aging Time 20
VLAN0010
PVST coming
later
Root ID
Priority
32778
Address
0001.964E.7EBB
Cost
19
Port
5(FastEthernet0/5)
Bridge ID Priority
Address
0003.E461.46EC
Aging Time 20
15
What is the BID of this switch?

Core# show spanning-tree
VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
4
Port
25(GigabitEthernet0/1)
Bridge ID
Priority
Address
Hello Time
Aging Time

0001.C945.A573
2 sec Max Age 20 sec Forward Delay 15 sec
20
16
Bridge ID (BID)
Used to elect a root bridge (coming)

Lowest Bridge ID is the root.
If all devices have the same priority, the bridge with the lowest MAC
address becomes the root bridge. (Yikes)
Note: For simplicity, in our topologies we will use Bridge Priorities
without the Extended System ID. (Same process, just done per VLAN.)
17
Path Cost Original Spec (Linear)

Link Speed
Cost (Revised IEEE

Spec)
Cost (Previous IEEE

Spec)
10 Gbps
1 Gbps
100 Mbps
19
10
10 Mbps
100
100
Bridges use the concept of cost to evaluate how close they are to
other bridges.
Used to create the loop-free topology .
Originally, 802.1D defined cost as 1 billion/bandwidth of the link in
Mbps.
Cost of 10 Mbps link = 100
Cost of 100 Mbps link = 10
Cost of 1 Gbps link = 1
Running out of room for faster switches including 10 Gbps Ethernet
18
Path Cost Revised Spec (Non-Linear)

Link Speed
Cost (Revised IEEE

Spec)
Cost (Previous IEEE

Spec)
10 Gbps
1 Gbps
100 Mbps
19
10
10 Mbps
100
100
IEEE modified the most to use a non-linear scale with the new values of:
4 Mbps
10 Mbps
16 Mbps
45 Mbps
100 Mbps
155 Mbps
622 Mbps
1 Gbps
10 Gbps
250
100
62
39
19
14
6
4
2
(cost)
(cost)
(cost)
(cost)
(cost)
(cost)
(cost)
(cost)
(cost)
You can change the path cost by

modifying the cost of a port.
Exercise caution when you do this!
BID and Path Cost are used to develop
a loop-free topology .
Coming very soon!
19
Five-Step STP Decision Sequence
When creating a loop-free topology, STP always uses the same

five-step decision sequence:
Five-Step decision Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 Lowest Port Priority
Step 5 - Lowest Port ID
Bridges use Configuration BPDUs during this five-step process.

We will assume all BPDUs are configuration BPDUs until
otherwise noted.
20
FYI: BPDU key concepts

BPDU key concepts:
Bridges save a copy of only the best BPDU seen on every port.
When making this evaluation, it considers all of the BPDUs
received on the port, as well as the BPDU that would be sent on
that port.
As every BPDU arrives, it is checked against this five-step
sequence to see if it is more attractive (lower in value) than the
existing BPDU saved for that port.
Only the lowest value BPDU is saved.
Bridges send configuration BPDUs until a more attractive BPDU
is received.
Okay, lets see how this is used...
21
Elect one Root Bridge

The STP algorithm uses three simple steps to converge on a loopfree topology:
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
When the network first starts, all bridges are announcing a
chaotic mix of BPDUs.

All bridges immediately begin applying the five-step sequence
decision process.
Switches need to elect a single Root Bridge.
Switch with the lowest BID wins!
Note: Many texts refer to the term highest priority which is the
lowest BID value.
This is known as the Root War.
22

Lowest BID wins!
Who wins?
23
What is the BID of this switch? Who is the Root?

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
4
Port
Bridge ID
Priority
Address
Hello Time
Aging Time

0001.C945.A573
20
Use this command to view the information on the other four switches.
24
Distribution1# show spanning-tree

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Forward Delay 15 sec

0005.5E0D.9315
20
25

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
3(FastEthernet0/3)
Bridge ID
Priority
Address
Hello Time
Aging Time

0060.47B0.5850
20
26
Access1# show spanning-tree

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
5(FastEthernet0/5)
Bridge ID
Priority
Address
Hello Time
Aging Time

0003.E461.46EC
20
27

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
This bridge is the root
Bridge ID
Priority
Address
Hello Time
Aging Time

0001.964E.7EBB
20
28

Lowest BID wins!
My BID is
32769.0001.C945.A573
Who wins?
My BID is
32769.0005.5E0D.9315
My BID is
32769.0060.47B0.5850
My BID is
32769.0003.E461.46EC
My BID is
32769.0001.964E.7EBB
I win!
29
Bridge IDs
32769.0001.C945.A573
32769.0005.5E0D.9315
32769.0060.47B0.5850
32769.0003.E461.46EC
32769.0001.964E.7EBB
30

Lowest BID wins!
Its all done with
BPDUs!
31
BPDUs
BPDUs
sent/relayed
every two
seconds.
BPDU
BPDU
BPDU
BPDU
BPDU
32
Root Bridge Selection Criteria

My BID is
32768.0001.C945.A573 Im
the root!
My BID is
32768.0005.5E0D.9315
Im the root!
My BID is
32768.0003.E461.46EC
Im the root!
Who wins?
My BID is
32768.0060.47B0.5850
Im the root!
My BID is
32768.0001.964E.7EBB
Im the root! I win!
At the beginning, all bridges assume and declare themselves as the

Root Bridge, by placing its own BID in the Root BID field of the BPDU.
33

Lowest BID wins!
34
Once all of the switches see that Access2 has the lowest BID, they are
all in agreement that Access2 is the Root Bridge.
Root Bridge
35
Elect Root Ports

STP Convergence
I will select
one Root
Port that is
closest,
best path to
the root
bridge.
Now that the Root War has been won, switches move on to
selecting Root Ports.

A bridges Root Port is the port closest to the Root Bridge.
Bridges use the cost to determine closeness.
Every non-Root Bridge will select one Root Port!
Specifically, bridges track the Root Path Cost, the cumulative
cost of all links to the Root Bridge.
36
Determining (Electing) the Root Port
37
Root Bridge, Access2 sends out BPDUs, containing a Root Path Cost of 0.
Access1, Distribution1, and Distribution2 receives these BPDUs and adds the Path Cost
of the FastEthernet interface to the Root Path Cost contained in the BPDU.
Access1, Distribution1, and Distribution2 add Root Path Cost 0 PLUS its Path (port)
cost of 19 = 19.
This value is used internally and used in BPDUs to other switches.
Path Cost
BPDU
BPDU
Cost=0+19=19
Cost=0+19=19
19
19
Root Bridge
0
BPDU
Cost=0+19=19
19
0
BPDU
Cost=0
38
Difference b/t Path Cost and Root Path Cost

Path Cost:
The value assigned to each port.
Added to BPDUs received on that port to
calculate Root Path Cost.
Root Path Cost

Cumulative cost to the Root Bridge.
This is the value transmitted in the BPDU.
Calculated by adding the receiving ports
Path Cost to the valued contained in the
BPDU.
Path Cost
BPDU
BPDU
Cost=0+19=19
Cost=0+19=19
19
19
Root Bridge
0
BPDU
Cost=0+19=19
19
0
BPDU
Cost=0
39
What are the Path Costs for Root Bridge

Access2?
VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Fa0/1
Fa0/3
Fa0/5
Role
---Desg
Desg
Desg
Path Cost

0001.964E.7EBB
20
Sts
--FWD
FWD
FWD
Cost
--------19
19
19
Prio.Nbr
-------128.1
128.3
128.5
Type
----------------------P2p
P2p
P2p
40
What are the Path Costs for Distribution1?

Path Cost
VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
3(FastEthernet0/3)
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Gi0/1
Gi0/2
Fa0/3
Fa0/5
Role
---Desg
Altn
Root
Desg

0005.5E0D.9315
20
Sts
--FWD
BLK
FWD
FWD
Cost
--------4
4
19
19
Prio.Nbr
-------128.25
128.26
128.3
128.5
Type
---------------------P2p
P2p
P2p
P2p
41
What are the Path Costs for Access1?

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
5(FastEthernet0/5)
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Fa0/5
Gi1/1
Gi1/2
Role
---Root
Desg
Desg
Path Cost

0003.E461.46EC
20
Sts
--FWD
FWD
FWD
Cost
--------19
4
4
Prio.Nbr
-------128.5
128.25
128.26
Type
---------------------P2p
P2p
P2p
42
What are the Path Costs for Distribution2?

VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
19
Port
3(FastEthernet0/3)
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Fa0/3
Fa0/5
Gi0/1
Gi0/2
Role
---Root
Altn
Altn
Desg
Path Cost

0060.47B0.5850
20
Sts
--FWD
BLK
BLK
FWD
Cost
--------19
19
4
4
Prio.Nbr
-------128.3
128.5
128.25
128.26
Type
---------------------P2p
P2p
P2p
P2p
43
show spanning-tree detail

Path Cost
Use this command to view the

Root Path Cost of an interface.
Distribution1# show spanning-tree detail
VLAN0001 is executing the ieee compatible Spanning Tree Protocol
Bridge Identifier has priority of 32768, sysid 1, 0005.5E0D.9315
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32769
Root port is 3 (FastEthernet0/3), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
44

Path Cost

Access1# show spanning-tree detail
Bridge Identifier has priority of 32768, sysid 1, 0003.E461.46EC
45

Path Cost

Bridge Identifier has priority of 32768, sysid 1, 0060.47B0.5850
46

Bridge Identifier has priority of 32768, sysid 1, 0001.964E.7EBB
No Root port This switch is the Root Bridge!

47
Switches now send BPDUs with their Root Path Cost out other interfaces.
Access 1 uses this value of 19 internally and sends BPDUs with a Root Path Cost of 19
out all other ports. (For simplicity we will not include BPDU to root.)
Switches receive BPDU and add their path cost.
Note: STP costs are incremented as BPDUs are received on a port, not as they are sent
out a port.
Path Cost
BPDU
BPDU
Cost=4+19=23
Cost=4+19=23
19
19
BPDU
BPDU
Cost=19
Cost=19
0
19
Root Bridge
48
Distribution 1 and Distribution 2 receive the BPDUs from Access 1, and adds the Path Cost of 4
to those interfaces, giving a Root Path Cost of 23.
However, both of these switches already have an internal Root Path Cost of 19 that was
received on another interface. (Fa0/3 for each with a Root Path Cost of 19.)
Distribution 1 and Distribution 2 use the better BPDU of 19 when sending out their BPDUs to
other switches.
BPDU
BPDU
Cost=4+19=23
Cost=4+19=23
19
19
BPDU
BPDU
Cost=19
Cost=19
0
19
Root Bridge
49
Distribution 1 now sends BPDUs with its Root Path Cost out other interfaces (Best BPDU).
Again, STP costs are incremented as BPDUs are received on a port, not as they are sent
out a port.
Path Cost
BPDU
Cost=4+19=23
BPDU
BPDU
Cost=19+19=38
Cost=19
19
23
23
19
0
19
BPDU
Cost=4+19=23
19
Root Bridge
0
0
50
Final Results
Ports show BPDU Received Root Path Cost + Path Cost = Root Path Cost of Interface,
after the best BPDU is received on that port from the neighboring switch.
This is the cost of reaching the Root Bridge from this interface towards the neighboring
switch.
Now lets see how this is used!
Path Cost
19+4=23
23+4=27
19+19=38
19
19+4=23
23+4=27
19+19=38
19+4=23
19
19+4=23
19+4=23
19+4=23
0
0
19
0
Root Bridge
51
show spanning-tree
Which port is the Root Port?
VLAN0001
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
4
Port
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Gi0/1
Gi0/2
Role
---Root
Altn

0001.C945.A573
20
Sts
--FWD
BLK
Cost
--------4
4
Prio.Nbr
-------128.25
128.26
Type
-------------------------------Path Cost
P2p
P2p
52
Which port is the Root Port?

Core# show spanning-tree detail
Bridge Identifier has priority of 32768, sysid 1, 0001.C945.A573
Root port is 25 (GigabitEthernet0/1), cost of root path is 4
Path Cost
53
Next:
Elect Root Ports
Every non-Root bridge must select one Root Port.
Elect Root Ports
A bridges Root Port is the port closest to the Root
Elect Designated Ports
Bridge.
Non-Designated Ports: All other ports
Bridges use the cost to determine closeness.
Path Cost
These values
would be the
Root Path
Cost if this
interface was
used to reach
the Root
Bridge.
23
27
38
19
23
27
38
23
19
23
23
23
0
19
0
Root Bridge
54
Elect Root Ports: (Review)

Ports show Root Path Cost of Interface, after the best BPDU is received on
that port from the neighboring switch.
This is the cost of reaching the Root Bridge from this interface towards the
neighboring switch.
Distribution 1 thought process
Path Cost
If I go through
Core it costs
27.
If I go
through D2
it costs 38.
If I go
through A1 it
costs 23.
If I go through
A2 it costs 19.
This is the best
path to the
Root!
55
Elect Root Ports:

This is from the switchs perspective.
Switch, What is my cost to the Root Bridge?
Later we will look at Designated Ports, which is from the Segments perspective.
Distribution 1 thought process
Path Cost
If I go
through
Core it costs
27.
If I go
through D2
it costs 38.
If I go
through A1 it
costs 23.
If I go through
A2 it costs 19.
This is the best
path to the
Root!
56
Elect Root Ports

Every non-Root bridge must select one Root Port.
A bridges Root Port is the port closest to the Root Bridge.
Bridges use the Root Path Cost to determine closeness.
19
23
23
19
23
23
38
23
38
RP
27
27
23
19
0
0
RP
0
RP
Root Bridge
57
Elect Root Ports

Core switch has two equal Root Path Costs
to the Root Bridge.
In this case we need to look at the five-step
decision process.
19
23
23
19
23
23
38
23
38
RP
27
27
23

Step 1 - Lowest BID
Step 4 - Lowest Port Priority
19
0
0
RP
0
RP
Root Bridge
58
Elect Root Ports

Distribution 1 switch has a lower Sender BID
than Distribution 2.
Core chooses the Root Port of G 0/1.
RP
My BID is
32769.0005.5E0D.9315
Lower BID
19
23
23
19
23
23
My BID is
32769.0060.47B0.5850
38
23
38
RP
27
27
23

Step 1 - Lowest BID
19
0
0
RP
0
RP
Root Bridge
59
Elect Designated Ports

STP Convergence
The loop prevention part of STP becomes evident during this step, electing
designated ports.
A Designated Port functions as the single bridge port that both sends and
receives traffic to and from that segment and the Root Bridge.
Each segment in a bridged network has one Designated Port, chosen
based on cumulative Root Path Cost to the Root Bridge.
The switch containing the Designated Port is referred to as the Designated
Bridge for that segment.
To locate Designated Ports, lets take a look at each segment.
Segments perspective: From a device on this segment, Which switch
should I go through to reach the Root Bridge?
Root Path Cost, the cumulative cost of all links to the Root Bridge.
Obviously, the segment has not ability to make this decision, so the
perspective and the decision is that of the switches on that segment.
60
A Designated Port is elected for every segment.

The Designated Port is the only port that sends and receives traffic to/from that segment to
the Root Bridge, the best port towards the root bridge.
Note: The Root Path Cost shows the Sent Root Path Cost.
This is the advertised cost in the BPDU, by this switch out that interface, i.e. this is the cost of
reaching the Root Bridge through me!
RP
19
19
19
19
RP
19
19
19
23
19
19
19
23
19
0
0
RP
0
RP
Root Bridge
61
A Designated Port is elected for every segment.

Segments perspective: From a device on this segment, Which switch should I go through
to reach the Root Bridge?
Ill decide using the advertised Root Path Cost from each switch!
RP
23
23
?
19
19
19
19
?
19
19
19
? ?
RP
RP
19
19
19
19
RP
?
0
0
0
Root Bridge
62
Segments perspective:
Access 2 has a Root Path Cost = 0 (after all it is the Root Bridge) and Access 1 has a Root
Path Cost = 19.
Because Access 2 has the lower Root Path Cost it becomes the Designated Port for that
segment.
RP 23
23
19
19
19
19
My
What is my
port
best
willpath
be 19
0
19 designated
via Access
to the2Root
(Fa0/5).
Bridge,
Its 19
the
19
19
best path,
via Access
lowest Root
1 or 0Path,
via
to the Root
Access
Bridge.
2?
RP
19
19 RP
19 RP
0
DP 0
0
Root Bridge
63
The same occurs between Access 2 and Distribution ,1 and Access 2 and Distribution 2
switches.
Because Access 2 has the lower Root Path Cost it becomes the Designated Port for those
segments.
RP 23
19
19
19
19
19
RP
19
19
19 RP
23
19
19
19 RP
?
DP
DP 0
0
0 DP
Root Bridge
64
Segment between Distribution 1 and Access
1 has two equal Root Path Costs of 19.
Using the Lowest Sender ID (first two steps
are equal), Access 1 becomes the best path
and the Designated Port.
RP 23

Step 1 - Lowest BID
23
32769.0005.5E0D.9315
19
19
19
19
RP
?
DP 19
32769.0003.E461.46EC
Lower BID
19
19 RP
19
What is my best path

to the Root 19
Bridge, 19
19
via Distribution 1 or
19 via Access 1? 19 RP
They are the same!
Who has the lowest
BID?
DP
DP 0
0
0 DP
Root Bridge
65
Access 1 has Lower Sender BID

Port 26 (GigabitEthernet0/2) of VLAN0030 is designated blocking
Port path cost 4, Port priority 128, Port Identifier 128.26
Designated root has priority 128, address 000C.CF0B.1503
Designated bridge has priority 32769, address 0003.E461.46EC
Designated port id is 128.26, designated path cost 4
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 26 (GigabitEthernet1/2) of VLAN0001 is designated forwarding
Designated root has priority 128, address 0001.C746.B605
Link type is point-to-point by default32769.0003.E461.46EC
Note:
PT does not show proper BID
66
Segment between Distrib. 1 and Distrib. 2
has two equal Root Path Costs of 19.
are equal), Distribution 1 becomes the best
path and the Designated Port.
RP 23

Step 1 - Lowest BID
23
32769.0060.47B0.5850
32769.0005.5E0D.9315
Lower BID
19
DP
19
19
DP
19
19
RP
19
19 RP
19
19
19
19 RP
DP
DP 0
0
0 DP
Root Bridge
67
Distribution 1 has Lower Sender BID

Port 5 (FastEthernet0/5) of VLAN0030 is designated forwarding
Designated bridge has priority 32769, address 0005.5E0D.9315

Port 5 (FastEthernet0/5) of VLAN0001 is designated blocking
Designated bridge has priority 32769, address 0005.5E0D.9315
Note: PT does not show proper BID
68
Segment between Access 1 and Distrib. 2
has two equal Root Path Costs of 19.
are equal), Access 1 becomes the best path
and the Designated Port.
RP 23

Step 1 - Lowest BID
23
32769.0060.47B0.5850
19
19
DP
19
19
19
RP
19
19
19 RP
32769.0003.E461.46EC DP
19
Lower BID
DP 19
19 RP
DP
DP 0
0
0 DP
Root Bridge
69
Access 1 has Lower Sender BID

Port 25 (GigabitEthernet0/1) of VLAN0001 is designated blocking
Designated root has priority 128, address 00D0.BCC1.2603

Port 25 (GigabitEthernet1/1) of VLAN0001 is designated forwarding
Designated root has priority 128, address 0001.C746.B605
Note: PT does not show proper BID
70
Because Distribution 1 has the lower Root Path Cost it becomes the Designated Port
for that segment.
Because Distribution 2 has the lower Root Path Cost it becomes the Designated Port
for that segment.
RP 23
23
?
DP
DP
19
DP
19
19
RP
19
DP
19
DP
19
19 RP
Five-Step decision
Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to
Root Bridge
19
19
19
19 RP
DP
DP 0
0
0 DP
Root Bridge
71
All other ports, those ports that are not Root Ports or Designated Ports, become NonDesignated Ports.
Non-Designated Ports are put in blocking mode.
This is the loop prevention part of STP.
RP 23
23
NDP
DP
19
DP
NDP
19
DP
19
DP
19
19
RP
19
19 RP
19
NDP
DP
X
X
19
19
NDP
19 RP
DP
0 DP
DP 0
0
Root Bridge
72

Interface
Role Sts Cost
---------------- ---- --- --------Gi0/1
Root FWD 4
Gi0/2
Altn BLK 4
Interface
Role Sts Cost
---------------- ---- --- --------Fa0/3
Root FWD 19
Fa0/5
Desg FWD 19
Gi0/1
Desg FWD 4
Gi0/2
Altn BLK 4
Interface
Role Sts Cost
---------------- ---- --- --------Fa0/3
Root FWD 19
Fa0/5
Altn BLK 19
Gi0/1
Altn BLK 4
Gi0/2
Desg FWD 4
Interface
Role Sts Cost
---------------- ---- --- --------Fa0/5
Root FWD 19
Gi1/1
Desg FWD 4
Gi1/2
Desg FWD 4
Interface
Role Sts Cost
---------------- ---- --- --------Fa0/1
Desg FWD 19
Fa0/3
Desg FWD 19
Fa0/5
Desg FWD 19
Prio.Nbr
-------128.25
128.26
Type
-------------------------------P2p
P2p
Prio.Nbr
-------128.3
128.5
128.25
128.26
Type
-------------------------------P2p
P2p
P2p
P2p
Prio.Nbr
-------128.3
128.5
128.25
128.26
Type
-------------------------------P2p
P2p
P2p
P2p
Prio.Nbr
-------128.5
128.25
128.26
Type
-------------------------------P2p
P2p
P2p
Prio.Nbr
-------128.1
128.3
128.5
Type
-------------------------------P2p
P2p
P2p
73

Lowest BID wins!
Its all done with
BPDUs!
74
Port Cost/Port ID

Step 1 - Lowest BID
0/2
0/1
Assume path cost and port

priorities are default (32). Port ID
used in this case. Port 0/1 would
forward because its the lowest.
If the path cost and bridge IDs are equal (as in the case of parallel
links), the switch goes to the port priority as a tiebreaker.
Lowest port priority wins (all ports set to 32).
You can set the priority from 0 63.
If all ports have the same priority, the port with the lowest port number
forwards frames.
75
Port Cost/Port ID
Fa 0/3 has a lower Port ID than Fa 04.
More later (Fast EtherChannel)

Step 1 - Lowest BID
RP
19
NDP
19
DP
DP
76
Port Cost/Port ID
VLAN0001
Root ID
Priority
32769
Address
0009.7c0b.e7c0
Cost
19
Port
3 (FastEthernet0/3)
Hello Time
Bridge ID Priority
Address
000b.fd13.9080
Hello Time
Aging Time 300
Interface
Port ID
Designated
Name
Prio.Nbr
Cost Sts
Cost Bridge ID
---------------- -------- --------- --- --------- -------------------Fa0/1
128.1
19 BLK
19 32769 000b.befa.eec0
Fa0/2
128.2
19 BLK
19 32769 000b.befa.eec0
Fa0/3
128.3
19 FWD
0 32769 0009.7c0b.e7c0
Fa0/4
128.4
19 BLK
0 32769 0009.7c0b.e7c0
Fa0/5
128.5
19 FWD
19 32769 000b.fd13.9080
Gi0/1
128.25
4 FWD
19 32769 000b.fd13.9080
Port ID
Prio.Nbr
-------128.1
128.2
128.1
128.2
128.5
128.25
77
PVST+ (More later)
Per VLAN Spanning Tree Plus (PVST+)

maintains a separate spanning-tree
instance for each VLAN.
PVST Only over ISL
PVST+ Includes ISL and 802.1Q
Provides for load balancing on a perVLAN basis.
Switches maintain one instance of
spanning tree for each VLAN allowed on
the trunks.
Non-Cisco 802.1Q switches maintain
only one instance of spanning tree for all
VLANs allowed on the trunks.
Distribution1(config)# spanning-tree vlan 1, 10 root primary
Distribution2(config)# spanning-tree vlan 20 root primary

78
Distribution1 is the Root for VLAN1 and 10
Root VLANs 1,10
79
Distribution2 is the Root for VLAN 20
Root VLAN 20
80
Load Balancing with 2 Root Switches

Notice that more links are being used!
Root VLANs 1,10
Root VLAN 20
81
STP Convergence: Summary

Recall that switches go through three steps for their initial
convergence:
STP Convergence
Also, all STP decisions are based on a the following predetermined
sequence:
Step 1 - Lowest BID
Step 4 Lowest Port Priority
82
STP Convergence: Summary

Example:
A network that contains 15 switches and 146
segments (every switchport is a unique segment)
would result in:
1 Root Bridge
14 Root Ports
146 Designated Ports
83
STP Port States
STP Port States

MAC Address
Table
Disabled
Blocking
Listening
Learning
Forwarding
BPDUs
Updating
Data
Port State
BPDU
MAC-Add Table
Data frames
Duration
Disabled
None sent/received
No update
None sent/received
Until no shutdown
Administratively shutdown; Not an STP port state

Blocking
Receive only
No update
None sent/received
Continuous if loop
detected
None sent/received
Forward delay 15 sec
Port initializes; receives BPDUs only

Listening
Receive and send
No update
Building active topology. Thinks port can be selected root or designated port.
Returns to blocking (NDP) if cannot become root or designated port.
Learning
Receive and send
Updating Table
None sent/received
Forward delay 15 sec
Building bridging table. Switch can now learn source MAC Addresses but is not
formally receiving frames in order to forward them.
Forwarding Receive and send
Updating Table
Sent and received
Continuous if up and no
loop detected
Sending/Receiving data, no loops detected. Port is either a root or designated port.85
L is te n in g
D is a b le d o r
Down
B lo c k in g
L e a r n in g
2
7
4
6
2
F o r w a r d in g
S ta n d a rd S ta te s
( 1 ) P o r t e n a b le d o r in it ia liz e d
( 2 ) P o r t d is a b le d o r f a ile d
( 3 ) P o r t s e le c t e d a s R o o t o r D e s ig n a t e d P o r t
( 4 ) P o r t c e a s e s to b e a R o o t o r D e s ig n a te d P o r t
( 5 ) F o r w a r d in g tim e r e x p ir e s
C is c o S p e c ific S ta te s
(6 ) P o rtF a s t
( 7 ) U p lin k F a s t
86
STP Timers
87
STP Timers
Hello Time
IEEE specifies default of 2 seconds.
The interval between Configuration BPDUs.
The Hello Time value configured at the root bridge determines
the Hello Time for all nonroot switches.
Locally configured Hello Time is used for the TCN BPDU.
88
STP Timers
Forward Delay Timer
The default value of the forward delay (15 seconds)
Originally derived assuming a maximum network size of seven bridge
hops
A maximum of three lost BPDUs, and a hello-time interval of 2
seconds.
See LAN Switching, by Clark, or other resources for this calculation
Forward delay is used to determine the length of:
Listening state
Learning state
89
STP Timers
Max Age Timer
Max Age is the time that a bridge stores a BPDU before
discarding it.
Each port saves a copy of the best BPDU it has received.
If the device sending this best BPDU fails, it may take 20
seconds before a switch transitions the connected port to
Listening.
90
STP Timers
Modifying Timers
Do not change the default timer values without careful consideration.
Cisco recommends to modify the STP timers only on the root bridge
The BPDUs pass these values from the root bridge to all other bridges in the
network.
It can take 30-50 seconds for a switch to adjust to a change in topology.
Switch(config)# spanning-tree vlan vlan-id [forward-time

seconds | hello-time hello-time | max-age seconds |
priority priority | protocol protocol | {root {primary |
secondary} [diameter net-diameter [hello-time hellotime]]}]
91
Configuring the
Root Bridge
Switch(config)# spanning-tree vlan 1 priority priority
This command statically configures the priority (in multiples of 4096).

Valid values are from 0 to 61,440.
Default is 32768.
Lowest values becomes Root Bridge.
92
Configuring the
Root Bridge
Switch(config)# spanning-tree vlan 1 root primary

This command forces this switch to be the root.
The spanning-tree root primary command alters this switch's bridge priority to
24,576 (+VLAN ID).
If the current root has bridge priority which is more than 24,576, then the current
is changed to 4,096 less than of the current root bridge.
93
Configuring the
Root Bridge
Switch(config)# spanning-tree vlan 1 root secondary
This command configures this switch to be the secondary root in

case the root bridge fails.
The spanning-tree root secondary command alters this switch's
bridge priority to 28,672.
If the root switch should fail, this switch becomes the next root switch.
94
Change the root bridge
Current Root
Bridge
Modify the topology so that the Core switch is the root bridge and
Distribution1 is the secondary root bridge for VLAN 1.
95
Change the root bridge

Core(config)# spanning-tree vlan 1-30 root primary
Distribution1(config)# spanning-tree vlan 1-30 root secondary
Notice the change.

Before
Root
After
Root
96
Verify changes
After

VLAN0001
Root ID
Priority
24577
Address
0001.C945.A573
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Gi0/1
Gi0/2
Role
---Desg
Desg
Root

0001.C945.A573
20
Sts
--FWD
FWD
Cost
--------4
4
Prio.Nbr
-------128.25
128.26
Type
---------------------P2p
P2p
97
Verify changes
After
Root

VLAN0001
Root ID
Priority
24577
Address
0001.C945.A573
Cost
4
Port
Bridge ID
Priority
Address
Hello Time
Aging Time

0060.47B0.5850
20
Interface
Role Sts
---------------- ---- --Fa0/3
Desg FWD
Fa0/5
Altn BLK
Gi0/1
Desg FWD
Gi0/2Rick Graziani [email protected]
Root FWD
Cost
--------19
19
4
4
Prio.Nbr
-------128.3
128.5
128.25
128.26
Type
-------------------------------P2p
P2p
P2p
P2p
98
Topology Change Notification BPDUs
Direct Topology Changes

Is a change that can be detected on a switch interface.
Insignificant Topology Changes
A users PC causes the link to go up or down (normal
booting or shutdown process).
99
TCNs: Direct Topology Change
When a bridge needs to signal a topology change, it

starts to send TCNs on its root port.
Switch A detects link down.
Removes best BPDU from Root Port (this port
is the best path to the Root Bridge)
Cant send TCN out root port to Root bridge.
Without Uplinkfast (coming) Switch A not aware
of another path to root.
Switch C is aware of down link and sends TCN
message out RP to Root Bridge.
Root Bridge sends Configuration BPDU with TCN
bit set to let switches know of configuration change.
All switches:
Shorten MAC address tables aging time to
Forward Delay (15 seconds).
This flushes idle entries.
Switch A waits to hear from Root Bridge.
Receives Config BPDU on previously blocked port,
new best BPDU, this becomes new RP.
This new RP will go through listening, learning
and forwarding states.
TCN does not start a STP recalculation.
Config BPDU Root

Idle MAC
entries are
flushed
TCN
X RP
NDPRP
(Blocking)
New
(Blocking,
Listening, Learning,
Forwarding)
100
TCNs
Idle MAC
entries are
flushed
Direct Topology Change: Is a change

that can be detected on a switch
interface.
Can can take about 30 seconds on
the affected switch (two times
forward delay).
All switches flush idle entries in
MAC table.
Solutions: Uplinkfast
Insignificant Topology Change: A
users PC causes the link to go up or
down (normal booting or shutdown
process).
No significant impact but given
enough hosts switches could be in a
constant state of flushing MAC
address tables.
Causes unknown unicast floods.
Solution PortFast
Idle MAC
entries are
flushed
Config BPDU Root

Idle MAC
entries are
flushed
Idle MAC
entries are
flushed
TCN
RP
Idle MAC
entries are
flushed
E
Idle MAC
entries are
flushed
101
TCN BPDUs
Understanding Spanning-Tree Protocol Topology

Changes
http://www.cisco.com/warp/public/473/17.html
Remember that a TCN does not start a STP recalculation.
The TCN only has an impact on the aging time; it will not
change the topology nor create a loop.
This fear comes from the fact that TCNs are often
associated with unstable STP environments; TCNs are a
consequence of this, not a cause.
102
Enhancements to 802.1D, PVST+,

RSTP and MST
CCNP SWITCH
Rick Graziani
Spring 2014
Additional Notes
See Notes section for additional detailed information.
104
Download this file
Download: PT-Topology-STP2.pkt
105
Ciscos RSTP is Rapid PVST+
106
IEEE Documents
IEEE 802.1D
IEEE 802.1Q
IEEE 802.1w
802.1D)
IEEE 802.1s
802.1Q)
- Media Access Control (MAC) bridges

- Virtual Bridged Local Area Networks
- Rapid Reconfiguration (Supp. To
- Multiple Spanning Tree (Supp. To
107
Enhancements to STP
STP
PortFast
BPDU Guard
Root Guard
UplinkFast
BackboneFast
Per VLAN Spanning Tree (PVST+)
Rapid Spanning Tree Protocol (RSTP)
Multiple Spanning Tree Protocol (MST)
MST is also known as Multiple Instance Spanning Tree
Protocol (MISTP) on Cisco Catalyst 6500 switches and
above
108
Helping STP protect your LAN

from Problems
PortFast
BPDU Guard
Root Guard
UplinkFast
BackboneFast
Powercycle a host and watch link lights
How long
until switch
link light
turns
green?
110
PortFast
Powered
On
Forwarding
Learning
Listening
BlockingState
State
State
Im adding
any
addresses on
this port to
my MAC
Address
Table.
Host powered on.

Port moves from blocking state immediately to listening state (15
seconds).
Determines where switch fits into spanning tree topology.
After 15 seconds port moves to learning state (15 seconds).
Switch learns MAC addresses on this port.
After 15 seconds port moves to forwarding state (30 seconds total).
111
PortFast Problem DHCP

Powered
On
Forwarding
Learning
Listening
BlockingState
State
State
DHCP Discovery
Timeout
IP Address = 169.x.x.x
Host sends DHCP Discovery

Host never gets IP addressing information
Also: Insignificant Topology Change

A users PC causes the link to go up or down (normal booting or shutdown process).
No significant impact but given enough hosts switches could be in a constant state
of flushing MAC address tables.
Causes unknown unicast floods.
112
PortFast
Powered
On
Forwarding
Portfast enabled
State
DHCP Discovery
DHCP Offer
The purpose of PortFast is to minimize the time that access ports wait for
STP to converge.
When a port comes up, the port immediately moves into Forwarding state.
The advantage of enabling PortFast is to prevent DHCP timeouts.
Host sends DHCP Discovery
Host can now can IP addressing information.
113
Configuring Portfast
Access2(config)#interface range fa 0/10 - 24
Access2(config-if-range)#switchport mode access
<Previously configured>
Access2(config-if-range)#spanning-tree portfast
OR
Access2(config)#spanning-tree portfast default
Warning: PortFast should only be enabled on ports that are connected

to a single host.
If hubs or switches are connected to the interface when PortFast is
enabled, temporary bridging loops can occur.
If a loop is detected on the port, it will move into Blocking state.
114
Powercycle the host again (portfast enabled)
How long
until switch
link light
turns
green?
115
Configuring Portfast
Switch(config)#interface range fa 0/10 - 24
Switch(config-if-range)#switchport mode access
<Previously configured>
Switch(config-if-range)#spanning-tree portfast
Configure Portfast on all Distribution and Access switches
116
Verifying Portfast
Switch(config)# show spanning-tree inteface type mod/num portfast
117
UplinkFast
Uplinkfast allows access layer switches that have redundant links to multiple
distribution switches the ability to converge quickly when a link has failed.
For Leafs (end nodes) of the spanning tree.
Not for use within backbone or distribution switches (BackboneFast).
118
UplinkFast
Unblock G 1/1 skips

listening and learning
and goes directly to
forwarding
Root
UplinkFast must have direct knowledge of the link failure in order to move a
blocked port into a forwarding state.

Single Root Port but multiple potential root ports.
If Root Port fails, next-lowest path cost is unblocked and used without delay
(almost).
This switchover occurs within 1 second.
119
UplinkFast
Not supported with

Packet Tracer
Access1(config)#spanning-tree uplinkfast
Uplinkfast is enabled for the entire switch and all VLANs.

Not supported on a per-VLAN basis.
Uplinkfast keeps track of all possible paths to the Root Bridge.
So, not allowed on the Root Bridge
Switches BID: Raised to 49,152 to make it unlikely it will be the Root
Bridge.
120
BackboneFast
Root
Switch(config)#spanning-tree backbonefast
Backbone fast is a Cisco proprietary feature that, once enabled on all switches can
save a switch up to 20 seconds (Max Age) when it recovers from an indirect link
failure.
Configured in global configuration mode and should be enabled on all switches in
the network.
Requires the use of RLQ (Root Link Query) requests and replies.
Disabled
by default.
Rick Graziani
[email protected]
121
My link to the
Root has
gone
Thanks
down.
for I
telling
have no
me
alternate
Core is the
path
toRoot.
it. So,
I will
Im
the
change
new root
my
RP
andtosend
Fa 0/5.
out
my BPDUs
on all ports.
Root
RP
RP
Inferior BPDU
Forwarding
Blocking
Listening
I just
Thisheard
new BPDU
from
Core
is inferior
that they
to the
are still
onethe
it had
Root.
I will:
stored for this
Send
portBPDU
so I will
to
D1 ignore it.
After 20 seconds
Transition
Let me send
port
this port will now
immediately
my current
to
go into
listening
Root state
a query
Forwarding state.
saving (RLQ).
20
seconds (Max
Age)
BackboneFast is initiated when a root port or blocked port on a switch receives

inferior BPDUs from a designated bridge.
Inferior BPDUs are sent from a designated bridge that has lost its connection to the
root bridge.
Normally, a switch must wait for Max Age (20 seconds) to expire before responding
to an inferior BPDU.
With Backbonefast, switch determines alternate paths to Root.
122
BackboneFast
Normal BPDU
= Core
= Dist1
Inferior BPDU
= Dist1
= Dist1
FYI More Information

An inferior BPDU identifies one switch as
both the root bridge and the designate
bridge.
Distribution 1 is the Designated Bridge.
Normally, sends BPDUs with Root Bridge
as the Core BID.
Same
Inferior BPDU A received BPDU that
Switch
identifies the root bridge and the
designated bridge as the same switch. (I
was only just the Designated Bridge, but
now that I cant get to the Root Bridge, so
now I am also the Root Bridge.)
123
Protecting against unexpected BPDUs
Root Guard
BPDU Guard
Loop Guard
Coast Guard
124
Problem: Unexpected BPDUs
BPDU
Blocking and
now listening
to BPDUs
X
Portfast
Forwards
BPDUs to
other
switches.
STP Reconvergence?
A port configured with PortFast will go into blocking state if it receives
a Bridge Protocol Data Unit (BPDU).

This could lead to false STP information that enters the switched
network and causes unexpected STP behavior.
Newly connected switch could advertise itself as the root.
BPDU Guard: Developed to protect integrity of switch ports with
PortFast enabled but also keeps maintains STP integrity by disallowing
switches.
Rick unauthorized
Graziani [email protected]
125
Solution: BPDU Guard

BPDU
Err-Disable,
Shutdown
No BPDUs sent
Portfast &
BPDU Guard
Not supported with Packet Tracer
Distribution1(config)#interface range fa 0/10 - 24

Distribution1(config-if-range)#spanning-tree bpduguard
enable
When the BPDU guard feature is enabled on the switch, STP shuts down PortFast
enabled interfaces that receive BPDUs instead of putting them into a blocking state.
Errdisable: Port must be manually re-enabled or automatically recovered via timers.
BPDU guard will also keep switches added outside the wiring closet by users from
impacting and possibly violating Spanning Tree Protocol.
126
Root Guard
Protect
Protect
Potential Root
Potential Root
Root Guard prevents a switch from becoming the root bridge.

Typically access switches
Configured on switches that connect to this switch.
127
Root Guard
UplinkFast must
be disabled
because it
cannot be used
with root guard.
Distribution1(config)#interface fa 0/3
Distribution1(config-if-range)#spanning-tree
root
Distribution1(config)#interface gig 0/2
Distribution2(config)#interface
fa 0/3
root
root
Distribution2(config)#interface gig 0/1
Access2(config)#no
spanning-tree uplinkfast
root
guard
guard
guard
guard
128
Root Guard
Root
Guard
I STP
will now
Inconsistent
transition to
listening
State no
sate,
traffic
then
is learning
state,
passed.
then forwarding sate.
Superior
BPDU
I no longer
want to be
root. I have
I want
beento
reconfigured
be root
to
be a nonbridge!
root bridge.
This message appears after root guard blocks a port:

%SPANTREE-2-ROOTGUARDBLOCK: Port 0/3 tried to become
non-designated in VLAN 1. Moved to root-inconsistent
state
129
Unidirectional Link Detection Protocol (ULDP)
Designated Port
Blocked Port
Spanning-Tree Protocol (STP) resolves redundant physical

topology into a loop-free, tree-like forwarding topology.
This is done by blocking one or more ports.
130
ULDP
BPDU
Loop!
BPDU
BPDU
BPDU
BPDU
BPDU
No BPDUs Received
Change to Forwarding State
STP uses Bridge Protocol Data Units (BPDUs).

If a switchs port in blocking port stops receiving BPDUs:
STP eventually ages out the STP information for the port (up to 50 secs)
Moves port to forwarding state.
This creates a forwarding loop or STP loop.
How is it possible for the switch to stop receiving BPDUs while the port is up?
The reason is unidirectional link.
131
ULDP
BPDU
No BPDUs Received
RFC 5171: Issues arise when, due to mis-wirings or to hardware faults, the
communication path behaves abnormally and generates forwarding anomalies.
Link fails in the direction of SwitchC.
SwitchC stops receiving traffic from SwitchB.
However, SwitchB still receives traffic from C.
UDLD is a Layer 2 (L2) protocol that works with the Layer 1 (L1) mechanisms
to determine the physical status of a link.
132
ULDP
My device/port
ID & your
device port ID
My device/port
ID & your
device port ID
Layer 1: Autonegotiation
configured
(speed/duplex)
Layer 2: UDLD
configured
Enable both auto-negotiation and UDLD to prevent unidirectional

connection.
With UDLD switches share Device/Port ID information.
133
ULDP
My device/port
ID & your
device port ID
My device/port
ID & your
device port ID
Unidirectional link failure
UDLD-3-DISABLE: Unidirectional
link detected on port 1/2. Port
disabled
Port disabled
Port shutdown by UDLD remains disabled until:

Manually reenabled or
errdisable timeout expires (if configured)
134
Configuring ULDL
Switch(config)# udld {enable | aggressive}

or
Switch(config)# interface fa 1/2
Switch(config-if)# udld {enable | aggressive}
Normal mode (enable) Port is allowed to continue its operation

merely marks the port as being in undetermined state and generates a
syslog message.
Aggressive mode Port is place in Errdisable state and cannot be
Rick used.
135
Loopguard
Loop!
No Loopguard Configured
BPDU
No BPDUs Received
Loopguard also protects against ports erroneously transitioning to

forwarding mode.
Loopguard will also protect against STP failures, designated switch not
sending BPDUs due to software problems.
136
Loopguard
BPDU
Unidirectional link failure
BPDU
Loopguard Configured
%SPANTREE-2-LOOPGUARD_BLOCK:
Loop guard blocking port
FastEthernet1/0 on VLAN0010
Inconsistent Blocking State
If the switch begins to receive BPDUs again, it will transition through

normal STP states.
Loopguard does NOT protect against problems due to wiring issues.
Highest level of protection is to enable both Loopguard and UDLD.
137
Configuring Loopguard
Switch(config)# spanning-tree loopguard default
or
Switch(config)# interface fa 1/2
Switch(config-if)# spanning-tree guard loop
138
RSTP IEEE 802.1w

(Rapid Spanning Tree Protocol)
140
Rapid Spanning Tree Protocol
141
Rapid Spanning Tree Protocol
The immediate hindrance of STP is convergence.

Depending on the type of failure, it takes anywhere from 30 to 50
seconds, to converge the network.
RSTP helps with convergence issues that plague legacy STP.
142
STP vs RSTP
802.1D
802.1w
vs
RSTP is based on IEEE 802.1w standard.

IEEE 802.1w took 802.1Ds principle concepts and made convergence faster.
STP topology change takes 30 seconds (two intervals of Forward Delay timer).
RSTP is proactive and therefore negates the need for the 802.1D delay timers.
RSTP (802.1w) supersedes 802.1D, while still remaining backward compatible.
RSTP BPDU format is the same as the IEEE 802.1D BPDU format, except that
the Version field is set to 2 to indicate RSTP.
The RSTP spanning tree algorithm (STA) elects a root bridge in exactly the
same way as 802.1D elects a root.
143
RSTP
RSTP can be applied on Cisco switches as:

A single instance per VLAN
Rapid PVST+ (RPVST+)
Multiple instances
IEEE 802.1s Multiple Spanning Tree (MST)
144
STP Port Behavior and States
802.1D
Ports
Root Port
Designated Port
Blocking Port
Non Designated Port and Non Root Port
Ciscos proprietary UplinkFast has a hidden Alternative Port
offering parallel paths, but in Blocking state.
States
Disabled (Not 802.1D state)
Blocking
Listening
Learning
Forwarding
Only state that sends/receives data.
145
RSTP
Root Bridge: Same election process as 802.1D (lowest BID)
Ports
Root Port (802.1D Root Port)
The one switch port on each switch that has the best
root path cost to the root.
Designated Port (802.1D Designated Port)
The switch port on a network segment that has the
best root path cost to the root.
Alternate Port (802.1D Blocking Port)
A port with an alternate path the root.
An alternate port receives more useful BPDUs from
another switch and is a port blocked.
Similar to how Cisco UplinkFast works.
Backup Port (802.1D Blocking Port)
A port that provides a redundant (but less desirable)
connection to a segment where another switch port
already connects.
A backup port receives more useful BPDUs from the
same switch it is on and is a port blocked.
146
RSTP Port States

Operational
Port State
STP Port State
RSTP Port State
Disabled
Disabled
Discarding
Enabled
Blocking
Discarding
Enabled
Listening
Discarding
Enabled
Learning
Learning
Enabled
Forwarding
Forwarding
RSTP defines port states based on what it does with incoming data frames.
Discarding
Incoming frames are dropped
No MAC Addresses learned
Combination of 802.1D (Disabled), Blocking and Listening
Learning
Incoming frames are dropped
MAC Addresses learned
Forwarding
Incoming frames are forward.
147
RSTP BPDUs
STP Port State
STP BPDUs
RSTP Port State
RSTP BPDUs
Disabled
Not Sent/Received
Discarding
Not Sent/Received
Blocking
Receive only
Discarding
Sent/Received
Listening
Sent/Received
Discarding
Sent/Received
Learning
Sent/Received
Learning
Sent/Received
Forwarding
Sent/Received
Forwarding
Sent/Received
RSTP uses same 802.1D BPDU format for backward compatibility.

802.1D and 802.1w switches can coexist.
BPDUs sent out every switch port at Hello Time intervals regardless if
BPDUs are sent on the port.
When three BPDUs in a row (6 seconds) are missed:
the neighbor switch is presumed down
All MAC address information pointing to that switch (out that port) is
immediately aged out (flushed)
Switch can detect a neighbor down in 6 seconds instead of MaxAge
of 20 seconds.
148
RSTP Convergence
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/releas
e/12.1_9_ea1/configuration/guide/swmstp.html#wp1048403
Convergence is a two step process:
1. Elect a Root Bridge
2. Examine all switch ports which by default are in Blocking state and
advance to the appropriate state to prevent loops.
STP requires the expiration of several timers before switch ports can be
moved to Forwarding state.
RSTP takes a different approach:
When a switch joins the topology (powered-up) or detects a failure in the
existing topology
Determines its forwarding decisions based on the type of port.
Edge Port
Root Port
Point-to-Point Port
149
Edge Ports
Edge port will never have a switch connected to it so cannot form

bridging loops.
Immediately transitions to forwarding state.
Traditional identified with STP PortFast feature.
For familiarity the command is the same: spanning-tree portfast
Never generates topology changes notifications (TCNs) when the port
transitions to a disabled or enabled status.
If an edge port receives a BPDU, it loses its Edge Port status becomes
150
Non-Edge Ports
Root Port
The one switch port on each switch that has the best root path cost to
the root.
Point-to-Point Port (Link Type)
Port operating in full-duplex mode.
Connects to another switch and becomes a Designated Port.
Uses a quick handshake with neighboring switch rather than timers to
decide port state.
Shared Medium Port (Link Type)
Port operating in half-duplex mode.
151
Point-to-Point: The Quick Handshake

Root
Proposal
DP
RP
Agreement
Switch A is connected to Switch B through a point-to-point link,

All ports are in the Discarding (Blocking) state.
Switch A has a lower BID than Switch B.
Switch A sends a proposal message (Configuration BPDU) to Switch B,
proposing itself as the Root Bridge and the designated switch on the segment.
Switch B:
Selects its new root port the port from which the proposal message
was received and immediately goes into Forwarding State
Forces all nonedge ports to the Discarding (Blocking) state,
Sends an agreement message.
Switch A: Immediately transitions its designated port to the forwarding
state.
No loops in the network are formed because Switch B blocked all of its
nonedge ports and because there is a point-to-point link between Switches A
and B.
152
Root
Proposal
DP
RP
Agreement
Proposal
Root
DP
DP
DP
RP
Agreement
Proposal
Root A
DP
RP
DP
RP
DP
RP
Agreement
Switch C is connected to Switch B: a similar set of handshaking messages

are exchanged.
Switch C selects the port connected to Switch B as its root port, and both
ends immediately transition to the forwarding state.
Handshaking process continues throughout topology.
153
RSTP Topology Change Notifications

802.1D
802.1D
802.1D
Switch detects a state change (up or down), it sends the Root Bridge a TCN
BPDU.
The Root Bridge sends out a Configuration BPDU (TCN bit set) to all switches to
tell them about the change. (30 seconds before Forwarding)
RSTP
Detects a topology change only when a nonedge port transitions to the
Forwarding State.
RSTP uses its convergence mechanisms (Edge Ports, Point-to-Point ports,
handshaking, etc.) to prevent bridging loops.
Therefore, topology changes are detected only so MAC address tables can be
updated and corrected.
This means that a loss of connectivity is not considered as a topology change any
more, contrary to 802.1D (that is, a port that moves to blocking no longer generates
a TC).
154
RSTP Topology Change

Notifications
RSTP
When a topology change occurs:

Switch flushes the MAC addresses associated
RSTP no longer uses the specific
with all nonedge ports.
TCN BPDU, unless a legacy bridge
Switch sends BPDU with TCN bit set to all
needs to be notified
neighbors so they can update their MAC Address
tables too.
When a bridge receives a BPDU with the TCN bit set from a neighbor:
It clears the MAC addresses learned on all its ports, except the one the port that
it receives the topology change.
It sends BPDUs with TCN set on all its designated ports and root port (RSTP no
longer uses the specific TCN BPDU, unless a legacy bridge needs to be notified).
This way, the TCN floods very quickly across the whole network - now a one step
process.
The initiator of the topology change floods this information throughout the network,
as opposed to 802.1D where only the root did.
Much faster than the 802.1D equivalent < wait for the root bridge to be notified, and
then max age plus forward delays>.
In just a few seconds, or a small multiple of hello-times, most of the entries in the
CAM tables of the entire network (VLAN) flush.
This approach results in potentially more temporary flooding, but on the other hand it
clears potential stale information and allows rapid convergence.
155
Rapid PVST Implementation Commands

Cisco implements RSTP with Rapid PVST+
Switch(config)# spanning-tree mode rapid-pvst
To revert back to the default PVST+ using traditional 802.1D:
Switch(config)# spanning-tree mode pvst

156

Cisco implements RSTP with Rapid PVST+
To configure an RSTP edge port:
Switch(config-if)# spanning-tree portfast

RSTP automatically decides if a port is point-to-point link operating in full duplex or half-duplex.
If you need to set it manually, other switch is in Half-Duplex but still point-to-point (by the way,
both ends must then be Half-Duplex):
Switch(config-if)# spanning-tree link-type point-toRick point

157

VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
24577
Address
0001.C945.A573
Cost
4
Port
Bridge ID
Priority
Address
Hello Time
Aging Time

0003.E461.46EC
20
158
802.1D creates a single

instance of STP for all
VLANs.
PVST+ and RPVST create a

single instance of STP for
each VLAN.
If there are 500 VLANs in the

network that would be 500
instances of STP running!
PVST+ does allow different
VLANs to have different Root
Bridges which can allow for
the use of redundant links.
159
Multiple Spanning Tree Protocol 802.1s
MSTP is also known as Multiple Instance Spanning Tree

Protocol (MISTP) on Cisco Catalyst 6500 switches and
above
160
Multiple Spanning Tree Protocol 802.1s

Instance 1 maps to VLANs 1500
Instance 2 maps to VLANs 5011000
Multiple Spanning Tree (MST) extends the IEEE 802.1w RST algorithm to multiple
spanning trees.
The main purpose of MST is to:
Reduce the total number of spanning-tree instances to match the physical topology
of the network
Thus reduce the CPU cycles of a switch.
Allows the network administrator to configure the exact number of instances.
PVST+ runs a single instance of STP for each VLAN and does not take into
consideration the physical topology.
May have 1,000 VLANs but only 2 different topologies (2 different Root Bridges).
PVST+ will still create 1,000 instances of STP
MST, on the other hand, uses a minimum number of STP instances to match the
number of physical topologies present.
May have 1,000 VLANs but only 2 different topologies (2 different Root Bridges).
MST will let you specify only 2 instances of STP.
161
802.1D
MST Regions
802.1D
MST
Region
MST Region is a group of switches placed under a common administration (like an AS).
In most networks a single MST region is sufficient.
A single MST Region can handle 15 STP instances (topologies).
Within a region, all switches must run the instance of MST as defined by:
MST configuration name (32 characters)
MST configuration revision number ( 0 to 65,535)
MST instance-to-VLAN mapping table (4,096 entries)
MST was designed to work with all forms of STP.
IST (Internal Spanning Tree) instance runs to work out a loop-free topology inside the
MST Region.
IST presents the entire MST region as a single virtual switch (bridge) to the CST (802.1D)
outside.
162
MST
Remember, the whole idea of MST is to map multiple VLANs to a smaller
number of STP instances.

Cisco supports a maximum of 16 MST Instances (MSTIs) in a region.
The IST uses MST 0 leaving 1 through 15 available for use.
The Distribution1 switch is the primary root bridge for the data VLANs 10, 30,
and 100
Secondary root bridge for the voice VLANs 20, 40, and 200.
The Distribution2 switch the primary root bridge for the voice VLANs 20, 40,
and 200
Secondary root bridge for the data VLANs 10, 30, and 100.
Distribution1 is chosen as CIST regional root.
It means that Distribution1 is the root for IST0.
163
MST
Enables MST
Distribution1(config)# spanning-tree mode mst
Distribution1(config)# spanning-tree mst configuration
Configure Region
Distribution1(config-mst)# name region1
and MST instances
Distribution1(config-mst)# revision 10
Distribution1(config-mst)# instance 1 vlan 10, 30, 100
Distribution1(config-mst)# exit
Configure Root Bridge
Distribution1(config)# spanning-tree mst 0-1 root primary
Distribution1(config)# spanning-tree mst 2 root secondary
164
MST
Enables MST
Distribution2(config)# spanning-tree mode mst
Distribution2(config)# spanning-tree mst configuration
Configure Region
Distribution2(config-mst)# name region1
and MST instances
Distribution2(config-mst)# revision 10
Distribution2(config-mst)# exit
Configure Root Bridge
Distribution2(config)# spanning-tree mst 2 root primary
Distribution2(config)# spanning-tree mst 0-1 root secondary
165
MST
For complete configurations go to:

Configuration example to migrate Spanning Tree from PVST+ to
MST
http://www.cisco.com/en/US/products/hw/switches/ps708/products_co
nfiguration_example09186a00807b075f.shtml
166
MST
Switch# show spanning-tree
MST00
Spanning tree enabled protocol mstp
Root ID
Priority
24577
Address
0001.C945.A573
Cost
4
Port
Bridge ID
Priority
Address
Hello Time
Aging Time

0003.E461.46EC
20
167
STP Spanning Tree Protocol

CCNP SWITCH
Rick Graziani

Cis187 Switch 3 STP

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cis187 Switch 3 STP

Uploaded by

Copyright:

Available Formats

STP Spanning Tree Protocol

CIS 187 Multilayer Switched Networks

Follow along with Packet Tracer

Download the following Packet Tracer file from my

Spanning Tree Protocol (STP)

STP often accounts for more

Rick Graziani [email protected]

By default, STP is enabled for every port on the switch.

Rick Graziani [email protected]

Spanning Tree Protocol (STP)

Redundancy Creates Loops

Rick Graziani [email protected]

Broadcasts and Layer 2

Rick Graziani [email protected]

Bridge loops can occur any

Rick Graziani [email protected]

STP Prevents Loops

The purpose of STP is to avoid and eliminate loops in the network by

Rick Graziani [email protected]

Spanning Tree Algorithm

STP executes an algorithm

Rick Graziani [email protected]

Two-key STP Concepts

STP calculations make extensive use of two key concepts in

Cost (Revised IEEE

Cost (Previous IEEE

Rick Graziani [email protected]

Consists of two components:

Rick Graziani [email protected]

Each switch has a unique BID.

Rick Graziani [email protected]

What is the Priority of Access1?

Rick Graziani [email protected]

What is the BID of this switch?

Rick Graziani [email protected]

32769 (priority 32768 sys-id-ext 1)

Used to elect a root bridge (coming)

Rick Graziani [email protected]

Path Cost Original Spec (Linear)

Cost (Revised IEEE

Cost (Previous IEEE

Rick Graziani [email protected]

Path Cost Revised Spec (Non-Linear)

Cost (Revised IEEE

Cost (Previous IEEE

Rick Graziani [email protected]

You can change the path cost by

Five-Step STP Decision Sequence

When creating a loop-free topology, STP always uses the same

Bridges use Configuration BPDUs during this five-step process.

Rick Graziani [email protected]

FYI: BPDU key concepts

Rick Graziani [email protected]

Elect one Root Bridge

When the network first starts, all bridges are announcing a

chaotic mix of BPDUs.

Rick Graziani [email protected]

Elect one Root Bridge

Rick Graziani [email protected]

What is the BID of this switch? Who is the Root?

Core# show spanning-tree

32769 (priority 32768 sys-id-ext 1)