What is Spanning Tree Protocol (STP)

The function of Spanning Tree Protocol (STP) is to prevent Layer 2 switching loop and
broadcast storms in a Local Area Network (LAN).

The Spanning Tree Protocol (STP) allows redundant links in a network to prevent complete
network failure if an active link fails, without the danger of Layer 2 Switching loops.

Spanning Tree Protocol (STP) is based on an algorithm, which was developed by Radia
Perlman at DEC (Digital Equipment Corporation, now part of HP). The Spanning Tree
Protocol (STP) was then standardized by IEEE as IEEE 802.1D.

Because of the slow convergence time of Spanning Tree Protocol (STP) IEEE 802.1D, another
version of Spanning Tree Protocol (STP IEEE 802.1W) is developed, which is also known
as Rapid Spanning Tree Protocol (RSTP), which has much better convergence time.

The two implementations of Spanning Tree Protocol (STP) are not compatible with each other.
Cisco switches support IEEE 802.1D Spanning Tree Protocol (STP) implementation.
What is Bridge Protocol Data Unit (BPDU) frame

The Spanning Tree Protocol (STP) enabled switches in a redundant Local Area Network
(LAN) need to exchange information between each other for Spanning Tree Protocol (STP) to
work properly.

Bridge Protocol Data Units (BPDUs) are messages exchanged between the switches inside an
interconnected redundant Local Area Network (LAN).

Bridge Protocol Data Units (BPDUs) frames contain information regarding the Switch ID,
originating switch port, MAC address, switch port priority, switch port cost etc.

Bridge Protocol Data Units (BPDUs) frames are sent out as multicast messages regularly at
multicast destination MAC address 01:80:c2:00:00:00.

When Bridge Protocol Data Units (BPDUs) are received, the Switch uses a mathematical
formula called the Spanning Tree Algorithm (STA) to know when there is a Layer 2 Switch
loop in network and determines which of the redundant ports needs to be shut down.

Three types of Bridge Protocol Data Units (BPDUs) are Configuration BPDU (CBPDU),
Topology Change Notification (TCN) BPDU and Topology Change Notification
Acknowledgment (TCA).
The basic purpose of the Bridge Protocol Data Units (BPDUs) and the Spanning Tree
Algorithm (STA) is to avoid Layer 2 Switching loops and Broadcast storms.
Bridge Protocol Data Unit (BPDU) Frame Format

Two important Bridge Protocol Data Unit (BPDU) frames which switches exchange are
configuration Bridge Protocol Data Units (BPDUs) and topology change Bridge Protocol Data
Units (BPDUs). Configuration Bridge Protocol Data Units (BPDUs) are sent between bridges
to establish a network topology. Topology change Bridge Protocol Data Units (BPDUs) are
sent after a topology change has been detected to indicate that the Spanning Tree Protocol
(STP) algorithm should be initiated.

The format of IEEE 802.1D Bridge Protocol Data Unit (BPDU) is given below.

• Protocol ID (2 bytes): Contains the value 0000 for IEEE 802.1D

• Version ID (1 byte): Contains the value zero.

• BPDU Message Type (1 byte): Configuration or TCN BPDU

• Flags (1 byte): The Topology Change (TC) bit signals a topology change. The Topology
Change Acknowledgment (TCA) bit is set to acknowledge receipt of a configuration message.

1 : Topology Change Flag

2 : unused 0
3 : unused 0
4 : unused 0
5 : unused 0
6 : unused 0
7 : unused 0
8 : Topology Change Ack

• Root Bridge (Root Switch) ID (8 bytes): Identifies the root bridge by listing its 2-byte priority
number followed by its 6-byte MAC address.

• Root Path Cost (4 bytes) : Contains the cost of the path from the bridge sending the
configuration message to the Root Bridge (Root Switch) .

• Sender Bridge (Switch) ID (8 bytes): Identifies the Sender bridge by listing its 2-byte priority
number followed by its 6-byte MAC address.
• Port ID 2 bytes): Identifies the port from which the configuration message was sent.

• Message Age (2 bytes): Specifies the amount of time elapsed since the Root Bridge (Root
Switch) sent the configuration message on which the current configuration message is based.

• Maximum Age (2 bytes): Indicates when the current configuration message should be
deleted.

• Hello time (2 bytes): Provides the time period between Root Bridge (Root
Switch) configuration messages.

• Forward Delay (2 bytes): Provides the length of time that bridges should wait before
transitioning to a new state after a topology change.

What are Spanning Tree Bridge Priority (Switch Priority) and Bridge ID (Switch ID)
values

Every Bridge (Switch) Participating in a Spanning Tree Protocol network is assigned with a
numerical value called Bridge Priority (Switch Priority) Value. Bridge Priority (Switch
Priority) Value is a 16-bit binary number.

By default, all Cisco Switches has a Bridge Priority (Switch Priority) value of 32,768.

Bridge Priority (Switch Priority) value decides which Switch can become Root Bridge (Root
Switch). A Switch with lowest Bridge Priority (Switch Priority) Value will become the Root
Bridge (Root Switch)

The Bridge Priority (Switch Priority) value is used to find the Bridge ID (Switch ID).

The Bridge ID (Switch ID) is made from two values:

• The Switch Priority, which is a numerical value defined by IEEE 802.1D, which is equal to
32,768 by default.

• The MAC Address of the Switch.

What is a Root Bridge (Switch), Bridge (Switch) Priority Value and Bridge (Switch)ID

A Spanning Tree is an inverted tree. The Root bridge (switch) is a special bridge at the top of
the Spanning Tree (inverted tree). The branches (Ethernet connections) are then branched out
from the root switch, connecting to other switches in the Local Area Network (LAN).

All Bridges (Switches) are assigned a numerical value called bridge priority. The Bridge
(Switch) priority value is used to find the Bridge (Switch) ID.
The Switch ID is made from two values.

• The Switch Priority, which is a numerical value defined by IEEE 802.1D, which is equal to
32,768 by default.

• The MAC Address of the Switch.

If all the Switches in your Local Area Network (LAN) are configured with the default Switch
Priority (32,768), the Switch MAC address will become the decisive factor in electing the Root
Bridge (Switch).

The Bridge (Switch) with the lowest MAC Address is then elected as Root Bridge (Switch).

What is a Root Port

Once the Root Bridge (Switch) is elected, every other Switch in the network must select a
single port on it to reach the Root Bridge (Switch).

The single selected port on a Switch with least Path Cost to the Root Bridge is called the Root
Port.

Root Bridge (Switch) will never have a Root Port.

Root Bridge (Switch) is at the Root and therefore there is no need of a Root Port to reach the
root.

Spanning Tree Path Cost Value and How is Spanning Tree Path Cost Value Calculated

In Spanning Tree Protocol, any switch other than the Root Switch, has to find a Root Port,
from its available trunk ports, which is that Switch’s Port to reach the Root Bridge (Switch).
The Root Port is calculated in every Switch, other than the Root Switch, by using the lowest
accumulated Path Cost Value to reach the Root Bridge (Switch).

The Spanning Tree Cost Value is inversely proportional to the associated bandwidth of the
path and therefore a path with a low cost value is more preferable than a path with high cost
value.

Spanning Tree Path Cost value can be defined as the accumulated port costs from a Switch
(other than the Root Bridge (Switch)) to reach the Root Switch. When a switch receives
a Bridge Protocol Data Unit (BPDU) in its port, it increments the path cost with the cost of
the incoming port. Path costs are incremented when a Bridge Protocol Data Unit
(BPDU) reaches a port.
 Spanning Tree Port Priority and Port ID Values

Each port of a Switch has a Spanning Tree Port Priority value associated with it, which is
equal to 128 by default.

Spanning Tree Port ID is formed by adding the 4-bit port priority value (the default value of
128) to 12-bit interface identifier (total 16 bits).

Normally, a Port ID is denoted in Hexadecimals similar as 0x8015, which is equivalent to

128.21 in decimals, where the first part is the default Port Priority number and second part is
the switch interface identifier.

We can view the spanning-tree command by using show command "show spanning-tree".

omnisecu.com.SW1#show spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 0001.42AD.E8B3

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0001.42AD.E8B3

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/24 Desg FWD 19 128.24 P2p

Gi1/1 Desg FWD 4 128.25 P2p

Gi1/2 Desg FWD 4 128.26 P2p

In above topology, the first two conditions to select the Root Switch will become a tie (both
path has same Path Cost and same neighbor Switch ID), if the bandwidth of the two links are
equal.

Here, the Port Priority number will be used as the tie-breaker. The interface on Switch 10,
which receives the lowest Port Priority number from the connected switch (in this case the
Root Switch), will become the Root Port, and other port will be in blocking.

How to change Spanning Tree Bridge Root Priority value and What is Extended
System ID

Every Bridge (Switch) Participating in a Spanning Tree Protocol network is assigned with a
numerical value called Bridge Priority (Switch Priority) Value.

By default, all Cisco Switches has a Bridge Priority (Switch Priority) value of 32,768.
Bridge Priority (Switch Priority) value decides which Switch can become Root Bridge
(Root Switch).

You can lower the Switch Priority value in a Spanning Tree Protocol switch, so that we can
make that switch elected as the Root Switch.

To change the Bridge Priority (Switch Priority) Value, to a particular value, use the
following command from Global Configuration mode.

When you change the Bridge Priority (Switch Priority) Value, make sure that you are
decrementing or incrementing it by 4096. If you try to decrement or increment the Bridge
Priority (Switch Priority) Value by any value other than 4096, you will get an error
message similar to below output.

SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#spanning-tree vlan 170 priority 32767

% Bridge Priority must be in increments of 4096.

% Allowed values are:

0 4096 8192 12288 16384 20480 24576 28672

32768 36864 40960 45056 49152 53248 57344 61440

SW1(config)#exit

This is because, by default, Cisco Switches are running a mode of Spanning Tree Protocol,
known as Per-VLAN Spanning Tree Protocol + (PVST+). PVST+ is based on the IEEE
802.1D standard, added with Cisco proprietary extensions. The PVST+ runs on
each VLAN on the switch, which means that there is a separate Spanning Tree
Protocol instance for each VLAN.

The 16-bit Bridge Priority (Switch Priority) Value included in the BPDU's must hold both
the Bridge Priority (Switch Priority) Value and the VLAN information, as shown below.
The VLAN information is added as 12-bit Extended System ID as shown below.
From above image, we can see that Bridge Priority (Switch Priority) Value is represented
only by using the left most four bits and the remaining 12 bits are used to represent
Extended System ID. If we want to change the Bridge Priority (Switch Priority) Value, the
least change is possible only from the 13th bit, which is 2^12.

So what is Spanning Tree Extended System ID? The Extended System ID is utilized by
spanning-tree to include the VLAN ID information inside 16-bit STP Bridge Priority value.
Extended System ID is the least significant 12-bits in 16-bit STP Bridge Priority value.

Bridge Priority (Switch Priority) Value 32769 from the output of show command "show
spanning-tree" is the sum of default Bridge Priority (Switch Priority) Value 32768 and the
VLAN number, 1 (above example, I have only one VLAN).

Use "spanning-tree vlan <vlan_no> priority <priority_no>" command to change the Bridge
Priority (Switch Priority) Value, from Global Configuration mode.

SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#spanning-tree vlan 1 priority 28672

SW1(config)#exit

How to configure Spanning Tree Protocol Root Primary and Root Secondary for
Selecting Root Switch (Root Bridge)

To configure a Switch to become the Spanning Tree Protocol (STP) Root Bridge (Root
Switch) for a VLAN, you can use the “spanning-tree vlan <vlan-id> root” command from
the Global Configuration Mode.
When you enter “spanning-tree vlan <vlan-id> root” command, IOS will check the Switch
Priority values of the Root Bridges (Root Switches) for each VLAN. If all the switches in
the VLAN have the same default priority, IOS will configure the Spanning Tree Priority
value as 24576.

If any Root Bridge (Root Switch) for the specified VLAN has a Switch Priority
value lower than 24576, the switch sets its own priority for the specified VLAN to 4096
less than the lowest Spanning Tree Switch Priority value.

To configure a Switch as a Root Bridge (Root Switch) using "spanning-tree vlan <vlan_id>
root primary" command, follow these steps.

SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#spanning-tree vlan 1 root primary

SW1(config)#exit

To configure a Switch as a Secondary candidate for Root Bridge (Root Switch) using
"spanning-tree vlan <van_id> root secondary" command follow these steps.

SW2>enable

SW2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#spanning-tree vlan 1 root secondary

SW2(config)#exit

%SYS-5-CONFIG_I: Configured from console by console

SW2#exit

Cisco IOS Show command "show spanning-tree" will show the changed Switch Priority
value as below.

SW1#show spanning-tree
 How to change Spanning Tree Port Priority Value

Default Spanning Tree Port Priority value is 128. Sometime, it may necessary to change
the Spanning Tree Port Priority value to fine tune Spanning Tree Protocol.

We can change the Spanning Tree Port Priority value, using the interface
configuration commad "spanning-tree vlan <vlan_no> port-priority
<port_priority_value>", as shown below.

You may change the Spanning Tree Port Priority value only in increments of 16.

SW1>en

SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#interface fa0/23

SW1(config-if)#spanning-tree vlan 1 port-priority 16

SW1(config-if)#exit

SW1(config)#exit

How Spanning Tree Protocol (STP) select Root Port, Spanning Tree Root Port
selection

If a Switch has multiple paths to reach the Root Bridge (Root Switch), it must select one
path and the associated port as the Root Port. Following are the different steps for selecting
the Root Bridge (Switch).

Spanning Tree Root Port selection process in a Non-Root Switch involves the following
steps.

1. Select the port connected to the path with the lowest accumulated Spanning Tree
Path Cost to the Root Bridge (Root Switch) as the Root Port, when a Non-Root
Switch has multiple paths to reach the Root Switch.
2. If multiple paths are available to reach the Root Bridge (Root Switch) with the
same accumulated Spanning Tree Path Cost in a Non-Root Switch, select the port
connected to the neighbor switch which has the lowest Switch ID value as the Root
 Port.
3. If all the multiple paths go through the same neighboring switch to reach the Root
Bridge (Root Switch), Non-Root Switch will select the local port which receives
the lowest port Spanning Tree Port Priority value from neighbor Switch as
the Root Port.
4. If the received Spanning Tree Port Priority value values are the same between the
connecting ports to reach the Root Bridge (Root Switch), Non-Root Switch will
select the port which receives the lowest physical port number from neighbor
Switch as the Root Port. This is the last tie breaker.

What is a Designated Port

There can be only one Root Port (marked as RP) on a Switch, but a Switch can have
multiple Designated ports (marked as DP). The Designated Port is the port that has the
lowest Path Cost on a particular Local Area Network (LAN) segment. Each segment has
a single port that is used to reach the Root Bridge (Root Switch) called Designated Port.
A Root Port can never be a Designated port.

A Root Port is the port on the Switch with the least cost from the "Switch" to the Root
Bridge. A Designated Port is the port on a "Local Area Network (LAN) segment" with
the least cost to the root bridge. The other end of a Designated Port is called as Non
Designated Port (marked as NDP), if it is NOT a Root Port. Non Designated Port will be
always in Blocking State, to avoid Layer 2 Switching loops.

Remember, a Root Port can never be a Designated Port and also there cannot be any Root
Port on a Root Bridge (Root Switch). All the ports on a Root Bridge (Root Switch) are
Designated Ports.
How Spanning Tree Protocol (STP) select Designated Port

Spanning Tree Designated Port Selection is almost same as Spanning Tree Root Port
selection.

After selecting the Spanning Tree Root Ports (best port to reach the Root Bridge), Spanning
Tree Protocol will make the other end of the Root Port connecting to the next Switch as
Designated Port.

Every Switch has only one Spanning Tree Root Port (best port to reach the Root Switch
(Root Bridge)). For any other network segments in a Switch which does not include a Root
Port, Spanning Tree will select one port as Designated Port and other as Non-Designated
Port. For that segment, Designated Port will be in Spanning Tree Forwarding State and
Spanning Tree Non-Designated port will be in Spanning Tree Blocking State.

Root Port is the port on any Non-Root Bridge which is the best port to reach the Root
Switch (Root Bridge). Hence, there is no Root Port in Root Bridge. All the ports in a Root
Switch (Root Bridge) are Spanning Tree Designated Ports and will be in Spanning Tree
Forwarding State.

Following are the different steps for selecting the Spanning Tree Designated Port.

• Select the port on the Switch on the network segment (which does not include a Root
Port) with the lowest accumulated Spanning Tree Path Cost to the Spanning Root Bridge
(Root Switch) as the Designated Port and other side of the Designated Port will be the Non-
Designated Port.

• If there is a tie in accumulated Path Costs between the two switches in the network
segment, then select the port on the switch with the lowest Spanning Tree Switch ID as the
Designated Port and other side of the Designated Port as the Non-Designated Port.r

Spanning Tree Port States, Blocking, Listening, Learning, Forwarding, Disabled

The ports on a switch with enabled Spanning Tree Protocol (STP) are in one of the
following five port states.

• Blocking

• Listening

• Learning

• Forwarding

• Disabled

A switch does not enter any of these port states immediately except the blocking state.
When the Spanning Tree Protocol (STP) is enabled, every switch in the network starts in
the blocking state and later changes to the listening and learning states.
Blocking State

The Switch Ports will go into a blocking state at the time of election process, when a switch
receives a BPDU on a port that indicates a better path to the Root Switch (Root Bridge),
and if a port is not a Root Port or a Designated Port.

A port in the blocking state does not participate in frame forwarding and also discards
frames received from the attached network segment. During blocking state, the port is only
listening to and processing BPDUs on its interfaces. After 20 seconds, the switch port
changes from the blocking state to the listening state.

Listening State

After blocking state, a Root Port or a Designated Port will move to a listening state. All
other ports will remain in a blocked state. During the listening state the port discards
frames received from the attached network segment and it also discards frames switched
from another port for forwarding. At this state, the port receives BPDUs from the network
segment and directs them to the switch system module for processing. After 15 seconds,
the switch port moves from the listening state to the learning state.

Learning State

A port changes to learning state after listening state. During the learning state, the port is
listening for and processing BPDUs . In the listening state, the port begins to process user
frames and start updating the MAC address table. But the user frames are not forwarded to
the destination. After 15 seconds, the switch port moves from the learning state to the
forwarding state.

Forwarding State

A port in the forwarding state forwards frames across the attached network segment. In a
forwarding state, the port will process BPDUs , update its MAC Address table with frames
that it receives, and forward user traffic through the port. Forwarding State is the normal
state.

Data and configuration messages are passed through the port, when it is in forwarding
state.
Disabled State

A port in the disabled state does not participate in frame forwarding or the operation
of STP because a port in the disabled state is considered non-operational.

How BPDU is generated and How BPDU works

There are two types of Bridge Protocol Data Units (BPDUs) and they are Configuration
BPDUs and Topology Change Notification (TCN) BPDUs.

In a layer 2 Spanning Tree Protocol (STP) enabled network, Configuration BPDUs are
generated from the Root Bridge (Root Switch) and flow outward along the active Paths and
move away from the Root Bridge (Root Switch).

Topology Change Notification BPDUs (TCN BPDUs) are generated normally from Non-
Root switches and flow upstream towards the Root Bridge (Root Switch) to inform
the Root Bridge (Root Switch) that the network topology has changed.

A Switch with lowest Switch ID is selected as the Root Bridge (Root Switch) . When a
Network Switch receives a configuration BPDU that has a lower Root Switch (Root
Bridge) ID, compared with what the Network Switch has as lower Root Switch (Root
Bridge) ID, the Network Switch will consider the Switch with lowest Root Switch (Root
Bridge) ID as the Root Bridge (Root Switch) and start relaying the Configuration
BPDUs which are received from the new Root Bridge (Root Switch) .

After the Root Bridge (Root Switch) has been identified, all other Non-Root Switches
bridges do not actually generate Configuration BPDUs. Non-Root Switch only propagates
the BPDUs generated by the Root Bridge (Root Switch) . The Non-Root Switch also
updates certain fields in the Configuration BPDUs, such as Message Age, Root Path Cost,
Sender Bridge ID etc.

When a port receives a BPDU, it has a path to the Root Bridge (Root
Switch), because BPDUs are originated from the Root Bridge (Root Switch). The port
which receives a BPDU is normally a Root Port. For a Non-Root Bridge a port that
receives a BPDU, that port leads to the Root Bridge (Root Switch).

If a Non-Root Bridge receives BPDUs in two ports, probably the network is in a Layer 2
loop.

STP Timers hello timer, forward delay timer, max age timer and their default
values

Important Spanning Tree Protocol (STP) timers are hello timer, forward delay timer and
max age timer and their default values are listed below.

Hello timer

The hello timer is the time interval between each Bridge Protocol Data Unit (BPDU) that is
sent on a port. Defaut Spanning Tree Protocol (STP) hello timer is 2 seconds. You can
adjust Spanning Tree Protocol (STP) hello timer to any value between 1 and 10 sec.

Forward delay timer

The forward delay timer is the time interval that is spent in the listening and learning state.
Default Spanning Tree Protocol (STP) forward delay timer is 15 seconds. You can adjust
the Spanning Tree Protocol (STP) forward delay timer to any value between 4 and 30
seconds.

max age timer

The max age timer controls the maximum length of time interval that a Spanning Tree
Protocol (STP) Switch port saves its configuration Bridge Protocol Data Unit
(BPDU) information. Default max age timer is 20 seconds. You can tune the Spanning
Tree Protocol (STP) max age timer to any value between 6 and 40 sec.

How to Configure and Change Spanning Tree Protocol (STP) Default Timer-Values
for hello timer, forward delay timer and max age timer

The following commands can be used to change the default Spanning Tree Protocol
(STP) hello timer, forward delay timer and max age timer.

To change the Spanning Tree Protocol (STP) hello timer to 4 seconds on VLAN 100, run
the following command from Global Configuration mode.

SW1(config)#spanning-tree vlan 100 hello-time 4

To change the Spanning Tree Protocol (STP) forward delay timer to 20 seconds on VLAN
100, run the following command from Global Configuration mode.

SW1(config)#spanning-tree vlan 100 forward-time 20

To change the Spanning Tree Protocol (STP) max age timer to 25 seconds on VLAN 100,
run the following command from Global Configuration mode.

SW1(config)#spanning-tree vlan 100 max-age 25

Topology Changes in Spanning Tree Protocol (STP)

The network topology can happen in a network due to different reasons like a link failure, a
Switch (Bridge) failure, or a port transitioning to forwarding state.

The topology change must be notified to all Switches (Bridges) in the network and the
process involves two steps:

• The Switch (Bridge) notifies the topology change to Root Bridge

• The Root Switch (Bridge) bridge broadcasts the topology change information into the
whole network.

When a Switch (Bridge) discovers topology change, it generates a TCN (Topology Change
Notification) BPDU (Bridge Protocol Data Unit) and sends the TCN BPDU on its root port.
The upstream Switch (Bridge) responds back the sender with TCA (Topology Change
Acknowledgment) BPDU (Bridge Protocol Data Unit) and TCA (Topology Change
Acknowledgment) BPDU (Bridge Protocol Data Unit)

Spanning Tree Protocol (STP) Convergence, What is Layer 2

Network Convergence

Spanning Tree Protocol (STP) convergence (Layer 2 convergence) happens when bridges
and switches have transitioned to either the forwarding or blocking state. When layer 2 is
converged, Root Switch is elected and Root Ports, Designated Ports and Non-Designated
ports in all switches are selected.

At Converged condition, the Root Ports and the Designated ports are in forwarding state,
and all other ports are in blocking state.

For Layer 2 switches, convergence occurs once Spanning Tree Protocol (STP) process has
completed: a Root Switch is elected, Root Ports and Designated Ports have been chosen,
the Root Ports and Designated Ports have been placed in a forwarding state, and all other
ports have been placed in a blocking state.

If a port has to go through all four states, convergence takes 50 seconds: 20 seconds in
blocking, 15 seconds in listening, and 15 seconds in learning.

If a port doesn’t have to go through the blocking state but starts at a listening state,
convergence takes only 30 seconds. This typically occurs when the Root Port is still valid,
but another topology change has occurred.

Remember that during this time period (until the port reaches a forwarding state), no user
traffic is forwarded through the port.

Where to place the Spanning Tree Protocol Root Switch (Root Bridge)

In a default Spanning Tree Protocol (STP) configuration network, a Switch with the
lowest MAC address will be elected as the Root Bridge (Root Switch)

This is because, Spanning Tree Protocol (STP) will select a Bridge with lowest Switch ID
(Bridge ID) as the Root Bridge (Root Switch) . Bridge ID consists off two parts, and they
are 1) Switch Priority and 2) MAC address.

The default value for Switch Priority is 32768 in all the Switches. Therefore, the switch
with the lowest MAC address will become the Root Bridge (Root Switch).

If all the Switches in Spanning Tree Protocol (STP) have the same Spanning Tree
priority, the switch with the lowest MAC address will become the Root Bridge (Root
Switch). Typically older switches have lower MAC addresses, and by default, there is a
chance for an older Switch to become a Root Bridge (Root Switch). An older Switch may
not have enough memory or hardware capacity to perform as a Root Bridge (Root
Switch).

Root Bridge (Root Switch) must be placed in a central part of the network, to provide the
best possible data path.

Root Bridge (Root Switch) must be placed near to Network Servers and other important
devices which are the sources of high network traffic to ensure that the topology of the
network is optimized to the traffic flows of the network.

Normally, Switches operating at the Distribution Layer is configured as the Spanning

Tree Root Bridge (Root Switch), because Switches operating at the Distribution
Layer typically do not connect to end devices.

Access Layer network changes are less likely to affect Switches operating at
the Distribution Layer.
Spanning Tree Protocol (STP) Uplink Fast, Backbone Fast and Port fast

Uplink Fast, Backbone Fast and Port fast are Cisco’s proprietary extensions to the
Classic Spanning Tree Protocol (STP 802.1 D) algorithm. The purpose Uplink
Fast, Backbone Fast and Port fast are to reduce the time it takes Spanning Tree Protocol
(STP) to converge after a link failure.

Features similar to Uplink Fast, Backbone Fast and Port fast are built into Rapid
Spanning Tree Protocol (RSTP). There is no need to enable Uplink Fast and Backbone
Fast separately when your network is running Rapid Spanning Tree Protocol (RSTP).
Port Fast needs to be explicitly enabled, even if you are using Rapid Spanning Tree
Protocol (RSTP). In this case, the port is called as an RSTP Edge port.

We need to Enable Uplink Fast, Backbone Fast and Port fast only when our network run
Classic Spanning Tree Protocol (STP). In Cisco Switching environments, it is PVST+.
What is Spanning Tree Protocol (STP) Uplink Fast

Uplink Fast extension is useful for Direct Link failures (a link connected directly to the
same Switch). The Uplink Fast extension can dramatically decrease the convergence time
of the Spanning Tree Protocol (STP) in the event of the Direct link (a link connected
directly to the same Switch) failure of an uplink on an Access Layer switch.

The Uplink Fast feature is designed to run in switch that has at least one alternate/backup
port which is in the blocking state. For this reason Cisco recommends that Uplink Fast be
enabled only for switches with redundant blocked ports, typically at the access-layer.

Access Layer switches have normally redundant uplinks to the Core and Distribution
layers.

In Classic Spanning Tree Protocol (STP), if the available path to the Root Switch (Root
Bridge) goes down, there will be a 50-second delay due to the Spanning Tree Protocol
(STP) MaxAge timer and Forward Delay timer before the currently blocked path will be
available.

When a switch loses connectivity, alternate paths are used for communication. By
enabling Uplink Fast we can speed-up the selection of a new Root Port when a link or
switch fails or when the Spanning Tree Protocol (STP) reconfiguration happens.

When Uplink Fast is enabled, Root Port transitions to the Forwarding State immediately
without going through the Listening State and Learning State, as in normal Spanning
Tree Protocol (STP) Operation.
What is Spanning Tree Protocol (STP) Backbone Fast

The BackboneFast extension can dramatically decrease the convergence time of

the Spanning Tree Protocol (STP) in the event of an Indirect link (a link in any other
switch, which is not connected directly) failure, anywhere in the Spanning Tree Protocol
(STP) Topology.
What is Spanning Tree Protocol (STP) PortFast

We can use the feature called Spanning Tree Protocol (STP) Port Fast to speed up
convergence on ports which are connected to a workstation, a network printer or a server
(which are end devices and cannot cause layer 2 loops). Port Fast feature should be used
only to connect a single workstation to a switch port to avoid layer 2 switching loop.
Spanning Tree Port Fast feature causes a port to enter the forwarding state immediately, by
passing the listening and learning states.

When Spanning Tree Protocol (STP) is running, Port Fast ports on the same switch can
forward traffic between each other, but need to wait for Spanning Tree Convergence to
communicate with a port on which the Port Fast feature is disabled (normally a port
connected to another switch).

Never enable Port Fast on a Trunk port!

 How to configure and verify Spanning Tree Protocol (STP) PortFast

PortFast is a feature which can be used to speed up convergence on ports which are
connected to a workstation or a server (which will not cause layer 2 loops).

• To configure Spanning Tree Protocol (STP) PortFast on a Switch running IOS, run
"spanning-tree portfast" command as shown below.

SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#interface range fa0/1 - 20

SW1(config-if-range)#switchport mode access

SW1(config-if-range)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION %Portfast will be configured in 20 interfaces due to the range
command

but will only have effect when the interfaces are in a non-trunking mode.

SW1(config-if-range)#exit

SW1(config)#exit

%SYS-5-CONFIG_I: Configured from console by console

omnisecu.com.SW1#

• To view the configured Spanning Tree PortFast enabled ports, run the "show running-
config" IOS command as shown below. We can see that PortFast is enabled on access ports
fa0/1 to fa0/24.

SW1#show running-config

How to enable or disable Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) is enabled by default on modern switches. It is possible to

disable or enable the Spanning Tree Protocol (STP) when required.

To enable Spanning Tree Protocol (STP) on an IOS based switch, use the "spanning-tree
vlan vlan_number" command from global configuration mode as shown below.

switch01>enable
switch01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch01(config)#spanning-tree vlan 1
switch01(config)#exit
switch01#

To disable Spanning Tree Protocol (STP) on an IOS based switch use "no spanning-tree
vlan vlan_number" command from global configuration mode as shown below.

Note: Never disable Spanning Tree Protocol (STP) if there is no valid reason to disable it.

Disabling Spanning Tree Protocol (STP) can cause Broadcast Storms and Layer 2
Switching Loops, which can make your network down within a short span of time. Use
with extreme care.

switch01>enable
switch01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch01(config)#no spanning-tree vlan 1
switch01(config)#exit

What is Rapid Spanning Tree Protocol (RSTP)

The convergence time for legacy Spanning Tree Protocol (STP) IEEE 802.1D standard is
30 to 50 seconds. When the network is converging on a topology change, no traffic is
forwarded to or from any of the network bridges and switches.

In modern networks this Spanning Tree Protocol (STP) convergence time gap is not
acceptable and Cisco enhanced the original Spanning Tree Protocol (STP) IEEE
802.1D specification with features such as Port Fast, Uplink Fast and Backbone Fast to
speed up the Spanning Tree Protocol (STP) convergence time. But these were proprietary
enhancements.

The Rapid Spanning Tree Protocol (RSTP) IEEE 802.1W standard is available to address
the Spanning Tree Protocol (STP) convergence time gap issue. Rapid Spanning Tree
Protocol (RSTP) enables STP Root Ports and STP Designated Ports to change from the
blocking to forwarding port state in a few seconds.
Difference between Spanning Tree Protocol (STP) and Rapid Spanning Tree
Protocol (RSTP)

The main difference between Rapid Spanning Tree Protocol (RSTP IEEE
802.1W) and Spanning Tree Protocol (STP IEEE 802.1D) is that Rapid Spanning Tree
Protocol (RSTP IEEE 802.1W) assumes the three Spanning Tree Protocol (STP) ports
states Listening, Blocking, and Disabled are same (these states do not forward Ethernet
frames and they do not learn MAC addresses).

Hence Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) places them all into a new
called Discarding state. Learning and forwarding ports remain more or less the same.

• In Spanning Tree Protocol (STP IEEE 802.1D), bridges would only send out
a BPDU when they received one on their Root Port. They only forward BPDUs that are
generated by the Root Switch (Root Bridge).

Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) enabled switches send
out BPDUs every hello time, containing current information.

•Spanning Tree Protocol (STP IEEE 802.1D) includes two port types; STP Root
Port and Designated Port.

Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) includes two additional port types
called as alternate ports and backup ports.

An alternate port is a port that has an alternative path or paths to the Root Switch (Root
Bridge) but is currently in a discarding state (can be considered as an additional unused
Root Port). A backup port is a port on a network segment that could be used to reach the
root switch, but there is already an active STP Designated Port for the segment (can be
considered as an additional unused designated port).

Per-VLAN Spanning Tree (PVST) and Per-VLAN Spanning Tree Plus (PVST+)

The type of a single instance Spanning Tree Protocol (STP) is known as Common
Spanning Tree (CST).

Delay in receiving BPDUs is common in large switched Common Spanning Tree (CST)
networks. The delay in receiving BPDUs can cause problems like convergence time
problems. Per-VLAN Spanning Tree (PVST) is a solution for these problems. Per-VLAN
Spanning Tree (PVST) is a Cisco proprietary Spanning Tree Protocol (STP) which
operates a separate instance of Spanning Tree Protocol (STP) for each individual VLAN.
A separate instance of Spanning Tree Protocol (STP) for each VLAN helps VLAN to be
configured independently and also can perform better. Per-VLAN Spanning Tree (PVST)
requires Inter-Switch Link (ISL).

Per-VLAN Spanning Tree+ (PVST+) is an extension of the PVST standard. Per-VLAN

Spanning Tree+ (PVST+) allows interoperability between CST and PVST in Cisco
switches and support the IEEE 802.1Q standard.
What is Ether channel in Cisco Switches and Routers, What is Link Aggregation
and what are PAgP LACP

Ether Channel is a port link aggregation technology developed by Cisco, which provides
fault-tolerant high-speed links between Switches, Routers, and Servers. Ether Channel
technology allows multiple physical Ethernet links (Fast Ethernet or Gigabit Ethernet) to
combine into one logical channel.

Ether Channel technology allows grouping of several physical Ethernet links (Fast
Ethernet, Gigabit Ethernet, or 10 Gigabit Ethernet) to create one logical Ethernet link for
the purpose of providing fault-tolerance and high-speed links between switches, routers and
servers.

Ether Channel technology can be used to increase the bandwidth between two devices that
support Ether Channel technology and Ether Channel technology provides automatic
recovery for the loss of a link by redistributing the load across the remaining links. Ether
Channel technology allows automatic redirection of network traffic from the failed link to
the remaining links in Ether Channel.

An Ether Channel consists of individual Fast Ethernet or Gigabit Ethernet or 10-Gigabit

links bundled into a single logical link. The Ether Channel provides full-duplex bandwidth
up to 800 Mbps (Fast Ether Channel FEC) or 8 Gbps (Gigabit Ether Channel) or 10 Gbps
(10-Gigabit Ether channel 10 GEC) between Switches, Routers and Servers.

The main advantages of Ether Channel technology is that it allows load sharing of traffic
among the links in the channel as well as redundancy in the event that one or more links in
the Ether Channel fail.

Ether Channel is a Cisco Copyrighted term and the term which industry adopted is "Link
Aggregation".
There are two protocols used for negotiating Ether Channel and Link Aggregation. We can
configure Ether channel in three ways in Cisco Switches.

1. Port Aggregation Protocol (PAgP) - Cisco Proprietary protocol

2. IEEE Link Aggregation Protocol (LACP) - Industry Standard
3. Manual Ether channel Configuration - Without using any negotiation protocol listed
above

The Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) can
be used for Ether Channel negotiation. Port Aggregation Protocol (PAgP) is a Cisco
proprietary protocol. Therefore PAgP can be used to negotiate Ether Channels only
between Cisco switches.

Link Aggregation Control Protocol (LACP) is an industry standard defined in IEEE

802.3AD. Using Link Aggregation Control Protocol (LACP), Cisco switches can negotiate
Link Aggregation with switches from different vendors that support 802.3AD protocol.

Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) is used
by a Switch to learn the identity of partners, capability of partners and the interface
properties and capabilities. Port Aggregation Protocol (PAgP) or Link Aggregation Control
Protocol (LACP) groups similarly configured inte rfaces into a single logical link present
the group to Spanning Tree Protocol (STP) as a single switch port.
Ether Channel PAgP and LACP modes

Port Aggregation Protocol (PAgP) has two Channel modes and they are "Desirable" and
"Auto".

Link Aggregation Control Protocol (LACP) has two Channel modes and they are "Active"
and "Passive".

Port Aggregation Protocol (PAgP) Modes

Auto Mode: Auto mode in Port Aggregation Protocol (PAgP)) does not initiate the
negotiation, but responds to Port Aggregation Protocol (PAgP) packets initiated by other
end. Auto mode in Port Aggregation Protocol (PAgP) does not start Port Aggregation
Protocol (PAgP) packet negotiation

Desirable mode: Desirable mode in Port Aggregation Protocol (PAgP) initiates the
negotiation and tries to form Ether Channel with other end.

If you are using Port Aggregation Protocol (PAgP) for Ether Channel negotiation, Ether
Channel will be formed only if two ends are configured under following modes.

Desirable Auto

Desirable Yes Yes

Auto Yes No

Link Aggregation Control Protocol (LACP)

Active Mode: Active Mode in Link Aggregation Control Protocol (LACP) initiates the
negotiation and tries to form Ether Channel with other end.

Passive Mode: Passive Mode in Link Aggregation Control Protocol (LACP) does not
initiate the negotiation, but responds to Link Aggregation Control Protocol (LACP) packets
initiated by other end. Passive Mode in Link Aggregation Control Protocol (LACP) does
not start Link Aggregation Control Protocol (LACP) packet negotiation.

Active Passive

Active Yes Yes

Passive Yes No

Ether Channel "on" mode

Ether Channel "on" mode makes the interface into an Ether Channel without any
negotiation protocols like Port Aggregation Protocol (PAgP) or Link Aggregation Control
Protocol (LACP). When using a Ether Channel "on" mode, Ether Channel will be created
only when another interface group in Ether Channel "on" mode.

Switch interfaces exchange Port Aggregation Protocol (PAgP) packets only with partner
interfaces configured in the auto or desirable modes. Switch interfaces exchange Link
Aggregation Control Protocol (LACP) packets only with partner interfaces configured in
the active or passive modes. Interfaces configured in the "on" Channel mode do not
exchange Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol
(LACP).

How to configure Ether Channel Port Aggregation Protocol (PAgP) in Cisco

Switches

Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol. Therefore Port

Aggregation Protocol (PAgP) can be used to negotiate EtherChannels only between Cisco
switches.
Follow these steps to configure Ether Channel using Port Aggregation Protocol (PAgP) in
Cisco Switches. The ports which are going to be in Ether Channel must be in the shutdown
state while configuring the Ether Channel to prevent loops and other related problems.

Switch.SW1

SW1>enable

.SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#interface range gigabitEthernet 0/1 - 2

SW1(config-if-range)#channel-group 1 mode desirable

SW1(config-if-range)#channel-protocol pagp
SW1(config-if-range)#exit

SW1(config)#exit

Switch SW2

SW2>

SW2>enable

SW2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#interface range gigabitEthernet 0/1 - 2

SW2(config-if-range)#channel-group 1 mode desirable

SW2(config-if-range)#channel-protocol pagp

SW2(config-if-range)#exit

SW2(config)#exit

SW1(config-if-range)#channel-group 1 mode desirable specifies the Ether Channel Group

Number as 1 and the Port Aggregation Protocol (PAgP) Channel mode as Desirable

Run "show ip interface brief" from Global Configuration mode to find the new Ether
Channel virtual interface, Port-channel 1 as shown below.

SW2#show ip interface brief

Interface IP-Address OK? Method Status Protocol

<output_omitted>

GigabitEthernet0/1 unassigned YES unset up up

GigabitEthernet0/2 unassigned YES unset up up

Vlan1 unassigned YES unset administratively down down

Port-channel 1 unassigned YES unset up up

How to Configure Ether Channel Link Aggregation Control Protocol (LACP) in

Cisco Switch

Follow these steps to configure Ether Channel using Link Aggregation Control Protocol
(LACP) in Cisco Switches. The ports which are going to be in Ether Channel must be in
the shutdown state while configuring the Ether Channel to prevent loops and other related
problems.

Switch SW1
SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#interface range gigabitEthernet 0/1 - 2

SW1(config-if-range)#channel-group 1 mode active

SW1(config-if-range)#channel-protocol lacp

SW1(config-if-range)#exit

SW1(config)#exit

Switch SW2

SW2>enable

SW2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

.SW2(config)#interface range gigabitEthernet 0/1 - 2

SW2(config-if-range)#channel-group 1 mode active

SW2(config-if-range)#channel-protocol lacp

SW2(config-if-range)#exit

SW2(config)#exit

SW1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

<output_omitted>

GigabitEthernet0/1 unassigned YES unset up up

GigabitEthernet0/2 unassigned YES unset up up

Vlan1 unassigned YES unset administratively down down

Port-channel 1 unassigned YES unset up up

<output_omitted>

Manual Ether Channel Configuration in Cisco Switches Using Channel mode on

Follow these steps to configure Ether Channel manually using "on" in Cisco Switches. The
ports which are going to be in Ether Channel must be in the shutdown state while
configuring the Ether Channel to prevent loops and other related problems.
Switch.SW1

SW1>

SW1>enable

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#interface range gigabitEthernet 0/1 - 2

SW1(config-if-range)#channel-group 1 mode on

SW1(config-if-range)#exit

SW1(config)#exit

Switch SW2

SW2>enable

SW2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#interface range gigabitEthernet 0/1 - 2

SW2(config-if-range)#channel-group 1 mode on

SW2(config-if-range)#exit

SW2(config)#exit