This is an example of STP doing what it does best, and that is putting the Amber lit port 2 in “Blocking” state, to prevent a Switching Loop from forming. This is the logical Topology for a better idea of what’s plugged into what:

Logical STP Top

This post is focused on the “original” STP, all the fundamentals / behaviors / defaults will be covered in this post, there will be minimal CLI output samples. 

If you did not recently pass your CCNA, these fundamentals are absolutely critical, as STP is such an important layer 2 protocol. However, the next post will be a lot of labbing to demonstrate configuration / verification commands, and using debugs to review STP events for troubleshooting!

Spanning Tree Protocol Fundamentals

Unlike Layer 3 Routing protocols that utilize and actually benefit from extra links being utilized for traffic load balancing to the same destination, whereas at Layer 2 redundant links can lead to Switch loops, given the frame flooding behavior for Unknown Unicast Frame traffic as demonstrated below in a quick mock up scenario of how STP is made specifically for that Switch behavior.

Spanning-Tree Protocol maintains a constantly updated view of the network courtesy of BPDU’s being generated by all switches, sharing Root Path cost information (the best path back to the Root Bridge), which helps in the determination of redundant links that may cause switching loops – These are put into Blocking mode as a sort of reserved backup link if the operational ones go down.

Spanning Tree comes in two flavors, the original known by a couple different names, PVST (Per VLAN Spanning-Tree), as well as being called by its RFC # 802.1D STP. This will be more for your Core or Distribution Layer switches, as it takes 50 seconds to transition from Blocking to Forwarding state so it is not ideal for end user Access Layer switches that will have devices being plugged into them often.

Although on customer networks I’ve seen RSTP is used on all switches for minimal downtime due to any Switch link failures, so with the right amount of Physical Security to your Switch Stacks and tight restrictions of remote access RSTP is a good option for quick dynamic fixes via STP!

The second flavor of Spanning-Tree is RSTP (Rapid Spanning-Tree Protocol) or also known as 802.1W STP, which will have its own post, but a general overview of its usage is on Access-Layer switches that end users plug into, as it transitions to a Forwarding state much faster than PVST / 802.1D STP.

Why do we need Spanning-Tree running?

Consider the following Topology if Spanning-Tree were not configured on this network:


Note all Hosts are on a shared Ethernet segment for their side of the switches.

Now Host A needs to send traffic destined for Host C, however none of the switches have either MAC Address in their MAC or CAM tables, which may happen if both hosts have been inactive for more than the 300 second default age-out timer, or possibly just joined the switched network.

When it sends out the ARP Frame which is received by all 3 switches as they are on a shared Ethernet segment (along with host B receiving and discarding it), all 3 switches will perform the following steps:

  • Check the source MAC, if it is not in the Address table it dynamically adds it
  • Checks its MAC or CAM table for the destination address, if none is found it will flood an Unknown Unicast Frame out all interfaces in that interfaces VLAN (including Trunks), except for the interface it was received on
  • All 3 switches send out Unknown Unicast Frames onto the remote Ethernet segment so they will all get a copy of the Unknown Unicast
  • The switches will look at the source MAC first (as it always does) and see the source MAC for Host A is now on the opposite sides Ethernet segment, and dynamically update the MAC table accordingly
  • The Unknown Unicast is then put back onto Host A’s shared Ethernet segment and again the switches update their MAC table, and repeat this process repeatedly while also hammering the hosts with these Frames as well
  • Host C will not be able to respond, because by the time it can, the switch see’s the source MAC for Host A is on the same interface Host C is coming in on, and discard the Frame

This will not immediately shut down the network, but slowness will build over time as the Frames continue to flood similar to a broadcast storm (like a layer 2 broadcast storm), so it won’t lock up the network but will slowly degrade performance over time.

So, this is why Spanning-Tree is used across all different vendors switches that I have worked on, of course including Cisco!

Root Bridge Election and Bridge ID’s (BID’s) role in the election process

At the very beginning of an election if all switches are powered up at once, they all believe they are the Root Bridge until one of them wins the Root Bridge Election.

The Root Bridge election process is based both on the Bridge ID or BID, which contains the default Priority value of 32768, which in the case of all my switches it adds +1 to that default value making all of my switch Priority 32769 with the sys-id-ext shown here:

SW1#sh span

Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0017.5aa8.a600
Cost 19
Port 6 (FastEthernet1/0/4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p

Fa1/0/4 Root FWD 19 128.6 P2p


I’ve also highlighted the MAC addresses along with the Root ID (Priority of the Root Bridge) and the Bridge ID (Priority of the local switch), so the MAC address is the tie breaker for Root Bridge election based on whichever switch has the lowest MAC Address value wins the election as seen in the output (all 3750’s have a higher MAC value than my 3560 so that became the Root Bridge).

Also highlighted toward the bottom to demonstrate the info you get from “sh span” is local bridge / root bridge at the top, and STP interface States / Costs / Link types / etc.

So the BID is sent as a combination of both the local switches Bridge Priority value (which can be manually changed to influence the election), which is a 2-byte value for Priority including the 6-byte MAC Address of the local switch in the format below.

Bid format: 32769:0017.5aa8.a600

The Priority value is the first consideration of the BID, so it will be in front, followed by the MAC address to serve as a tie breaker behind it. To influence which switch is elected Root Bridge, the Priority can be changed on the switch desired to be the root, as the MAC address cannot be changed.

*** Important note on the Election Process ***

The election never really fully ends, as BDPU’s are constantly being generated, and if a new switch is plugged into the network with superior Priority or a lower MAC address than the current Root, it will send out its BID to the switched network and become the Root Bridge.

The 2 different types of BPDU’s, and what they are used for

There are two types of BPDU’s for 802.1D STP, for the purpose of the election I will focus on the “Configuration BPDU”, however here is a quick note on all three of them:

  • Configuration BPDU (CBPDU) – Only originates from the Root Bridge once elected, provides information to all non-Root bridges (switches) such as STP timers, along with calculating STP values by running the STA (Spanning-Tree Algorithm) to detect any possible loops, come up with Root Path costs (cost from remote switch to Root), etc.
  • Topology Change Notification BPDU (TCN) – Triggered by any detected change in the network on the switch, creates the TCN BPDU and sends it to neighbor switches

By default BPDU’s are generated every 2 seconds for rapid convergence, and a multicast to the “well known” MAC address 01:80:C2:00:00:00

802.1D STP Port States, and their behaviors during the Root Bridge Election

There is quite a few that are important to be very clear on, so I’ll bullet point them:

  • Blocking state – Ports go into Blocking state during the Root Bridge Election, if a better path to the Root Bridge is learned, or if it is not a Designated or Root port. Ports in blocking state DO NOT forward and actually discard incoming Frames, but listens and processes BPDU’s – It remains in this state for 20 seconds before moving into a “Listening” state
  • Listening state – Root and Designated ports will go into “Listening” state after the initial blocking state (all non-root / designated ports will stay in “Blocking” state), discarding frames from its local network segment as well as Frames received for forwarding, the switch is only “Listening” for BPDU’s and processing the information they contain. After 15 seconds, it moves into the “Learning” state
  • Learning state – The port still is not forwarding Frames, but is processing the Frames without forwarding them to build its MAC table, also still listens for and processes incoming BPDU’s
  • Forwarding state – The port is now Forwarding frames on to their destinations, while still processing Frames to keep the MAC table updated and processing BPDU’s
  • Disabled state – Does not forward or participate in STP, considered to be a non-functioning port

Some trends to point out, the ports are not passing traffic until it makes it to the “Forwarding” state as a Root or Designated Port, and we have a few default times of 20 seconds for “Blocking” state and 15 seconds for both “Listening” and “Learning”.

This is actually the reason RSTP was created, because the amount of time that PVST / 802.1D takes to change from Blocking to Forwarding is 50 seconds, and that is equivalent to decades on a production network – However that will be covered in another post specifically for RSTP.

What is a Root Port, a Designated Port, and a Blocking Port?

One important and pretty basic fact if you have ever taken the CCNA, Root Bridges will only contain Designated / Forwarding ports, whereas non-root Bridges can contain Designated / Root / Blocking.

A Root port indicates that is the lowest cost (Root Path) back to the Root Bridge.

A Designated port is considered loop free and allowed to Forward LAN traffic to its local segment or to fellow LAN switches

A Blocking port is a redundant link that may introduce switching loops, so it does not Forward frames, but serves as a backup path in the event of a Topology change that requires it to go into a Forwarding mode

STP Root Path Cost Calculation and how it is determined

Lowest Cost is determined by the speed of the links between switches, faster links are assigned lower costs, for 802.1D STP link speed cost is as follows:

  • 10 MBPS = 100
  • 100 MBPS = 19
  • 1 GBPS = 4
  • 10 GBPS = 2

All non-Root bridges (switches) have to determine their Root port based on the incoming BPDU’s Cost back to the Root Bridge, the interface with the lowest cost back to the Root Bridge is set as the Root port, and any other loop-free ports are Designated ports.

Switches will only have 1 Root port, as there can only be one best path back to the Root Bridge, however the Root Bridge itself has NOTHING to do with non-Root switches Root port determination or calculating its Root Path back to the Root Bridge.

And that is all I got!

That is the gigantic chunk of theory / defaults / behaviors that just absolutely need to be known for exam day, next post I anticipate to be more lab heavy, as referencing documents and cross checking their accuracy for hours has my brain melting.

So next post I have all the dry but important information out of the way, we can break STP on my home switch lab, it will be great fun 🙂