STP_3switches2links_33

For this lab I will be using the STP Topology with the default link states shown above, however I have reduced the additional VLANs to 10 / 20 / 30, to generate less output when comparing STP behaviors from changing the Root Bridge on specific VLANs.

SW1 will be made the Root Bridge for VLAN 10, SW2 for VLAN 20, and SW3 for VLAN 30.

Lets get right into it with a review of two methods that a Root Bridge can be configured, which is either using “span vlan # root …” or with “span vlan # priority #” on the CLI, and how the two work differently.

 

Configuring the Root Bridge with the “Root Secondary” command

 

There are two “root” configuration commands shown here:

SW3(config)#span vlan 30 root ?
primary Configure this switch as primary root for this spanning tree
secondary Configure switch as secondary root

I wanted to touch the “root secondary” command first, as there is much less behaviors to this command to know of, and in fact there is only really one – Any VLAN that “span vlan # root secondary” is configured on dynamically decrements (lowers) the Priority Value of the local Bridge ID by 4096 below the default value of 32768.

For example, with SW1 being the current Root Bridge for VLAN 30, I’ll configure SW3 with the “root secondary” command to configure it as a “Secondary” Root Bridge:

Configuration

SW3(config)#span vlan 30 root secondary

Verification

SW3(config)#do sh span vlan 30

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 28702
Address 5897.1eab.ce00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28702 (priority 28672 sys-id-ext 30)
Address 5897.1eab.ce00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p
Fa1/0/5 Desg FWD 19 128.7 P2p
Fa1/0/6 Desg FWD 19 128.8 P2p

So it appears this Bridge has become the Root Bridge for VLAN 30.

That is because all other STP Bridges in the switched network must have a Priority value at or above the default of 32768.

The “root secondary” command decrements the Bridge ID Priority dynamically without considering any other Bridge IDs, it simply lowers the Priority from the default value of 32768 down by 4096, giving it a new STP Priority of 28672.

This value is seen in the parenthesis with the sys-id-ext, I will discuss the different values further down the post, but first lets hit “root primary” and demonstrate all of its quirks.

 

Configuring the Root Bridge with the “root primary” command

 

Issuing the “root primary” command on a switch dynamically changes the Priority on the local Bridge ID, by increments / decrements of 4096 (STP Priority incremental value) lower than the Root ID, however the value of how much it will decrement the priority depends on the Root ID and if it is at the default value of 32768.

If the Root ID is the default value of 32768, issuing “root primary” will lower it by two Priority decrements of 4096, for a total value of 8196.

If the Root ID is a non-default value (anything other than 32768), issuing “root primary” will lower the Priority by a decrement of 4096 lower than the Root ID for that VLAN.

First I’ll demonstrate the behavior of the Priority lowering by two decrements of 4096 when it is configured against a default Priority value, as right now every switch in the network has all default values for STP.

So lets change that:

Configuring SW2 as Root Primary for VLAN 20

SW2(config)#span vlan 20 root primary
SW2(config)#

Verification from SW3

SW3(config)#do sh span vlan 20

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 5897.1eab.c800
Cost 19
Port 5 (FastEthernet1/0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 5897.1eab.ce00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/3 Root FWD 19 128.5 P2p
Fa1/0/4 Altn BLK 19 128.6 P2p
Fa1/0/5 Altn BLK 19 128.7 P2p
Fa1/0/6 Altn BLK 19 128.8 P2p

I will dissect the different values of Priority shown in the output fully below, however it can be seen here that against the default value of 32768 it does indeed lower the Root ID by 8196 as the Root ID on SW3 but the Bridge ID stays at its default of 32768.

Verification from SW2

SW2(config)#do sh span vlan 20

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 5897.1eab.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24596 (priority 24576 sys-id-ext 20)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg FWD 19 128.4 P2p
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p

This shows that for this VLAN, both the Root and Bridge ID have been dynamically lowered by 8196, due to the original Root ID Priority value being 32768.

To overly prove this point beyond a reasonable doubt, that it is not just if the network is sitting in a default state with 32768 but the value itself triggers this behavior, I’ve manually configured the Priority on SW1 for VLAN 1 to the default value of 32768 then issued “span vlan 1 root primary” on SW2.

This the configuration and results for VLAN 1:

SW1(config)#span vlan 1 priority 32768
SW1(config)#
ASR#2
[Resuming connection 2 to sw2 … ]

SW2(config)#span vlan 1 root primary
SW2(config)#do sh span vlan 1

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 5897.1eab.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg LIS 19 128.4 P2p
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p

So even with the default value manually configured with the “priority” command, it jumped down two decrements, so this decrement of 8196 will happen in any scenario that the STP Root ID Priority value is 32768!

*BIG BREATH IN*

With that, there is yet ANOTHER behavior of the “root primary” command that is very important to know for exam day!

That behavior being with SW1 having the lowest MAC Address, so when two Priority values match, its lower MAC Address means that it will have the Superior BID.

What does this mean in terms of Root Bridge election?

This means that when you configure a switch that DOES NOT HAVE the Superior BID (lower MAC), it will set its Bridge ID to one decrement lower than the Priority value of the Root ID (unless the Root ID is 32768 as demonstrated), however if the switch DOES HAVE the Superior BID (lower MAC) it will only adjust its Bridge ID to the Root ID value and take over without lowering the Priority value.

If you are wondering what on Earth I just said, I am not entirely sure either, this concept is so confusing without demonstrating the behavior so I will just do that!

So to begin, I will configure SW1 as the “root primary” for VLAN 10, even though it already is the Root Bridge due to its Superior BID (lowest MAC) of all 3 switches:

Configuration and Verification from SW1

SW1(config)#span vlan 10 root primary
SW1(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg FWD 19 128.4 P2p
Fa1/0/5 Desg FWD 19 128.7 P2p
Fa1/0/6 Desg FWD 19 128.8 P2p

One thing I wanted to highlight in red to point out, even though SW1 was already the Root Bridge for VLAN 10, when I issued “span vlan 10 root primary” it still lowered the Priority by 8196, so that will happen ANY TIME THE ROOT ID IS 32768!

That being said, lets go make SW2 that Primary Root for VLAN 10 and see what happens:

Initial Verification on SW2 for VLAN 10 before config

SW2(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p

Watch the Root / Bridge ID’s throughout these outputs, as this is where the behavior is going to come into play!

So here we see the Root ID is of course changed to 8196 lower than the default 32768, and the Bridge ID has not changed on this switch from its default Bridge ID, as it has not had any Priority changes for this VLAN until I issued the following:

Configuration and new Verification values for VLAN 10 on SW2

SW2(config)#span vlan 10 root primary
SW2(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 20490
Address 5897.1eab.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 20490 (priority 20480 sys-id-ext 10)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg LIS 19 128.4 P2p
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p

SW2 before it was configured “root primary” for VLAN 10:

  • Root ID: 24586
  • Bridge ID: 32778

SW2 after it was configured as “root primary” for VLAN 10:

  • Root ID: 20490
  • Bridge ID: 20490

This is to clearly visualize that SW2 has lowered its local Bridge ID to 4096 lower than the Root ID Priority value from SW1!

This is very important to clearly understand that SW2 dynamically decremented its Bridge ID by 4096 lower than the Root ID of SW1, and set its own Root ID to the same Priority (obviously).

This is where things get interesting, when we go back over to SW1, and make that the “root primary” once again. I will show the before and after verification once again:

Initial verification of VLAN 10 on SW1

SW1(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 20490
Address 5897.1eab.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
Fa1/0/5 Desg FWD 19 128.7 P2p
Fa1/0/6 Desg FWD 19 128.8 P2p

First note the Bridge ID Priority did not dynamically change back to the default once another Bridge became the Root, so once it changes dynamically, that’s the value it stays at unless changed dynamically… like this:

Configuration and Verification of “root primary” on SW1 for VLAN 10

SW1(config)#span vlan 10 root primary
SW1(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 20490
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 20490 (priority 20480 sys-id-ext 10)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg LIS 19 128.4 P2p
Fa1/0/5 Desg FWD 19 128.7 P2p
Fa1/0/6 Desg FWD 19 128.8 P2p

I color coded the matching values in red and the only different value in blue, to visually clarify what is happening, as shown in this bullet points below.

SW1 before it was configured “root primary” for VLAN 10:

  • Root ID: 20490
  • Bridge ID: 24586

SW2 after it was configured as “root primary” for VLAN 10:

  • Root ID: 20490
  • Bridge ID: 20490

It did not change to a value below the Root ID like SW2 did, instead it just changed its own Bridge ID for SW1 to that of the Root ID and took over as Root Bridge for VLAN 10, because it has the Superior BID – 20490:1ce6.c7c1.c800

This is a huuuuge caveat to watch for on exam day!

It goes back to the top 2 things that matter in a Root Bridge election:

  • Lowest Priority wins the election, if tied
  • Lowest MAC Address wins the election, if tied
  • Etc!

For thrills I’ll make SW2 the “root primary” for VLAN 10 once more, just to confirm this behavior is only happening on SW1:

Initial Verification

SW2(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 20490
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 20490 (priority 20480 sys-id-ext 10)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p

Keep in mind the local Bridge ID doesn’t dynamically change back, and SW1 didn’t lower the Root ID Priority, so this switch initially shows the Root and Bridge ID to be the same WITHOUT BEING THE ROOT BRIDGE!

Configuration and Verification

SW2(config)#span vlan 10 root primary
SW2(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 16394
Address 5897.1eab.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 16394 (priority 16384 sys-id-ext 10)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg LIS 19 128.4 P2p
Fa1/0/3 Desg FWD 19 128.5 P2p
Fa1/0/4 Desg FWD 19 128.6 P2p

One more bullet point style for this change now on SW2:

Before:

  • Root ID: 20490
  • Bridge ID: 20490

After:

  • Root ID: 16394
  • Bridge ID: 16394

So again the Bridge with the non-Superior BID / Higher MAC Address, SW2 decrements the local Bridge ID by 4096 from the original Root ID Value, and takes over as Root Bridge for VLAN 10.

If this was happening between SW2 and SW3, each time the command was issued on the opposite Bridge, the Priority value would be decremented rather than what is happening here with SW2 being the only Bridge needing to lower Priority to become the Root.

ENOUGH OF THAT CONCEPT!

As there is one more much lighter concept to touch on with “root primary” behaviors, as its dynamic behavior is to lower priority in decrements of 4096, and will continue to lower the Priority by 4096 until it hits the Priority value 0.

That is, unless another Root Bridge already has the Priority of a VLAN set to 0, as shown here I manually configured SW1 to Priority 0 so “root primary” can change it no further:

SW1(config)#span vlan 10 priority 0
SW1(config)#
ASR#2
[Resuming connection 2 to sw2 … ]

SW2(config)#span vlan 10 root primary
% Failed to make the bridge root for vlan 10
% It may be possible to make the bridge root by setting the priority
% for some (or all) of these instances to zero.
SW2(config)#

So the switch tells you in this order:

  • I failed to make this Bridge the Root Bridge for VLAN #
  • Try using the “Priority” command as it works better for this sort of thing
  • Assume all Bridges are set to Priority 0, trust no one

The exam probably won’t tell you this on the CLI for any simulators or simlets, so its good to remember for exam day the reasons why “root primary” would fail without it returning any error at all, and the error output also segways into the next method of Root Bridge configuration (finally!) – Priority Configuration!

 

Configuring the Root Bridge with the “priority” command

 

This is an outright manual configuration of Priority, whereas the “root” commands dynamically changed it to their respective values, so if asked on exam day which command is best suited for setting a Root Bridge (outside of BPDU / Root Guard configs) you will use the “priority” command for per VLAN configuration!

Its a pretty straight forward configuration, so I won’t beat the dead horse on this configuration as it really has few behaviors outside of making “root primary” fail on any other switches for the VLAN.

Being that I made VLAN 10 on SW1 Priority 0 already, I’ll stick with that when demonstrating it here:

SW1(config)#
SW1(config)#span vlan 10 priority ?
<0-61440> bridge priority in increments of 4096

This should that Priority can only be entered in increments / decrements of 4096, in the range of 0 – 61440, the value 4096 happens to also to be the max value of a VLAN number.

Coincidence? I think not.

So I tried to configure a priority of 25, because I didn’t want to enter an increment of 4096 or set it to 0, and this is the error the CLI kicks back:

SW1(config)#span vlan 10 priority 25
% Bridge Priority must be in increments of 4096.
% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
SW1(config)#

That is pretty sweet, not only does it tell you the incremental # that must be used to configure the Priority, but it also lists every single increment that can be used – 16 of them in total!

So I set VLAN 10 on SW1 to Priority 0, and verify what impact it has on the “sh span vlan 10” verification output:

SW1(config)#span vlan 10 priority 0
SW1(config)#do sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 10
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 10 (priority 0 sys-id-ext 10)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg FWD 19 128.4 P2p
Fa1/0/5 Desg FWD 19 128.7 P2p
Fa1/0/6 Desg FWD 19 128.8 P2p

With this example, the separation of core Priority value from Bridge ID Priority becomes more apparent, and what is up with that sys-id-ext # becoming the Root and Bridge ID #?

I am glad you asked!

 

STP Priority vs Bridge ID Priority vs STP BID

 

I will use VLAN 20 from SW1 to dissect the “sh span vlan #” output to explain the different Priority values, as it better illustrates some different values mentioned throughout this post:

SW1(config)#do sh span vlan 20

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 5897.1eab.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
Fa1/0/5 Desg FWD 19 128.7 P2p
Fa1/0/6 Desg FWD 19 128.8 P2p

Highlighted in blue are the two values which make up that Bridge ID Priority (and Root ID Priority), by combining the STP Priority value (increments of 4096) + the sys-id-ext (vlan #), you get the Bridge ID Priority which in this case is the default Priority 32768 + 20 giving the Bridge ID Priority a value of 32788.

From the Root ID Priority, being that we are looking at VLAN 20 it can be concluded that the STP Priority value set on the Root Bridge is 24596 – 20, giving the Bridge ID Priority of 24576 for the Root Bridge (for VLAN 20 at least).

Speaking of VLANs, it was mentioned above that the Priority increments of 4096 was no coincidence, and that is because is is reserved to accommodate full VLAN range of #’s 1-4094 to allow the creation of the Bridge ID.

Within a BID is a 4-bit field defining the STP Priority value of 0 – 61440, a 12-bit field defining the VLAN or sys-id-ext value of 1-4094, followed by a 48-bit field for the Bridge MAC Address.

So the BID is the Priority Value + sys-id-ext contained within the parenthesis, this combination of Priority + VLAN # makes up the Bridge ID Priority value, which then gets the MAC Address attached to it for as a tie breaker and this is how the BID is formed!

The BID is then, of course, distributed throughout the switched network via BPDUs.

AND THAT IS ALL THERE IS TO IT!

Easy points on exam day! Go get em!!