In my studying for the CCNA Tech Assessment that one must pass to continue with the VTIP/CTIP program, I’ve done a lot of review on basic CCNA concepts. My primary weakness, not so much with the configuration, but with some of the detailed information, is with Spanning Tree Protocol.
For those who don’t know, STP is a layer 2 loop prevention mechanism. STP is designed to mitigate broadcast storms and the 2nd and 3rd wave effects that occur as a result.
There are many versions of STP, but the primary ones that I’m going to cover are the original 802.1D standard and the 802.1w standard.
802.1D was released in 1999 by IEEE as the original spanning tree protocol. In 2001, as an amendment to the original standard, 802.1w was defined. In 2004, IEEE combined the 2 standards into one publication known 802.1D-2004, which can be found here: https://ieeexplore.ieee.org/document/1309630/
802.1d and 802.1w share primary mechanisms for loop prevention. STP and RSTP do the following:
- Calculate the root switch (root bridge)
- For non-root bridges, calculate the cost to the root bridge.
- Determine designated ports for dedicated collision domains.
- Disable, or block ports which would create layer 2 loops.
Root Bridge Selection
The root bridge is selected based on two things. The first is the STP priority, which by default is 32768, and can be incremented in values of 4096.
The switch with the lowest priority will become the root bridge.
However, if there is a tie, the switch with the lowest MAC address, will become the root bridge.
802.1d (STP) and 802.1w (RSTP) share this selection process for the root bridge.
The root cost is calculated for each link with a path to the root bridge. The root cost is used to decide which port will get priority for forwarding over another, based on who has the best cost to the root.
The cost is calculated as the cumulative cost of all links in the path to the root.
The following table defines the cost based on link speed:
[table id=7 /]
If there is a tie between path costs, the lowest port ID is used as the tiebreaker.
But How Does it Determine This?
Simple, Bridge Protocol Data Units, or BPDUs. During the initial convergence of STP, switches will send out STP BPDUs which contain some necessary information.
Inside these BPDUs, you can find the priority, perhaps an extended system id (for RPVST+ or PVST), as well as information about the current root bridge, the sender, cost to the root bridge and any timers.
Here is a breakdown the STP Bridge ID:
Here is a breakdown of STP Hello Messages:
Using these messages, this is how STP is able to build a topology and determine which ports should be forwarding and which ports should be blocking/discarding.
STP Port States:
STP has a total of 4 port states, two of which are used only during the STP convergence time frame. The below table lists port states and when they are used.
[table id=5 /]
In the event of a network change, STP will transition a port from blocking to listening and learning, after which it will transition the port to forwarding.
It is important to note that this total process takes about 50 seconds in the original 802.1D standard, 802.1w (RSTP) makes some significant improvements in this. RSTP also transitions the port directly from blocking to learning, as listening is not a state in RSTP.
The following roles are used by 802.1w (RSTP):
[table id=8 /]
Portfast – portfast is a mechanism for immediately placing ports into a forwarding state. This should only be used for edge ports, or end-user device ports which will never participate in the switching of frames in large.
BPDUGuard – BPDUGuard goes hand-in-hand with portfast. Portfast is great, however, what if a malicious actor plugs in a switch or a network administrator inadvertently plugs a switch into the wrong port? BPDUGuard will disable the port upon the receiving of BPDUs. BPDU guard makes the assumption that we should never receive BPDUs on edge ports.
I think that covers, at least for the most part, the important concepts and operation of STP, If I missed something, don’t be afraid to call me out!
To change the mode of spanning tree:
spanning-tree mode [mode]
To change the priority of the current Switch, you have two options:
spanning-tree priority vlan [vlan-id/range] root [primary | secondary]
spanning-tree priority vlan [vlan-id/range] [priority]
The first command mentioned above will take the information about the current root bridge and change the priority to be 4096 below that of the root bridge, ensuring that it will become the root. The same goes for secondary, however it is 4096 above the root bridge.
To enable portfast on all edge ports, by default, this is something I always do by the way:
spanning-tree portfast default
To enable BPDUGuard, which is something you should definitely do if using portfast:
spanning-tree portfast bpduguard default
If for some reason you need to modify the cost of an interface, in interface configuration mode:
spanning-tree cost [value]
Some verification commands:
show spanning-tree vlan [vlan-id]
show spanning-tree vlan [vlan-id] bridge
show spanning-tree summary
show spanning-tree interface [interface-name]
show spanning-tree root
If these don’t suffice, you can find the configuration guide here: