Overview
This module introduces the fundamentals of Spanning Tree Protocol (STP) in a switched network. It explains how the root bridge and its backup are elected, and also covers features for enhancing STP performance, such as Rapid STP (RSTP) and Multiple STP (MSTP). In addition, you will learn how EtherChannel is configured and how it interoperates with STP. The module provides guidelines on improving STP resiliency when network faults occur.
3.1 Describing STP
3.1.1 Describing Transparent Bridges
Switches have replaced bridges as the network device for implementing transparent bridging in modern networks. The basic functionality of a switch is identical to that of a transparent bridge on a per-VLAN basis. To understand STP, it is helpful to look at the behavior of a transparent bridge without spanning tree.
A transparent bridge has these characteristics:
It must not modify the frames that are forwarded.
It learns addresses by “listening” on a port for the source address of a device. When a source MAC address is read in frames coming into a specific port, the bridge assumes that the frames destined for that MAC address can be sent out of that port. The bridge then builds a table that records which source addresses are seen on which port. A bridge is always listening and learning MAC addresses in this manner.
It must forward all broadcasts out of all ports, except for the port that initially received the broadcast.
If a destination address is unknown to the bridge, it forwards the frame out of all ports, except for the port that initially received the frame. This is called unicast flooding.
Transparent bridging must be transparent to the devices on the network. End stations require no configuration. The existence of the bridging protocol operation is not directly visible to the end stations.
As with traditional shared Ethernet, transparent bridges inherently lack the capability to provide redundancy. STP provides a mechanism in the Ethernet transparent bridge environment to discover the Layer 2 topology dynamically and to ensure that there is only one path through the network. Without STP, there is no way to make a transparent bridge environment redundant. STP also protects a network against accidental miscablings because it prevents unwanted bridging loops.
Note:
The spanning tree algorithm is implemented in other media types, such as Token Ring. STP has a different purpose and function in Token Ring than in Ethernet, because bridging loops can be desirable in Token Ring.
3.1.2 Identifying Traffic Loops
A bridge loop occurs when there is no Layer 2 mechanism, such as time-to-live, to manage the redundant paths and stop the frame from circulating endlessly. 
Station A has two potential paths to station B via the two intermediate bridges.
Figure 
describes what happens when station A sends frames to station B if there are no provisions to deal with redundant paths enabled.
3.1.3 Explaining a Loop Free Network
In a loop free network, the network cannot create Layer 2 broadcast storms or flooded unicast storms. A loop free network can be achieved manually by shutting down or disconnecting all redundant links between bridges. However, this leaves no redundancy in the network and requires manual intervention in the event of a link failure.
STP resolves this problem: If there are alternative links to a destination on a switch, only one link is used to forward data. The switch ports associated with the alternative paths remain aware of the network topology and forward frames over an alternative link if a failure occurs on a primary link.
The spanning tree algorithm (STA) runs on each switch to activate or block redundant links. To find the redundant links, the STA chooses a reference point in the network and determines if there are redundant paths to that reference point. If the STA finds a redundant path, it chooses which path forwards frames and which paths are blocked. This effectively severs the redundant links within the network until they are needed when the primary link toward the reference point fails.
Spanning tree standards often refer to a “bridge,” but it is likely that all the devices exchanging spanning tree information are Layer 2 switches.
3.1.4 Describing the 802.1D Spanning Tree Protocol
With 802.1D STP, switches reconfigure the paths over which they forward frames, thereby creating a loop free path when there are redundant switch paths through the network. This is accomplished by forwarding traffic over specific ports and by blocking traffic from being forwarded out of other ports. STP prevents loops by using the following mechanisms:
STP communicates Layer 2 information between adjacent switches by exchanging bridge protocol data unit (BPDU) messages.
A single root bridge is chosen to serve as the reference point from which a loop free topology is built for all switches exchanging BPDUs.
Each switch, except for the root bridge, selects a root port that provides the best path to the root bridge.
In a triangular design similar to the one in Figure
, on the link between the two nonroot switch ports, a port on one switch becomes a designated port, and the port on the other switch is in a blocking state and does not forward frames. This effectively breaks any loop. Typically, the designated port is on the switch with the best path to the root bridge.
STP sends BPDUs out of every port of the bridge.
The information provided in a BPDU includes the following:
Root ID: The lowest bridge ID (BID) in the topology
Cost of path: Cost of all links from the transmitting switch to the root bridge
BID: BID of the transmitting switch
Port ID: Transmitting switch port ID
STP timer values: Maximum age, hello time, forward delay
BPDUs contain the required information for STP configuration. The Type field for the BPDU message is 0x00, and it uses the multicast MAC address 01-80-C2-00-00-00.
3.1.5 Describing the Root Bridge
STP uses a root bridge, root ports, and designated ports to establish a loop free path through the network. The first step in creating a loop free spanning tree is to select a root bridge to be the reference point that all switches use to establish forwarding paths. The STP topology is converged after a root bridge has been selected, and each bridge has selected its root port, designated bridge, and the participating ports. STP uses BPDUs as it transitions port states to achieve convergence.
Spanning tree elects a root bridge in each broadcast domain on the LAN. Path calculation through the network is based on the root bridge. The bridge is selected using the bridge ID (BID), which consists of a 2-byte Priority field plus a 6-byte MAC address. In spanning tree, lower BID values are preferred. The Priority field value helps determine which bridge is going to be the root and can be manually altered. In a default configuration, the Priority field is set at 32768. When the default Priority field is the same for all bridges, selecting the root bridge is based on the lowest MAC address.
The root bridge maintains the stability of the forwarding paths between all switches for a single STP instance. A spanning tree instance is when all switches exchanging BPDUs and participating in spanning tree negotiation are associated with a single root. If this is done for all VLANs, it is called a Common Spanning Tree (CST) instance. There is also a Per VLAN Spanning Tree (PVST) implementation that provides one instance, and therefore one root bridge, for each VLAN.
The BID and root ID are each 8-byte fields carried in a BPDU. These values are used to complete the root bridge election process. A switch identifies the root bridge by evaluating the root ID field in the BPDUs that it receives. The unique BID is carried in the Root ID field of the BPDUs sent by each switch in the tree.
When a switch first boots and begins sending BPDUs, it has no knowledge of a root ID, so it populates the Root ID field of outbound BPDUs with its own BID.
The switch with the lowest numerical BID assumes the role of root bridge for that spanning tree instance. If a switch receives BPDUs with a lower BID than its own, it places the lowest value into the Root ID field of its outbound BPDUs.
Spanning tree operation requires that each switch have a unique BID. In the original 802.1D standard, the BID was composed of the Priority Field and the MAC address of the switch, and all VLANs were represented by a CST. Because PVST requires that a separate instance of spanning tree run for each VLAN, the BID field is required to carry VLAN ID (VID) information, which is accomplished by reusing a portion of the Priority field as the extended system ID.
To accommodate the extended system ID, the original 802.1D 16-bit Bridge Priority field is split into two fields, resulting in these components in the BID 
:
Bridge Priority: A 4-bit field that carries the bridge priority. Because of the limited bit count, priority is conveyed in discrete values in increments of 4096 rather than discrete values in increments of 1, as they would be in a full 16-bit field. The default priority, in accordance with IEEE 802.1D, is 32,768, which is the mid-range value.
Extended System ID: A 12-bit field that carries the VID for PVST.
MAC address: A 6-byte field with the MAC address of a single switch.
By virtue of the MAC address, a BID is always unique. When the priority and extended system ID are appended to the switch MAC address, each VLAN on the switch can be represented by a unique BID.
If no priority has been configured, every switch has the same default priority and the election of the root for each VLAN is based on the MAC address. This is a fairly random means of selecting the ideal root bridge and, for this reason, it is advisable to assign a lower priority to the switch that should serve as root bridge.
Only four bits are used to set the bridge priority. Because of the limited bit count, priority is configurable only in increments of 4096. 
A switch responds with the possible priority values if an incorrect value is entered:
Switch(config)#spanning-tree vlan 1 priority 1234
% Bridge Priority must be in increments of 4096.
% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
If no priority has been configured, every switch will have the same default priority of 32768. Assuming all other switches are at default priority, the spanning-tree vlan vlan-id root primary command sets a value of 24576. Also, assuming all other switches are at default priority, the spanning-tree vlan vlan-id root secondary command sets a value of 28672.
The switch with the lowest BID becomes the root bridge for a VLAN. Specific configuration commands are used to determine which switch will become the root bridge.
A Cisco Catalyst switch running PVST maintains an instance of spanning tree for each active VLAN that is configured on the switch. A unique BID is associated with each instance. For each VLAN, the switch with the lowest BID becomes the root bridge for that VLAN. Whenever the bridge priority changes, the BID also changes. This results in the recomputation of the root bridge for the VLAN.
To configure a switch to become the root bridge for a specified VLAN, use the spanning-tree vlan vlan-ID root primary command. 
CAUTION:
Spanning tree commands take effect immediately, so network traffic is disrupted while the reconfiguration occurs.
A secondary root is a switch that may become the root bridge for a VLAN if the primary root bridge fails. To configure a switch as the secondary root bridge for the VLAN, use the command spanning-tree vlan vlan-ID root secondary. Assuming that the other bridges in the VLAN retain their default STP priority, this switch will become the root bridge in the event that the primary root bridge fails. This command can be executed on more than one switch to configure multiple backup root bridges.
BPDUs are exchanged between switches, and the analysis of the BID and root ID information from those BPDUs determines which bridge is selected as the root bridge. 
and 
In the example shown, both switches have the same priority for the same VLAN. The switch with the lowest MAC address is elected as the root bridge. In the example, switch X is the root bridge for VLAN 1, with a BID of 0x8001:0c0011111111.
3.1.6 Describing Port Roles
On a nonroot bridge, the spanning tree determines each port’s role in the topology and the most desirable forwarding path for data frames as the switch receives BPDUs on the ports. There are four 802.1D port roles. and .
Each Layer 2 port on a switch running STP exists in one of these five port states :
Blocking: The Layer 2 port is a nondesignated port and does not participate in frame forwarding. The port receives BPDUs to determine the location and root ID of the root switch and which port roles (root, designated, or nondesignated) each switch port should assume in the final active STP topology. By default, the port spends 20 seconds in this state (max age).
Listening: Spanning tree has determined that the port can participate in frame forwarding according to the BPDUs that the switch has received. At this point, the switch port is receiving BPDUs and also transmitting its own BPDUs and informing adjacent switches that the switch port is preparing to participate in the active topology. By default, the port spends 15 seconds in this state (forward delay).
Learning: The Layer 2 port prepares to participate in frame forwarding and begins to populate the CAM table. The port is still sending and receiving BPDUs. By default, the port spends 15 seconds in this state (forward delay).
Forwarding: The Layer 2 port is considered part of the active topology. It forwards frames and also sends and receives BPDUs.
Disabled: This is not really an STP state; rather it is the state resulting from administratively shutting down a switch port. In this state, the Layer 2 port does not participate in spanning tree and does not forward frames.
STP uses timers to determine how long to transition ports. STP also uses timers to determine the health of neighbor bridges and how long to cache MAC addresses in the bridge table.
The timers operate as follows:
Hello timer: Determines how often root bridge sends configuration BPDUs. The default is 2 seconds.
Maximum Age (Max Age): Tells the bridge how long to keep ports in the blocking state before listening. The default is 20 seconds.
Forward Delay (Fwd Delay): Determines how long to stay in the listening state before going to the learning state, and how long to stay in the learning state before forwarding. The default is 15 seconds.
The root bridge informs the nonroot bridges of the time intervals to use and the STP timers can be tuned based on network size. The default parameters give STP ample opportunity to ensure a loop-free topology. Mistuning the parameters can cause serious network instability.
Nonroot bridges place various ports in their proper roles by listening to BPDUs as they come in on all ports. Receiving BPDUs on multiple ports indicates a redundant path to the root bridge.
The switch looks at the following components in the BPDU to determine which switch ports forward data and which block data :
Lowest path cost
Lowest sender BID
Lowest sender port ID
The switch looks at the path cost first, which is calculated on the basis of the link speed and the number of links the BPDU has traversed. Ports with the lowest cost are eligible to be placed in forwarding mode. All other ports that are receiving BPDUs continue in blocking mode.
If the path cost and sender BID are equal, as with parallel links between two switches, the switch uses the port ID. In this case, the port with the lowest port ID forwards data frames, and all other ports continue to block data frames.
Each bridge advertises the spanning tree path cost in the BPDU. This spanning tree path cost is the cumulative cost of all the links from the root bridge to the switch sending the BPDU. The receiving switch uses this cost to determine the best path to the root bridge. The lowest cost is considered to be the best path.
Port cost values per link are shown in the table in the Revised IEEE Spec column. The lower values are associated with higher bandwidth and, therefore, are the more desirable paths. This revised specification uses a nonlinear scale with port cost values. In the previous IEEE specification, the cost value was calculated based on Gigabit Ethernet being the maximum Ethernet bandwidth, with an associated value of 1, from which all other values were derived in a linear manner.
In Figure , switch Y receives a BPDU from the root bridge (switch X) on its switch port on the Fast Ethernet segment, and another BPDU on its switch port on the Ethernet segment. The root path cost in both cases is zero. The local path cost on the Fast Ethernet switch port is 19, while the local path cost on the Ethernet switch port is 100. As a result, the switch port on the Fast Ethernet segment has the lowest path cost to the root bridge and is elected as the root port for switch Y.
STP selects one designated port per segment to forward traffic. Other switch ports on the segment typically become nondesignated ports and continue blocking, or they could be a root port and continue forwarding, as shown in Figures - .
The nondesignated ports receive BPDUs but block data traffic and do not forward data traffic to prevent loops. The switch port on the segment with the lowest path cost to the root bridge is elected as the designated port. If multiple switch ports on a switch have the same path cost and are connecting to the same neighbor switch, the switch port with the lowest sender port ID becomes the designated port.
Because ports on the root bridge all have a root path cost of zero, all ports on the root bridge are designated ports.
Figure 
depicts a scenario with switches running STP and exchanging information. This exchange yields the following results:
Election of a root bridge as a Layer 2 topology point of reference
Determination of the best path to the root bridge from each switch
Election of a designated switch and corresponding designated port for every switched segment
Removal of loops in the switched network by transitioning some switch links to a blocked state
Determination of the “active topology” for each instance or VLAN running STP
The active topology is the final set of communication paths that are created by switch ports forwarding frames. After the active topology has been established, the switched network must reconfigure the active topology using Topology Change Notifications (TCNs) if a link failure occurs.
A TCN BPDU is generated when a bridge discovers a change in topology, usually because of a link failure, bridge failure, or a port transitioning to forwarding state. The TCN BPDU is set to 0x80 in the Type field and is forwarded on the root port toward the root bridge. The upstream bridge acknowledges the BPDU with a Topology Change Acknowledgment (TCA). In the Flag field, the least significant bit is for the TCN, and the most significant bit is for the TCA.
The bridge sends this message to its designated bridge, which is the closest neighbor to the root of a particular bridge (or the root, if it is directly connected). The designated bridge acknowledges the topology change back to the sending neighbor and sends the message to its designated bridge. This process repeats until the root bridge gets the message. This is how the root learns about the topology changes in the network.
When a topology change occurs the root sends messages throughout the tree so that the content addressable memory (CAM) tables can adjust and provide a new path for the end host devices.
3.1.7 Explaining Enhancements to STP
The 802.1D STP standard was developed long before VLANs were introduced and has some limitations that the Cisco proprietary PVST addresses. PVST allows separate instances of spanning tree and includes Cisco proprietary features, such as PortFast and UplinkFast, which provide much faster convergence.
The 802.1Q standard has defined standards-based technologies for handling VLANs. To reduce the complexity of this standard, the 802.1 committee specified only a single instance of spanning tree for all VLANs. Not only does this provide a considerably less flexible approach than Cisco’s PVST, but it also creates an interoperability problem. To address both these issues, Cisco introduced PVST+ in version 4.1 on the Cisco Catalyst 5000 Series (all Cisco Catalyst 4000 and 6000 series switches support PVST+). PVST+ allows the two schemes to interoperate in a seamless and transparent manner in almost all topologies and configurations.
There are both advantages and disadvantages to using a single spanning tree. On the upside, it allows switches to be simpler in design and place a lighter load on the CPU. On the downside, a single spanning tree precludes load balancing and can lead to incomplete connectivity in certain VLANs (the single STP VLAN might select a link that is not included in other VLANs). Given these tradeoffs, most network designers have concluded that the downsides of having one spanning tree outweigh the benefits.
Two new IEEE standards, RSTP (802.1w) and MSTP (802.1s), improve on the original 802.1D STP standard and provide similar functionality to the Cisco proprietary features. Rapid Spanning Tree Protocol (RSTP) provides much faster convergence, while Multiple Spanning Tree Protocol (MSTP) allows for multiple instances of spanning tree.
Per VLAN Rapid Spanning Tree (PVRST) allows RSTP to be implemented, giving faster convergence, while still using the Cisco proprietary PVST.
Spanning tree PortFast causes an interface configured as a Layer 2 access port to transition from the blocking to forwarding state immediately, bypassing the listening and learning states. You can use PortFast on Layer 2 access ports that are connected to a single workstation or a server. If an interface configured with PortFast receives a BPDU, spanning tree can put the port into the blocking state by using a feature called BPDU guard.
CAUTION:
Because the purpose of PortFast is to minimize the time that access ports must wait for spanning tree to converge, it should be used only on access ports. If you enable PortFast on a port connecting to another switch, you risk creating a spanning tree loop.
Figure lists the commands used to implement and verify PortFast on an interface. Figure describes the commands.
The documents listed in Figure are available on the IEEE Web site.
3.2 Implementing RSTP
3.2.1 Describing the Rapid Spanning Tree Protocol
The immediate consideration with STP is convergence time. Depending on the type of failure, it takes anywhere from 30 to 50 seconds to converge the network. RSTP helps with convergence issues that plague legacy STP. RSTP has additional features similar to UplinkFast and BackboneFast that offer better recovery at Layer 2.
RSTP is based on the IEEE 802.1w standard. Numerous differences exist between RSTP and STP. RSTP requires a full-duplex point-to-point connection between adjacent switches to achieve fast convergence. Half duplex generally denotes a shared medium in which multiple hosts share the same wire; a point-to-point connection cannot reside in this environment. As a result, RSTP cannot achieve fast convergence in half-duplex mode. STP and RSTP also have port designation differences. RSTP has alternate and backup port designations, which are absent from the STP environment. Ports not participating in spanning tree are called edge ports. Edge ports can be statically configured by the PortFast parameter. The edge port immediately becomes a non-edge port if a BPDU is heard on the port. Non-edge ports participate in the spanning tree algorithm and only non-edge ports generate topology changes (TCs) on the network when transitioning to forwarding state. TCs are not generated for any other RSTP states. In legacy STP, TCNs were generated for any active port that was not configured for PortFast.
RSTP speeds the recalculation of the spanning tree when the Layer 2 network topology changes. It redefines STP port roles and states, and the BPDUs.
RSTP is proactive and therefore negates the need for the 802.1D delay timers. RSTP (802.1w) supersedes 802.1D, while still retaining backward compatibility. Much of the 802.1D terminology remains, and most parameters are unchanged. In addition, 802.1w is capable of reverting back to 802.1D to interoperate with legacy switches on a per-port basis.
The RSTP BPDU format is the same as the IEEE 802.1D BPDU format, except that the Version field is set to 2 to indicate RSTP, and the Flags field makes use of all 8 bits.
In a switched domain, there can be only one forwarding path toward a single reference point; this is the root bridge. The RSTP spanning tree algorithm (STA) elects a root bridge in exactly the same way as 802.1D elects a root.
However, there are critical differences that make RSTP the preferred protocol for preventing Layer 2 loops in a switched network environment. Many of the differences stem from the Cisco-proprietary enhancements, which are transparent and integrated into the protocol at a low level. These enhancements, such as BPDUs carrying and sending information about port roles only to neighbor switches, require no additional configuration, and generally perform better than the Cisco-proprietary 802.1D enhancements.
Because the RSTP and Cisco-proprietary enhancements are functionally similar, features such as UplinkFast and BackboneFast are not compatible with RSTP.
3.2.2 Describing RSTP Port States
RSTP provides rapid convergence following a failure or during reestablishing a switch, switch port, or link. An RSTP topology change causes a transition in the appropriate switch ports to the forwarding state through either explicit handshakes or a proposal and agreement process and synchronization.
With RSTP, the role of a port is separated from the state of a port. For example, a designated port could be in the discarding state temporarily, even though its final state is to be forwarding.
RSTP port states correspond to the three basic operations of a switch port: discarding, learning, and forwarding.
Figure describes the characteristics of RSTP port states. In all port states, a port accepts and processes BPDU frames.
Figure compares STP and RSTP port states.
3.2.3 Describing RSTP Port Roles
The port role defines the ultimate purpose of a switch port and the way it handles data frames. Port roles and port states are able to transition independently of each other. Figure depicts the port roles used by RSTP
Figure defines port roles.
Establishing additional port roles allows RSTP to define a standby switch port before a failure or topology change. The alternative port moves to the forwarding state if there is a failure on the designated port for the segment.
