Course Content
Packet Forwarding
0/2
Network Device Communication
Forwarding Architectures
Spanning Tree
An overview of how switches become aware of other switches and prevent loops.
0/2
Spanning Tree Protocol Fundamentals
Rapid Spanning Tree Protocol
Advanced Spanning Tree Tuning
0/2
Spanning Tree Topology Tuning
Additional Spanning Tree Protection Mechanisms
Multiple Spanning Tree Protocol (MST)
0/1
Multiple Spanning Tree Protocol
VLAN Trunks and EtherChannel Bundles
0/3
VLAN Trunking Protocol (VTP)
Dynamic Trunking Protocol (DTP)
EtherChannel Bundle
IP Routing Essentails
0/4
Routing Protocol Overview
Path Selection
Static Routing
Virtual routing and forwarding (VRF)
EIGRP
0/4
EIGRP Fundamentals
EIGRP Path Metric Calculation
EIGRP Failure Detection and Timers
EIGRP Route Summarization
OSPF
0/4
OSPF Fundamentals
OSPF Configuration
OSPF Default Route Advertisement
Common OSPF Optimizations
Advanced OSPF
The (OSPF) protocol scales well with proper network planning. IP addressing schemes, area segmentation, address summarization, and hardware capabilities for each area should considered when designing a network.
0/6
OSPF Areas
OSPF Link-State Announcements
Discontiguous Networks
OSPF Path Selection
OSPF Routes Summarization
OSPF Route Filtering
OSPFv3
0/3
OSPFv3 Fundamentals
OSPFv3 Configurations
IPv4 Support in OSPFv3
BGP
0/4
BGP Fundamentals
Basic BGP Configuration
BGP Route Summarization
Multiprotocol BGP for IPv6
Advanced BGP
0/6
BGP Multihoming
BGP Conditional Matching
BGP Route Maps
BGP Route Filtering and Manipulation
BGP Communities
BGP Path Selection
Multicast
0/5
Multicast Fundamentals
Multicast Addressing
Internet Group Management Protocol
Protocol Independent Multicast
Rendezvous Points
QoS
0/5
The Need for QoS
QoS Models
Classification and Marking
Policing and Shaping
Congestion Management and Avoidance
IP Services
0/3
Time Synchronization
First Hop Redundancy Protocol
Network Address Translation
Overlay Tunnels
0/4
Generic Routing Encapsulation (GRE) Tunnels
IPsec Fundamentals
Cisco Location/ID Separation Protocol (LISP)
Virtual Extensible Local Area Network (VXLAN)
Wireless Signals & Modulation
0/2
Understanding Basic Wireless Theory
Carrying Data over a Wireless Signal
Wireless Infrastructure
0/3
WLAN Topologies
Leveraging Antennas for Wireless Coverage
Pairing Lightweight APs and WLCs
Understanding Wireless Roam and Location Services
0/3
Roaming Overview
Roaming Between Centralized Controllers
Locating Devices in a Wireless Network
Authenticating Wireless Clients
0/4
Open Authentication
Authenticating with Pre-Shared Key (PSK)
Authenticating with EAP
Authenticating with WebAuth
Troubleshooting Wireless Connectivity
0/2
Troubleshooting Client Connectivity from WLC
Troubleshooting Connectivity Problems at the AP
Enterprise Network Architecture
0/2
Hierarchical LAN Design Model
Enterprise Network Architecture Options
Fabric Technologies
0/2
Software-Defined Access (SD-Access)
Software Defined WAN (SD-WAN)
Network Assurance
0/6
Network Diagnostic Tools
Debugging
NetFlow and Flexible NetFlow
Switched Port Analyzer (SPAN) Technologies
IP SLA
DNA Center Assurance
Secure Network Access Control
0/3
Network Security Design for Threat Defense
Network Access Control (NAC)
Next-Generation Endpoint Security
Network Device Access Control and Infrastructure Security
0/5
Access Control Lists (ACLs)
Terminal Lines and Password Protection
Authentication, Authorization, and Accounting (AAA)
Zone-Based Firewall (ZBFW)
Control Plane Policing (CoPP)
Virtualization
0/2
Server Virtualization
Network Functions Virtualization
Foundational Network Programmability Concepts
0/6
CLI
Application Programming Interface (API)
Data Models and Supporting Protocols
DevNet
GitHub
Basic Python Components and Scripts
Introduction to Automation Tools  
To provide a high-level overview of some of the most common configuration management and automation tools that are available.
0/3
Embedded Event Manager (EEM)
Agent-Based Automation Tools
Agentless Automation Tools
ENCOR Course
About Lesson

Spanning Tree Protocol Fundamentals

an overview of how switches become aware of other switches and prevent loops.

  • enables switches to become aware of other switches through the advertisement and receipt of BPDUs.
  • STP operates by selecting a master switch and running a tree-based algorithm to identify which redundant ports should not forward traffic.

Spanning Tree Versions

  • 802.1D, the original specification
  • Per-VLAN Spanning Tree (PVST)
  • PVST+
  • 802.1W (RSTP)
  • 802.1S (MST)

Note: Catalyst switches now operate in PVST+, RSTP, and MST modes. All three of these modes are backward compatible with 802.1D.

IEEE 802.1D STP Port States

Every port transitions through the following states:

Port States Description
Disabled The port is in an administratively shut down.
Blocking The port is enabled, but not forwarding any traffic.
Listening The port has transitioned from a blocking state and can now send or receive only BPDUs.
Learning The port can modify the MAC table. The switch still does not forward any other network traffic besides BPDUs.
Forwarding The port can forward all network traffic and can update the MAC table as expected.
Broken The switch has detected a problem on a port that can have major effects. The port discards packets as long as the problem continues to exist.

802.1D STP Port Types

The 802.1D STP standard defines the following three port types:

Port Types Description
Root port(RP) A port that connects to the root bridge or an upstreamswitch in the topology. There should be only one root port per VLANon a switch.
Designated port (DP) A port that receives and forwards BPDU frames to other switches.Designated ports provide connectivity to downstream devices andswitches. There should be only one active designated port on a link.
Blocking port A port that is not forwarding traffic because of STP calculations.

STP Key Terminology

Terms Description
Root Bridge The most important switch. All ports are in a forwarding stateand categorized as designated ports.
BPDU Used to identify a hierarchy and notify of changes in thetopologyThere are two types: configuration BPDU and topology changenotification BPDU.
Configuration BPDU Used to identify the root bridge, root, designated, and blocking
Topology change notification (TCN) BPDU Used to communicate changes in the Layer 2 topology to other switches
Root path cost The combined cost for a specific path toward the root switch.

STP Key Terminology

Terms Description
System priority This 4-bit value indicates the preference for a switch to be rootbridge. The default is 32,768.
System ID extension This 12-bit value indicates the VLAN that the BPDU correlates.
Root bridge identifier This is a combination of the root bridge system MAC address,system ID extension, and system priority of the root bridge.
Local bridge identifier This is a combination of the local switch’s bridge system MACaddress, system ID extension, and system priority of the root bridge.
Max age Maximum length of time that passes before a bridge port saves itsBPDU information. The default value is 20 seconds.
Hello time The time that a BPDU is advertised out of a port. The default value is2 seconds, but the value can be configured to 1 to 10 seconds.
Forward delay The amount of time that a port stays in a listening and learningstate. The default value is 15 seconds.

STP Path Cost

  • The root path is found based on the cumulative interface STP cost to reach the root bridge.
  • The interface STP cost was originally stored as a 16-bit value with a reference value of 20 Gbps.
  • Another method, called long mode, uses a 32-bit value and uses a reference speed of 20 Tbps.
  • The original method, short mode, is the default.
Link Speed Short-Mode STP Cost Long-Mode STP Cost
10 Mbps 100 2,000,000
100 Mbps 19 200,000
1 Gbps 4 20,000
10 Gbps 2 2,000
20 Gbps 1 1,000
100 Gbps 1 200
1 Tbps 1 20
10 Tbps 1 2

Building the STP Topology

  • SW1 has been identified as the root, and the RP, DP, and blocking ports have been identified

.

Root Bridge Election

The first step is to identify the root bridge. As a switch initializes, it assumes that it is the root and uses the local bridge id as the root bridge id. It then listens to its neighbor’s configuration BPDU and does the following:

  • If the neighbor’s configuration BPDU is inferior to its own BPDU, the switch ignores that BPDU.
  • If the neighbor’s configuration BPDU is preferred to its own BPDU, the switch updates its BPDUs to include the new root bridge ID along with a new root path cost that correlates to the total path cost to reach the new root bridge.
  • This process continues until all switches in a topology have identified the root bridge.
  • STP prefers lower priority number then goes to lower MAC.

STP Root Path Costs

 

•illustrates the root path cost as SW1 advertises the configuration BPDUs toward SW3 and then SW3’s configuration BPDUs toward SW5.

  • The advertised root path cost is always the value calculated on the local switch.
  • The local root path cost is the advertised root path cost plus the local interface port cost.
  • The root path cost is always zero on the root bridge.

Locating Root Ports

Once the Root Bridge is found, the switch must determine its Root Port. The RP is selected using the following logic:

  1. The interface associated to lowest path cost is more preferred.
  2. The interface associated to the lowest system priority of the advertising switch is preferred next.
  3. The interface associated to the lowest system MAC of the advertising switch is preferred next.
  4. When multiple links are associated to the same switch, the lowest port priority from the advertising switch is preferred.
  5. When multiple links are associated to the same switch, the lower port number from the advertising switch is preferred.

Locating Root Ports Verified

#show spanning-tree root to verify the Root ID and the Root Port.

Locating Blocked Designated Switch Ports

The RPs have been identified and all other ports are considered designated ports. If two non-root switches are connected to each other on their designated ports, one port must be set to a blocking state to prevent a forwarding loop.

  1. The interface is a designated port and must not be considered an RP.
  2. The switch with the lower path cost to the root bridge forwards, and the one with the higher path cost blocks. If they tie, they move on to the next step.
  3. The system priority of the local switch is compared to the system priority of the remote switch. The local port is moved to a blocking state if the remote system priority is lower than that of the local switch. If they tie, they move on to the next step.
  4. The system MAC of the local switch compared to the system priority of the remote switch. The local designated port is moved to a blocking state if the remote system MAC lower than that of the local switch. If the links are connected to the same switch, they move on to the next step.

Viewing STP Information

 

These port types are expected on Catalyst switches:

  • Point-to-point (P2P) – connects with another network device (PC or RSTP switch).
  • P2P edge –This port type specifies that portfast is enabled.

Viewing STP Information

Verify VLAN Information on a Trunk

 

  • If a VLAN is missing on a trunk port, check the trunk port configuration for accuracy.

STP Topology Changes

BPDUs always flow from the root bridge toward the edge switches, unless there are changes in the topology.

  • The switch that detects a link status change sends a TCN BPDU toward the root bridge out of its RP.
  • If an upstream switch receives the TCN, it sends out an ack and forwards the TCN out its RP to the root bridge.
  • Upon receipt of the TCN, the root bridge creates a new configuration BPDU with the Topology Change flag set, and it is then flooded to all the switches.
  • When switches receive this, they set their MAC address timer to a default 15 seconds. Then the device flushes its MAC table if has not heard from a device in that last 15 seconds.
  • TCNs are generated on a VLAN basis, so the impact of TCNs directly correlates to the number of hosts in a VLAN.

Verify STP Topology Changes

  • show spanning-tree vlan # detail command to see topology changes.

Converging with Direct Link Failures

When a switch loses power or reboots, or when a cable is removed from a port, the Layer 1 signaling places the port into a down state, which can notify other processes, such as STP. STP considers such an event a direct link failure and can react in one of three ways:

  • The link between SW2 and SW3 fails. If the link is already blocking there is no impact to traffic between the two switches as they both transmit data through SW1. Both SW2 and SW3 will advertise a TCN toward the root switch, which results in the Layer 2 topology flushing its MAC table.
  • The link between SW1 and SW3 fails. Network traffic from SW1 or SW2 toward SW3 impacted because SW3 Gi1/0/2 port is in a blocking state.
  • The link between SW1 and SW2 fails. Network traffic from SW1 or SW3 toward SW2 is impacted because SW3’s Gi1/0/2 port is in a blocking state.

Converging with Direct Link Failures

 

The link between SW1 and SW3 fails.

  • Phase 1. SW1 detects a link failure on its Gi1/0/3. SW3 detects a link failure on its Gi1/0/1.
  • Phase 2. Normally SW1 would generate a TCN flag out its root port, but it is the root bridge, so it does not. SW1 would advertise a TCN if it were not the root bridge. SW3 removes its best BPDU received from SW1 on its Gi1/0/1 because it is now in a down state. At this point, SW3 would attempt to send a TCN toward the root switch to notify it of a topology change; however, its root port is down.

Converging with Direct Link Failures

  • Phase 3. SW1 advertises a configuration BPDU with the Topology Change flag out of all its ports. This BPDU is received and relayed to all switches in the environment.

  • Phase 4. SW2 and SW3 receive the configuration BPDU with the Topology Change flag. These switches then reduce the MAC address age timer to the forward delay timer to flush out older MAC entries. In this phase, SW2 does not know what changed in the topology.
  • Phase 5. SW3 must wait until it hears from the root bridge again or the Max Age timer expires before it can reset the port state and start to listen for BPDUs on the Gi1/0/2 interface (which was in the blocking state previously).

Converging with Direct Link Failures

 

The link between SW1 and SW2 fails.

  • Phase 1. SW1 detects a link failure on its Gi1/0/1. SW2 detects a link failure on its Gi1/0/3.
  • Phase 2. Normally SW1 would generate a TCN flag out its root port, but it is the root bridge, so it does not. SW1 would advertise a TCN if it were not the root bridge. SW2 removes its best BPDU received from SW1 on its Gi1/0/1 because it is now in a down state. At this point, SW2 would attempt to send a TCN toward the root switch to notify it of a topology change; however, its root port is down.

Converging with Direct Link Failures

 

  1. Phase 3. SW1 advertises a configuration BPDU with the Topology Change flag out of all its ports. This BPDU is then received and relayed to SW3. SW3 cannot relay this to SW2 as its Gi1/0/2 port is still in a blocking state. SW2 assumes that it is now the root bridge and advertises configuration BPDUs with itself as the root bridge.
  2. Phase 4. SW3 receives the configuration BPDU with the Topology Change flag from SW1. SW3 reduces the MAC age timer to the forward delay timer to flush out older MAC entries. SW3 receives inferior BPDUs from SW2 and discards them as it is still receiving superior BPDUs from SW1.

Converging with Direct Link Failures

 

  • Phase 5. The Max Age timer on SW3 expires, and now the Gi1/0/2 port on SW3 transitions from blocking to listening state. SW3 can now forward the next configuration BPDU it receives from SW1 to SW2.
  • Phase 6. SW2 receives the configuration BPDU of SW via SW3 and recognizes it as superior. It marks its Gi1/0/3 interface as the root port and transitions it to the listening state. Total convergence time for SW2 is 52 seconds.

Indirect Failures

STP communication between switches is impaired or filtered while the network link remains up. This situation is known as an indirect link failure, and timers are required to detect and remediate the topology.  

Indirect Failures

 

There is an impediment or data corruption on the link between SW1 and SW3.

  • Phase 1. An event occurs that impairs or corrupts data on the link. SW1 and SW3 still report a link up condition.
  • Phase 2. SW3 stops receiving configuration BPDUs on its RP. It keeps a cached entry for the RP on Gi1/0/1. Configuration BPDUs from SW1 that are being transmitted via SW2 are discarded as its Gi1/0/2 port is in a blocking state. Once the Max Age timer expires on SW3 and flushes the cached entry of the RP, SW3 transitions Gi1/0/2 from blocking to listening state.

Indirect Failures

  • Phase 3. SW2 continues to advertise the configuration BPDUs from SW1 toward SW3.
  • Phase 4. SW3 receives SW1’s configuration BPDU via SW2 on its Gi1/0/2 interface. This port is now marked as the RP and continues to transition through the listening and learning states. The total time for re-convergence on SW3 is 52 seconds.

 

 

Other useful information:

Join the conversation
Previous
Next