Configuring Spanning Tree Protocol (STP)

By | June 18, 2013

Spanning Tree protocol works with networks where you have multiple switches all plugging into more switches and you need redundancy.  It allows you to have primary and secondary backup switches.  Most large networks have their layered approach with core switches, distribution switches, and access switches which could be very bad without STP.

The key to STP is ensuring the switch you want to be the root or Core switch has the root priority over any other switch.  If the “closet” switch becomes the root switch, you would experience horrible performance.  So your biggest, baddest, most central switch should be your Root switch.  The lower the priority, the better.  If the priority is tied, the mac address is the tie breaker.  They then figure out the fastest way to the root switch based on the priority and Mac.  They will pick the lowest cost link to make it to the root.  The link cost is determined by the speed of the link and the amount of links it must cross.

Ports in STP will enter the following states:

  • Listening – The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state.
  • Learning – While the port does not yet forward frames/packets it does learn source addresses from frames received and adds them to the filtering (switching) database.  It learns the mac addresses and populates the switch CAM table.
  • Forwarding – A port receiving and sending data in normal operation.  STP still monitors the incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
  • Blocking – A port that would cause a switching loop becomes blocked and no user data is sent or received but it may go into a forwarding state if the other links in use were to fail and STP algorithm determines the port may transition to the forwarding state.  BPDUs are still received in a blocking state.  The switch can wait up to 20 seconds before moving a blocked port into listening phase.

Understanding BPDUs and Role Elections:

When BPDU (or discovery probes) get sent into the network to find loops and address them, the ports on your switch will become 1 of 3 different types after the discovery occurs (shown above).  These get determined by the link cost and how fast the link is:

  • Root role:  This is the type of port on switches used to reach the root bridge (the root switch).
  • Designated role:  Forwarding port, one per link.  These connect to other switches that are not connected to the root but may lead to it.  The other side it is connected to will go into a blocking state.  The lower mac address of the switch on each side will be the designated port.  The root bridge itself will have all of its ports in the designated role.
  • Blocking/Non Designated role – This port gets blocked and nothing goes through.  The other side of this link will be the designated port.  The higher mac address of the switches will be the blocking port.

Link Costs:

Switches will determine the cost of the link based on the following information:

Link Bandwidth = Cost
10 Mbps = 100
100 Mbps = 19
1 Gbps = 4
10 Gbps = 2

For determining the link it will use it will use the following tie breaking methods:

1)  The down speed of the link
2)  The up speed of the link
3)  The lowest number interface.  This means if the speeds are the same, the link with the lowest number wins.

To show the spanning tree output:

show spanning-tree – This will show you your root ID (the root switch) and the bridge ID (the switch you are currently using) as well as the link they are using.

If you want to configure a different switch as the root:

spanning-tree vlan 1 root primary – sets the switch to be the primary root for VLAN 1 traffic.
spanning-tree vlan 1 root secondary – sets the switch to the secondary root for VLAN 1 traffic.

Now if you do your show spanning-tree‘s you notice the root you set has the lowest priority and the secondary will have the next highest priority.  You’ll notice your blocking ports will change as well.  Always, always, always set your root switches as your STP root primary/secondary’s.

Another way to set priorities manually for a particular VLAN will be:

spanning-tree vlan 1 priority #### – lets you set the priority in increments of 4096.

As you know, there are a lot of flaws to STP and you need ways to stop people from plugging in their switches and overtaking your network as the root switch.  Let’s discuss the enhancements to STP called RSTP (Rapid STP):

conf t

interface faX/X
spanning-tree portfast
– This disables spanning tree on a port so it can not become a trunk/STP port.  This is used for ports that only hosts (PCs) will connect to.

spanning-tree vlan 1,10,20,30,XX root primary – sets the root switch for multiple VLANs.

Rapid STP is an enhanced version of spanning tree that is faster.  It is called 802.1W and is proactive.  When it finds the active ports rather than blocking the other port it sets it as a backup port to rapidly fail over.  It “remembers” that the inactive port can be a good backup port and redefines the port roles.  It creates Alternate ports rather than Blocked ports.  This only works on new switches with RSTP functionality. It also allows you to specify different active links for different VLANs (already shown above).  To use Rapid spanning-tree:

spanning-tree mode rapid-pvst – must be turned on all switches in the network.  This can also be done per VLAN.  This enabled RapidSTP
spanning-tree mode mst – sets regular spanning tree that doesn’t understand VLANs.  (Old mode)
spanning-tree mode pvst – sets the spanning tree mode that understands VLANs.  This is just standard STP.

Port fast must be enabled for this to work properly (see above commands).  This needs to be done on all ports that are not trunks.  This will prevent ports that do not need to be a part of STP or Rapid STP from going into a forwarding state.  When this is setup properly you will not notice a drop in network connectivity if a link goes down!

The port roles designated to RSTP are slightly different than STP:

  • Root Port role – Used to reach the root bridge (same as STP).
  • Designated port role- Forward port, one per line (same as STP).
  • Alternate port – Discarding port, backup path to the root (different from STP, still blocks but gets remembered instead).

In order for RSTP to properly work, portfast must be enabled on all of your hosts (use interface ranges to make it faster) and the spanning-tree mode must be set to rapid-pvst.