Spanning Tree
Protocol
Semester 3, Ch. 5
Sandra Coleman,
CCNA, CCAI
Redundancy
 Five
9’s uptime = 99.999% uptime, this equates to
only 5.25 minutes of downtime per year!
 Requires reliability…which is achieved by reliable
equipment and fault tolerant networks
 Redundant topologies –

Goal - eliminate network outages caused by a
single point of failure.
If the bridge is flooded or
damaged by an accident,
travel to the town center
across the bridge is
impossible.
A second bridge across the
river creates a redundant
topology. The suburb is not
cut off from the town center
if one bridge is impassable
Redundant Switched Topologies
 Eliminates
single points of failure
 Switches flood frames for unknown destinations
until they learn their MAC addresses
 Broadcasts/Multicasts are flooded out all ports
EXCEPT the one on which it was received
 Can cause the following problems:



broadcast storms
multiple Ethernet frame copies
MAC address table instability problems
Redundant Switched
Topology
When multiple paths
exist between two
devices on the network
and STP has been
disabled on those
switches, a Layer 2 loop
can occur. If STP is
enabled on these
switches, which is the
default, a Layer 2 loop
would not occur.
Broadcast Storms




Defined - A state in which a message that has been
broadcast across a network results in even more
responses, and each response results in still more
responses in a snowball effect
Caused by continued sending of broadcasts or
multicasts over and over.
Will continue until one of the switches is disconnected.
Switches get so busy with the broadcasts, they can’t
forward normal user traffic which causes it to seem as if
the network is down or extremely slow.
Multiple Frame
Transmissions
 Occurs
when multiple devices are seeking to
retrieve information from another device.
 A single devices might be seeking a MAC
address of a particular host.
 In seeking the address, the request travels
through other networking devices which also
begin seeking the MAC address.
Multiple
frame
transmissions
 In
a redundant switched network it is possible
for an end device to receive multiple frames.
 Assume that the MAC address of Router Y has
been timed out by both switches.
 Also assume that Host X still has the MAC
address of Router Y in its ARP cache and sends
a unicast frame to Router Y.
Multiple frame
transmissions






The router receives the frame because it is on the same segment as
Host X.
Switch A does not have the MAC address of the Router Y and will
therefore flood the frame out its ports. (Segment 2)
Switch B also does not know which port Router Y is on.
Note: Switch B will forward the the unicast onto Segment 2, creating
multiple frames on that segment.
After Switch B receives the frame from Switch A , it then floods the
frame it received causing Router Y to receive multiple copies of the
same frame.
This is a causes of unnecessary processing in all devices.
Media access
control database
instability






In a redundant switched network it is possible for switches to
learn the wrong information.
A switch can incorrectly learn that a MAC address is on one
port, when it is actually on a different port.
Host X sends a frame directed to Router Y.
Switches A and B learn the MAC address of Host X on port 0.
The frame to Router Y is flooded on port 1 of both switches.
Switches A and B see this information on port 1 and incorrectly
learn the MAC address of Host X on port 1.
Redundant topology & spanning tree



No TTL field in Layer 2
Ethernet header(as there is in
IP headers). Therefore is a
frame is caught in a loop, it
can loop forever, wasting
bandwidth
Switching loops are
necessary for reliability, but
networks cannot have loops.
????
Solution: allow physical
loops, but create a loop-free
logical topology.
Spanning Tree Protocol






Loop free switched topology
Usually star or extended star logical topology
SPANNING means all devices are reachable or
spanned
Spanning tree algorithm is used to create this
topology. Can take a relatively long time to
converge
Rapid spanning-tree algorithm is being introduced to
reduce the time it takes to compute a loop free
logical topology
STP ensures that there is only one logical path
between all destinations on the network by
intentionally blocking redundant paths that could
cause a loop (loop-free path).
Spanning Tree Protocol






IEEE 802.1D – allows the use of ST algorithm to construct
a loop free shortest path network
Shortest path is based on cumulative link costs
Establish a root node called the root bridge
Establish one path for reaching every node…originating
from the root bridge.
Links not part of the shortest path are blocked
Features that contribute to the time it takes for total
convergence:



Max-age timer
Listening forward delay
Learning forward delay
Spanning Tree Protocol
 Data
frames received on blocked links are
dropped
 Links that will cause bridging loops are blocked
 BPDU – Bridge Protocol Data Unit


Allows the formation of the loop free topology
BPDUs continue to be received on blocked ports.
If an active path fails, a new one can be
calculated
BPDUs
 Contain






enough info that all switches can:
Select a single switch that will act as the root of the
spanning tree
Calculate the shortest path from itself to the root
switch
Designate one of the switches as the closest one to
the root, for each LAN segment. This bridge is called
the “designated switch”.
Choose one of its ports as its root port, for each nonroot switch. This is the interface that gives the best
path to the root switch.
Select ports that will forward frames and are part of
the spanning tree, the designated ports.
Non-designated ports are blocked
Spanning tree operation
 Should
be one spanning tree per network
 For every converged switched network, the
following elements exist:



One root bridge per network
One root port per non root bridge
One designated port per segment
 These

forward data traffic
Unused, non-designated ports
 These
discard data traffic
Two Key Concepts: BID and Path Cost


STP executes an algorithm called
Spanning Tree Algorithm (STA).
STA chooses a reference point,
called a root bridge, and then
determines the available paths to
that reference point.


If more than two paths exists, STA picks
the best path and blocks the rest
STP calculations make extensive use
of two key concepts in creating a
loop-free topology:


Bridge ID
Path Cost
Bridge ID (BID)

Bridge ID (BID) is used to identify each bridge/switch.

The BID is used in determining the center of the network, in
respect to STP, known as the root bridge.
Consists of two components:



A 2-byte Bridge Priority: Cisco switch defaults to 32,768 or 0x8000.
A 6-byte MAC address
Bridge ID (BID)
 Bridge
Priority is usually expressed in decimal format
and the MAC address in the BID is usually expressed
in hexadecimal format.
 BID is used to elect a root bridge
 Lowest Bridge ID is the root.
 If all devices have the same priority, the bridge with
the lowest MAC address becomes the root bridge.
(Yikes!)
Path
Cost



Bridges use the concept of cost to evaluate how close they
are to other bridges.
This will be used in the STP development of a loop-free
topology .
Originally, 802.1d defined cost as 1000/bandwidth of the link
in Mbps.




Cost of 10Mbps link = 100 or 1000/10
Cost of 100Mbps link = 10 or 1000/100
Cost of 1Gbps link = 1 or 1000/1000
Running out of room for faster switches including 10 Gbps
Ethernet.
10-Gb/s
Ethernet ports have a port cost of 2,
1-Gb/s Ethernet ports have a port cost of 4,
100-Mb/s Fast Ethernet ports have a port cost of 19
10-Mb/s Ethernet ports have a port cost of 100.
Path Cost
Path
cost is the sum of all the port costs
along the path to the root bridge.
 The
paths with the lowest path cost become
the preferred path, and all other redundant
paths are blocked.
Path Cost

You can modify the path cost by modifying the cost of
a port.



Exercise caution when you do this!
BID and Path Cost are used to develop a loop-free
topology .
But first the Four-Step STP Decision Sequence
Four-Step STP Decision
Sequence

When creating a loop-free topology, STP always uses
the same four-step decision sequence:
Four-Step decision Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 - Lowest Port ID
BID Fields


The BID is used to determine the root bridge on a network.
The BID field of a BPDU frame contains 3 separate fields.
Each
field is used during the root bridge election.
1. Bridge Priority
The
bridge priority is a customizable value that you can use to
influence which switch becomes the root bridge.

The switch with the lowest priority, which means lowest BID, becomes the
root bridge (the lower the priority value, the higher the priority).
The
default value for the priority of all Cisco switches is 32768.
The priority range is between 1 and 65536; 1 is the highest priority.
2. Extended System ID
The
early STP was designed for networks that did not use VLANs.
When VLANs started became common, the extended system
ID field contains the ID of the VLAN with which the BPDU is
associated.


The bridge priority values can only be multiples of 4096.
The extended system ID is added to identify the priority and VLAN of
BPDU.
3. MAC Address
When
two switches are configured with the same priority and
have the same extended system ID (default setting), the switch
with the MAC address with the lowest hexadecimal value has
the lower BID.

It is recommended to configure the desired root bridge switch with a
lower priority to ensure that it is elected root bridge.
Four-Step STP Decision Sequence
BPDU key concepts:
 Bridges save a copy of only the best BPDU seen on every
port.
 At startup, each switch initially assumes that it is the root
bridge, so the BPDU frames that are sent, contain the BID
of the local switch as the root ID.
 When making this evaluation, it considers all of the BPDUs
received on the port, as well as the BPDU that would be
sent on that port.
 As every BPDU arrives, it is checked against this four-step
sequence to see if it is more attractive (lower in value)
than the existing BPDU saved for that port.
 Only the lowest value BPDU is saved.
 Bridges send configuration BPDUs until a more attractive
BPDU is received.
 Okay, lets see how this is used...
Three Steps of Initial STP Convergence
 The
STP algorithm uses three simple
steps to converge on a loop-free
topology.
 Switches go through three steps for
their initial convergence:
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
root bridge
Three Steps of Initial STP
Convergence
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
Step 1 Elect one Root Bridge
Root
Bridge
Cost=19
1/1
1/2
Cost=19
Cat-A
1/1
1/1
Cat-B
Cat-C
1/2
1/2
Cost=19
Step 1 Elect one
Root Bridge

Each switch in the broadcast domain initially assumes that it is the root
bridge for the spanning-tree instance, so the BPDU frames sent contain
the BID of the local switch as the root ID.
Each
switch maintains local information about its own BID, the root ID, and
the path cost to the root.
By default, BPDU frames are sent every 2 seconds.

When adjacent switches receive a BPDU frame, they compare the root
ID from the BPDU frame with the local root ID.
If
the root ID in the BPDU is lower than the local root ID, the switch updates
the local root ID and the ID in its BPDU messages.



If
These messages serve to indicate the new root bridge on the network.
Also, the path cost is updated to indicate how far away the root bridge is. (looking for
the shortest path to the root bridge)
For example, a Fast Ethernet switch port, the path cost would be set to 19.
the local root ID is lower than the root ID received in the BPDU frame, the
BPDU frame is discarded.
Elect the root bridge
 After
a root ID has been updated to
identify a new root bridge, all subsequent
BPDU frames sent from that switch contain
the new root ID and updated path cost.
Use
to determine which ports will forward
frames as part of the spanning tree.
As the BPDU frames pass between other
adjacent switches, the path cost is continually
updated to indicate the total path cost to the
root bridge.
Each switch in the spanning tree uses its path
costs to identify the best possible path to the
root bridge.
Step 1 Elect one Root Bridge
Cat-A has the lowest Bridge MAC Address, so it wins the Root War!
All 3 switches have the same default Bridge Priority value of 32,768
Step 1 Elect one
Root Bridge



At the beginning, all bridges assume they are the center of the
universe and declare themselves as the Root Bridge, by placing its
own BID in the Root BID field of the BPDU.
Once all of the switches see that Cat-A has the lowest BID, they
are all in agreement that Cat-A is the Root Bridge.
Can be influenced by network admin by setting switch
priority to a smaller value than the default. Do this cautiously!
Configure and Verify the BID


There are 2 methods used to configure bridge priority
value.
Method 1
To
ensure the switch has the lowest priority value, use
the spanning-tree vlan vlan-id root primary in global
configuration.

If
The priority for the switch is set to the predefined value of 24576
or to the next 4096 increment value below the lowest bridge
priority detected on the network.
an alternate root bridge is desired, use the spanningtree vlan vlan-id root secondary global configuration
mode.



Method 2
Another
method for configuring the bridge priority value
is using the spanning-tree vlan vlan-id priority value global
configuration mode command.



It sets the priority for the switch to the predefined value of
28672.
This ensures that this switch becomes the root bridge if the
primary root bridge fails and the rest of the switches in the
network have the default 32768 priority value defined.
This command gives you more granular control over the bridge
priority value.
The priority value is configured in increments of 4096 between 0
and 65536.
To verify the bridge priority of a switch, use the show
spanning-tree privileged EXEC mode command.
In
the example, the priority of the switch has been set to
24576. Also notice that the switch is designated as the
root bridge for the spanning-tree instance.
24576
24576
20480
28672
Port Roles
There are 4 port roles that switch automatically configured for SPT process.
1. Root Port - Root port exists on non-root bridges and it is the port with the best path to the root
bridge.

Only
one root port is allowed per bridge.
S2 and S3 have root ports on the trunk links connecting back to S1.
2. Designated Port - The designated port exists on root and non-root bridges.
For
root bridges, all switch ports are designated ports.
For non-root bridges, a designated port is the switch port that receives and forwards frames toward the
root bridge as needed.
Only one designated port is allowed per segment.
S1 has both sets of ports for its 2 trunk links configured as designated ports. S2 also has a designated port
configured on the trunk link going toward S3.
3. Non-designated Port - The non-designated port is a switch port that is blocked, so it is not
forwarding data frames and not populating the MAC address table with source addresses.
Decisions
on which port to block if they have equal costs depend on the port priority and identity.
A non-designated port is not a root port or a designated port.
For some variants of STP, the non-designated port is called an alternate port.
S3 has the only non-designated ports in the topology.
 The non-designated ports prevent the loop from occurring.
4. Disabled Port - The disabled port is a switch port that is administratively shut down.
A
disabled port does not function in the spanning-tree process.
There are no disabled ports in the example.
Three Steps of Initial STP
Convergence
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
Root
Bridge
Cost=19
1/1
1/2
Cost=19
Cat-A
Step 2 Elect
Root Ports
1/1
1/1
Cat-B
Cat-C
1/2





1/2
Now that the Root War has been won, switches move on to
selecting Root Ports.
A bridge’s Root Port is the port closest to the Root Bridge.
Bridges use the cost to determine closeness.
Every non-Root Bridge will select one Root Port!
Specifically, bridges track the Root Path Cost, the cumulative
cost of all links to the Root Bridge.
Cost=19
Step 2
Elect Root
Ports
Root
Bridge
Cost=19
1/1
1/2
Cost=19
Cat-A
1/1
Cat-B
1/2
BPDU
BPDU
Cost=0
Cost=0
BPDU
BPDU
Cost=0+19=19
Cost=0+19=19
1/1
Cat-C
1/2
Step 1
Cost=19
 Cat-A sends out BPDUs, containing a Root Path Cost of 0.
 Cat-B receives these BPDUs and adds the Path Cost of Port 1/1 to
the Root Path Cost contained in the BPDU.
Step 2
 Cat-B adds Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19
Step 2
Elect Root
Ports
Root
Bridge
Cost=19
1/1
1/2
Cat-A
1/1
BPDU
BPDU
Cost=0
Cost=0
BPDU
BPDU
Cost=19
Cost=19
Cat-B
Cost=38 (19+19)
1/1
Cat-C
1/2
BPDU
Cost=19
1/2
BPDU
BPDU
Cost=19
Cost=19
Cost=19
BPDU
Cost=38 (19+19)
Step 3
 Cat-B uses this value of 19 internally and sends BPDUs with a Root
Path Cost of 19 out Port 1/2.
Step 4
 Cat-C receives the BPDU from Cat-B, and increased the Root
Path Cost to 38 (19+19). (Same with Cat-C sending to Cat-B.)
Root
Bridge
Step 2
Elect
Root Ports
Root Port
Cost=19
1/1
BPDU
Cost=0
1/2
Cat-A
Cost=19
BPDU
Cost=0
BPDU
BPDU
Cost=19
Cost=19
1/1
Cat-B
1/2
1/1
Root
Port
Cat-C
1/2
BPDU
BPDU
Cost=38 (19+19)
Cost=38 (19+19)
Cost=19
Step 5
 Cat-B calculates that it can reach the Root Bridge at a cost of 19
via Port 1/1 as opposed to a cost of 38 via Port 1/2.
 Port 1/1 becomes the Root Port for Cat-B, the port closest to the
Root Bridge.
 Cat-C goes through a similar calculation. Note: Both Cat-B:1/2 and
Cat-C:1/2 save the best BPDU of 19 (its own).
Elect Root Ports

Every switch in a spanning-tree topology, except
for the root bridge, has a single root port defined.
The
root port is the switch port with the lowest path cost
to the root bridge.


Normally path cost alone determines which switch
port becomes the root port.
Switch ports with equivalent path costs to the root
use the configurable port priority value.
They
use the port ID to break a tie.
When a switch chooses one equal path cost port as a
root port over another, the losing port is configured as
the non-designated to avoid a loop.
Three Steps of Initial STP
Convergence
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
Step 3 Elect
Designated
Ports






The loop prevention part of STP becomes evident during this step,
electing designated ports.
A Designated Port functions as the single bridge port that both sends
and receives traffic to and from that segment and the Root Bridge.
Each segment in a bridged network has one Designated Port, chosen
based on cumulative Root Path Cost to the Root Bridge.
The switch containing the Designated Port is referred to as the
Designated Bridge for that segment.
To locate Designated Ports, lets take a look at each segment.
Root Path Cost, the cumulative cost of all links to the Root Bridge.
Root Path Cost = 0
Cost=19
Root
Bridge
1/1
Segment 1
Root Path Cost = 0
1/2
Cost=19
Segment 2
Cat-A
Step 3 Elect
Designated Ports
Root Path Cost = 19
Root Path Cost = 19
1/1
Root Port
1/1
Root Port
Cat-B
Cat-C
1/2
1/2
Root Path Cost = 19
Root Path Cost = 19
Segment 3
Cost=19



Segment 1: Cat-A:1/1 has a Root Path Cost = 0 (after all it has the
Root Bridge) and Cat-B:1/1 has a Root Path Cost = 19.
Segment 2: Cat-A:1/2 has a Root Path Cost = 0 (after all it has the
Root Bridge) and Cat-C:1/1 has a Root Path Cost = 19.
Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a
Root Path Cost = 19. It’s a tie!
Root
Bridge
Root Path Cost = 0
Cost=19
1/1
1/2
Segment 1
Step 3 Elect
Designated
Ports
Root Path Cost = 0
Cost=19
Segment 2
Cat-A
Designated Port
Designated Port
Root Path Cost = 19
1/1
Root Path Cost = 19
Root Port
1/1
Root Port
Cat-B
Cat-C
1/2
1/2
Root Path Cost = 19
Root Path Cost = 19
Segment 3
Cost=19
Segment 1
 Because Cat-A:1/1 has the lower Root Path Cost it becomes
the Designate Port for Segment 1.
Segment 2
 Because Cat-A:1/2 has the lower Root Path Cost it becomes
the Designate Port for Segment 2.
Root
Bridge
Root Path Cost = 0
Cost=19
Root Path Cost = 0
1/1
1/2
Segment 1
Cost=19
Segment 2
Cat-A
Designated Port
Designated Port
Root Path Cost = 19
1/1
Root Path Cost = 19
Root Port
1/1
Root Port
Cat-B
Cat-C
1/2
1/2
Root Path Cost = 19
Root Path Cost = 19
Segment 3
Cost=19
Segment 3
 Both Cat-B and Cat-C have a Root Path Cost of 19, a tie!
 When faced with a tie (or any other determination) STP always uses
the four-step decision process:
1. Lowest Root BID;
2. Lowest Path Cost to Root Bridge;
3. Lowest Sender BID; 4. Lowest Port ID
Root Path Cost = 0
Cost=19
Root
Bridge
1/1
Segment 1
Root Path Cost = 0
1/2
Cost=19
Segment 2
Cat-A
Designated Port
Designated Port
Root Path Cost = 19
Root Path Cost = 19
1/1
Root Port
Cat-B
1/2
1/1
Root Port
32,768.CC-CC-CC-CC-CC-CC
32,768.BB-BB-BB-BB-BB-BB
Root Path Cost = 19
Cat-C
1/2
Root Path Cost = 19
Designated Port Segment 3 Non-Designated Port
Cost=19
Segment 3 (continued)
 1) All three switches agree that Cat-A is the Root Bridge, so this is a tie.
 2) Root Path Cost for both is 19, also a tie.
 3) The sender’s BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes the
Designated Port for Segment 3.
 Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.
Non-designated ports



When two switches are connected to the same
LAN segment, and root ports have already been
defined, the two switches have to decide which
port gets to be configured as a designated port
and which one is left as the non-designated port.
Generally, the switch with the lower BID has its port configured as a
designated port,
while the switch with the higher BID has its port configured as a nondesignated port.
However,
keep in mind that the first priority is the lowest path cost to the
root bridge and that only if the port costs are equal, is the BID of the
sender.

As a result, each switch determines which port roles are assigned to
each of its ports to create the loop-free spanning tree.
Spanning
Tree Port
States

Blocking (20 secs)



Listening (15 secs)



Learning MAC addresses from any traffic, does not forward user data
Forwarding


Determine if there are other paths to the root bridge
All paths, except lowest cost, go back to blocking
Learning (15 secs)


Is this a root bridge or a designated port
Can only receive BPDUs Data frames are discarded
User data is forwarded, BPDUs are processed, and MAC addresses are
learned
Disabled – the layer 2 port does NOT participate in STP and
doesn’t forward frames.
STP Recalculation – Topology Changes
 Convergence
occurs when all the switch
and bridge ports are in either the
forwarding or blocked state
 Network changes require the switches to
recompute the Spanning Tree and
therefore recalculate. This disrupts user
traffic.
 Can take up to 50 seconds to go from
blocking state to forwarding state with
802.1D standards.

The entire process of electing the root bridge,
determining the root ports, and determining the
designated and non-designated ports happens
within the 20-second blocking port state.
BPDU Timers


The amount of time that a port stays in the
various port states depends on the BPDU
timers.
Only the switch in the role of root bridge may
send information through the tree to adjust
the timers. These contribute to the time it
takes for the network to fully converge!
Hello
time (2 seconds)
Forward delay (15 seconds)
Maximum age (20 seconds)


At power up: Every switch port goes through
the blocking, listening and learning states.
The ports then stabilize to the forwarding or
blocking state.
During a topology change: A port
temporarily implements the listening and
learning states for a specified period called
the "forward delay interval.“
They
must also allow the frame lifetime to
expire for frames that have been forwarded
using the old topology
Cisco and STP Variants
Cisco and STP Variants



There are many types or variants of STP.
Cisco Proprietary
Per-VLAN spanning tree protocol (PVST) - Maintains a spanning-tree instance for each VLAN.
 It uses the Cisco proprietary ISL trunking protocol.
 For PVST, Cisco developed a number of proprietary extensions to the original IEEE 802.1D STP,
such as BackboneFast, UplinkFast, and PortFast.
Per-VLAN spanning tree protocol plus (PVST+) – It is developed to provide support for IEEE
802.1Q.
 PVST+ provides the same functionality and proprietary STP extensions.
 PVST+ is not supported on non-Cisco devices.
 PVST+ includes the PortFast enhancement called BPDU guard, and root guard.
 BID modified to include VLAN ID
Rapid per-VLAN spanning tree protocol (rapid PVST+) –
 Based on the IEEE 802.1w and has a faster convergence than 802.1D.
 Rapid PVST+ includes Cisco-proprietary extensions.
IEEE Standards
Rapid spanning tree protocol (RSTP) - First introduced in 1982 as an evolution of 802.1D 
802.1W
 It provides faster spanning-tree convergence than 802.1D.
 RSTP implements the Cisco-proprietary STP extensions, BackboneFast, UplinkFast, and
PortFast.
 As of 2004, the IEEE has incorporated RSTP into 802.1D, identifying the specification as IEEE
802.1D-2004.
So when you hear STP, think RSTP.
Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree
instance
 reducing the number of instances needed to support a large number of VLANs.
 Standard IEEE 802.1Q-2003 now includes MSTP.
PVST+
 In
order to support IEEE 802.1Q
standard CST, Cisco extended
PVST to become PVST+
 PVST+ is compatible with with
both CST and PVST and can be
uses with switches that support
either or both VLAN Spanning
Tree methods
 PVST+ also adds checking
mechanisms to ensure there is
no configuration inconsistency
with port trunking.
 PVST+ is available starting with
Catalyst 4.1 release.
53
PVST+

With PVST+, load sharing can be
implemented.
In
a Cisco PVST+ environment, you can tune
the spanning-tree parameters so that half of
the VLANs forward on each uplink trunk.

For example, port F0/3 on switch S2 is the
forwarding port for VLAN 20, and F0/2 on
switch S2 is the forwarding port for VLAN 10.
This
is accomplished by configuring one switch
to be elected the root bridge for half of the
total number of VLANs in the network, and a
second switch to be elected the root bridge for
the other half of the VLANs.
In the figure, switch S3 is the root bridge for
VLAN 20, and switch S1 is the root bridge for
VLAN 10.

Creating different STP root switches per VLAN
creates a more redundant network.
PVST+ Bridge ID

PVST+ requires that a separate instance of
spanning tree run for each VLAN.
To
support PVST+, the 8-byte BID field is modified to
carry a VLAN ID (VID).

The following provides more details on the PVST+
fields:
Bridge
priority.


priority - A 4-bit field carries the bridge
Due to the limited bit count, the priority is conveyed in
discrete values in increments of 4096 rather than in
increments of 1.
The default priority, in accordance with IEEE 802.1D, is
32,768, which is the midrange value.
Extended
system ID - A 12-bit field carrying the VID.
MAC address - A 6-byte field with the MAC
address.

The MAC address is what makes a BID unique.
When
the priority and extended system ID are
prepended to the switch MAC address, each VLAN
on the switch can be represented by a unique BID.
PVST+


The table shows the default spanning-tree
configuration for a Cisco Catalyst 2960 series switch.
Notice that the default spanning-tree mode is PVST+.
What is RSTP?

RSTP (IEEE 802.1w) is an evolution of the 802.1D.
RSTP



does not have a blocking port state.
RSTP defines port states as discarding, learning, or
forwarding.
Port F0/3 on switch S2 is an alternate port in
discarding state.
RSTP can achieve much faster convergence in
a properly configured network, sometimes in
as little as a few hundred milliseconds by
placing designated ports into forwarding state
immediately.
If
a port is configured to be an alternate or a
backup port it can immediately change to a
forwarding state without waiting for the network
to converge.

The following briefly describes RSTP
characteristics:
RSTP
is the preferred protocol for preventing
Layer 2 loops in a switched network environment.
Cisco-proprietary enhancements, such as
UplinkFast and BackboneFast, are not compatible
with RSTP.
RSTP (802.1w) supersedes STP (802.1D) while
retaining backward compatibility.

In addition, 802.1w is capable of reverting back to
802.1D to interoperate with legacy switches on a perport basis.
RSTP
keeps the same BPDU format as IEEE
802.1D, except that the version field is set to 2 to
indicate RSTP.
Port can safely transition to the forwarding state
without having to rely on any timer configuration.
Rapid Transition to Forwarding State
 Rapid
transition is the most important feature
introduced by 802.1w.
The
legacy STA passively waited for the network to
converge before it turned a port into the forwarding
state.
 The
new rapid STP is able to actively confirm that
a port can safely transition to the forwarding state
without having to rely on any timer configuration.
In
order to achieve fast convergence on a port,
the protocol relies upon two new variables: edge
ports and link type.
Edge Ports

An RSTP edge port is a switch port that is never
intended to be connected to another switch
device. It immediately transitions to the forwarding
state when enabled.
Unlike
PortFast, an RSTP edge port that receives a BPDU
loses its edge port status immediately and becomes a
normal spanning-tree port.

The Cisco RSTP implementation maintains the
PortFast keyword using the spanning-tree portfast
command for edge port configuration.
Configuring
an edge port to be attached to another
switch can have negative implications for RSTP when it is
in sync state because a temporary loop can result,
possibly delaying the convergence of RSTP due to BPDU
contention with loop traffic.
RSTP Link Types


RSTP can only achieve rapid transition to the
forwarding state on edge ports and on point-topoint links.
The link type provides a categorization for each
port participating in RSTP.
Non-edge
ports are categorized into 2 link types,
point-to-point and shared.




The link type is automatically derived from the duplex
mode of a port.
A port that operates in full-duplex is assumed to be pointto-point, while a half-duplex port is considered as a shared
port by default.
point-to-point links are candidates for rapid transition to a
forwarding state.
However, before the link type parameter is
considered, RSTP must determine the port role.
Root

ports: do not use the link type parameter.
Root ports are able to make a rapid transition to the
forwarding state as soon as the port is in sync.
Alternate
and backup ports: do not use the link type
parameter in most cases.
Designated ports: make the most use of the link type
parameter.

Rapid transition to the forwarding state for the designated
port occurs only if the link type parameter indicates a
point-to-point link.
RSTP Port States

With RSTP, the role of a port is separated from
the state of a port.
For
example, a designated port could be in the
discarding state temporarily, even though its final
state is to be forwarding.
The figure shows the three possible RSTP port
states: discarding, learning, and forwarding.
In all port states, a port accepts and processes
BPDU frames.

There are only 3 port states left in RSTP that
correspond to the three possible operational
states.
The
802.1D disabled, blocking, and listening states
are merged into a unique 802.1w discarding state.
RSTP Port Roles





Root - A forwarding port that has been elected for the spanning-tree
topology
Designated - A forwarding port for every LAN segment
Alternate - An alternate path to the root bridge. This path is different
than using the root port.
Backup - A backup/redundant path to a segment where another
bridge port already connects.
Disabled - Not strictly part of STP, a network administrator can manually
disable a port
Design STP for Trouble Avoidance

Know Where the Root Is
You
now know that the primary function of the STA is to
break loops that redundant links create in bridge
networks.
Do not leave it up to the STP to decide which bridge is
root.



For each VLAN, you can usually identify which switch can
serve as root.
Generally, choose a powerful bridge in the middle of the
network. If you put the root bridge in the center of the
network with a direct connection to the servers and routers,
you reduce the average distance from the clients to the
servers and routers.
If switch S2 is the root, the link from S1 to S3 is blocked
on S1 or S3. In this case, hosts that connect to switch S2
can access the server and the router in two hops. Hosts
that connect to bridge S3 can access the server and
the router in three hops. The average distance is two
and one-half hops.
If switch S1 is the root, the router and the server are
reachable in two hops for both hosts that connect on S2
and S3. The average distance is now two hops.
Note: For each VLAN, configure the root bridge and
the backup root bridge using lower priorities.
Design STP for Trouble Avoidance

In non-hierarchical networks you might need to tune the STP cost
parameter to decide which ports to block.
However,
this tuning is usually not necessary if you have a hierarchical
design and a root bridge in a good location.
Knowing the location of redundant links helps you identify an
accidental bridging loop and the cause. Also, knowing the location of
blocked ports allows you to determine the location of the error.

Minimize the Number of Blocked Ports
The
only critical action that STP takes is the blocking of ports.
A good way to limit the risk inherent in the use of STP is to reduce the
number of blocked ports as much as possible.

VTP Pruning
You
do not need more than two redundant links between two nodes in
a switched network.
Distribution switches are dual-attached to two core switches, switches,
C1 and C2. Users on switches S1 and S2 that connect on distribution
switches are only in a subset of the VLANs available in the network.
In the figure, there are three redundant paths between core switch C1
and core switch C2. This redundancy results in more blocked ports and a
higher likelihood of a loop.

Manual Pruning
VTP
pruning can help, but this feature is not necessary in the core of the
network. In this figure, only an access VLAN is used to connect the
distribution switches to the core. In this design, only one port is blocked
per VLAN.
Also, with this design, you can remove all redundant links in just one
step if you shut down C1 or C2.
Design STP for Trouble Avoidance

Use Layer 3 Switching
Layer
3 switching means routing approximately
at the speed of switching. A router performs two
main functions:


It builds a forwarding table. The router generally
exchanges information with peers by way of routing
protocols.
It receives packets and forwards them to the correct
interface based on the destination address.
There
is no speed penalty with the routing hop
and an additional segment between C1 and C2.

Leaving the VLAN by Layer 3 switching is as fast as
bridging inside the VLAN.
Core
switch C1 and core switch C2 are Layer 3
switches.



VLAN 20 and VLAN 30 are no longer bridged
between C1 and C2,
there is no possibility for a loop.
STP no longer blocks any single port, so there is no
potential for a bridging loop.
Design STP for Trouble Avoidance

Keep STP Even If It Is Unnecessary

Keep Traffic off the Administrative VLAN and Do
Not Have a Single VLAN Span the Entire Network
Generally,
disabling STP in a switched network is
not worth the risk.
Assuming you have removed all the blocked ports
from the network and do not have any physical
redundancy, it is strongly suggested that you do not
disable STP.
However, if a technician makes a connection
error on a patch panel and accidentally creates a
loop, the network will be negatively impacted.
In
administrative VLAN, the switch behaves like a
IP host.
A high rate of broadcast traffic on the
administrative VLAN can adversely ability to
process vital BPDUs.
Therefore, keep user traffic off the administrative
VLAN.

Until recently, there was no way to remove VLAN
1 from a trunk in a Cisco implementation.
As
of Cisco IOS Software Release 12.1(11b)E, you
can remove VLAN 1 from trunks. VLAN 1 still exists,
but it blocks traffic, which prevents any loop
possibility.
Though useful, this setup can be dangerous
because a bridging loop on VLAN 1 affects all
trunks, which can bring down the whole network.
Troubleshoot STP Operation: Troubleshoot a Failure

In-band access may not be available
during a bridging loop. Therefore, out-ofband connectivity, such as console
access may be required.
For
example, during a broadcast storm
you may not be able to Telnet to the
infrastructure devices.

Before you troubleshoot a bridging loop,
you need to know at least these items:
Topology of the bridge network
Location of the root bridge
Location
of the blocked ports and the
redundant links

This knowledge is essential. To know
what to fix in the network, you need to
know how the network looks when it
works correctly.
Most
of the troubleshooting steps simply
use show commands to try to identify error
conditions. Knowledge of the network
helps you focus on the critical ports on the
key devices.
Troubleshoot STP Operation: PortFast Configuration Error
 You
typically enable PortFast
only for a port or interface
that connects to a host.
When
the link comes up on this
port, the bridge skips the first
stages of the STA and directly
transitions to the forwarding
mode.
Even with a PortFast
configuration, the port or
interface still participates in STP.
Cisco IOS software have a
feature called BPDU guard.
BPDU guard disables a PortFastconfigured port or interface if
the port or interface receives a
BPDU.
Troubleshoot STP Operation: PortFast Configuration Error

Caution: Do not use PortFast on switch
ports or interfaces that connect to other
switches, hubs, or routers. Otherwise, you
may create a network loop.
If
the looped traffic is very intensive, the
switch can have trouble successfully
transmitting the BPDU that stops the loop.
This problem can delay the convergence
considerably or in some extreme cases can
actually bring down the network.

In this example, port F0/1 on switch S1 is
already forwarding. Port F0/2 has
erroneously been configured with the
PortFast feature.
Therefore,
when a second connection
from switch S2 is connected to F0/2 on S1,
the port automatically transitions to
forwarding mode and creates a loop.
Comparing STP with RSTP
 Both


 RSTP
–Backwards compatible with
Use portfast command
STP
to allow ports to
transition immediately to
forwarding state
Use same basic
configuration
commands for
establishing
primary/secondary
bridges
Good Luck on your Test


Test-Discuss – Hands on, configuring all up until
now! Similar to the Packet Tracer activity, but
without all the commands laid out for you.
Study Guide




pg. 196-199 Root bridge and Port Roles – Will go over
this NEXT CLASS meeting!
Labs:


Pg. 190 – Matching
Pg. 200-201 – STP Configuration Exercise
Lab 5-1, pg. 206-213 – actually in the LAB
Packet Tracer

Challenge Spanning Tree protocol – Lab Book – LSG03Lab552.pka on Public