STP (Spanning-Tree Protocol) is one of those protocol that’ll run in the background with minimal management overhead providing there are no topology changes. STP functions is to primarily prevent bridge loops in a single broadcast domain. Given its capabilities, it is also used in network design in terms of redundant links as it provides dynamic backup path in case of a failure (Active Link). Note that it is a Layer 2 protocol.
For the sake of this topic, we will use a 3 SW topology in a triangle format to mimic redundancy. Let’s dive in…

In a Spanning tree topology, a root bridge needs to be elected. Think of “Root Bridge” as the master of the Spanning-tree topology.

In the figure above, STP is enabled on all switches. We can clearly see here that the priority is the same across all switches but the Mac addresses are different of course. The root bridge is the switch with the lowest Bridge ID. A Bridge ID is the combination of the Mac address and the Priority. The lowest wins ! Those information are carried in a frame called BPDU (Bridge Protocol Data Unit).
So in our example above, since all switches have the same priority and RouteLeak-SW01 has the lowest Mac Address; then we can safely conclude that RouteLeak-SW01 is the Root Bridge here.
Let’s check…

The output of the “sh spanning-tree” command here clearly validates our analysis. We can see that RouteLeak-SW01 is in fact the Root Bridge. Also, note that all ports on the Root Bridge are always “Designated” meaning they are in forwarding state.

We’ve now successfully established that RouteLeak-SW01 is the root bridge. The next step is for the “Non-Root” Bridges (Every switch that is not the root, SW02 and SW03 in our case) to find the shortest path to the root bridge by electing a root port. In our example…

We can see here that Gig1/0/2 is the root port. It is in fact the interface connected to RouteLeak-SW01.
Gig1/0/1 is in forwarding state. Based on this information, we can make a preliminary deduction in regards to the port states of RouteLeak-SW03… I’ll let you think about it for a sec…

Well, Since all ports on the Root Bridge are forwarding traffic as well as all ports on RouteLeak-SW02, then there has to be one port on RouteLeak-SW03 that is in blocking state. Let’s check…

Our assumption was correct. We can see here that Gig1/0/1 which is the interface connected to RouteLeak-SW02 is in blocking state (Alternate Role). Gig1/0/2 is the root port as it is connected to the root bridge.

Note that the shortest path to the root bridge is calculated based on the interface speed. Here in our example all interfaces have identical speed (1000Mbit) so the cost on all interfaces will be 4.

Below is a quick summary of the default cost per interface speed:

10 Mbit = Cost 100
100 Mbit = Cost 19
1000 Mbit = Cost 4

Have you noticed anytime you plug a switch to the network or you plug a server into a switchport that do not the “Spanning-tree portfast” command, the led turns orange and after a while it turns green ? Well, that’s simply STP computing the state of the interface and converging. Here are the different states the switch will undergo before forwarding data frames:

*The port goes into listening mode (15 seconds). At this phase, it will simply send and receive BPDUs.
*The port move to learning mode (15 seconds). This is similar to the first phase but the switch will now learn Mac addresses.
*The port transition to forwarding mode. This is the final stage and data are finally being transmitted.

Now that you have a basic understanding of STP, let me give you a brief explanation on how to read the output of the “sh spanning-tree” command. Let’s take a look at the output on RouteLeak-SW01…

STP has multiple modes and the default mode for Cisco Catalyst Switches is PVST. This just shows that were are looking at the STP for VLAN1. Since RouteLeak-SW01 is the root bridge, the Root ID info is almost identical with the Bridge ID info.
If you remember earlier I stated that the default priority is 32768 on Cisco Catalyst switches but we can see here the priority is 32769 instead. That’s simply because STP will add the vlan number to the priority value. The additive value is the sys-id-ext you see on the output. Now you can try the same at home by creating multiple VLANs other than VLAN 1 and see the priority value increase.

How about the Time Values:
*Hello time: a BPDU is sent every 2 secs.
*Max Age: If a BPDU is not received in 20 secs, then recompute STP.
*Forward Delay: 15 seconds by default (Listening and Lerning State).

One of my favorite troubleshooting command is: show spanning-tree detail | inc ieee|occurr|from|is exec.

The output displays the last time Spanning-tree recalculation took place and for which instance. This is great as it helps you narrow down the root cause of the issue.

The above is the very basic of the protocol. Note that you have the ability to influence the topology in order to select a root bridge of your choice. You also have the capability to force a specific blocked interface into forwarding mode. In a LAN environment, your Root Bridge needs to be at the core level. Typically your core switches (Depending on how they are deployed) will need to be the root bridges for your STP domain.

In the TSHOOT section, you will see more advanced troubleshooting labs that will include Spanning-tree with different modes and different troubleshooting commands. I encourage you to complete those labs as it will dive deeper into the core layer of the protocol.

Quick Tips: Note that Ethernet frames do not have TTL which makes your STP design a priority in your environment. No TTL = Loop forever.

Spanning-tree has different modes which we will tackle in the troubleshooting section. But for now, here are the different STP modes:

*STP (802.1D)
*RSTP(Rapid – 802.1w)
*MSTP or MST (Multiple – 802.1s or 802.1Q)
*PVST (Per VLAN – Cisco Proprietary)
*R-PVST (Rapid – Cisco Proprietary)

That’s all I have for you today… I’ll talk to you guys later.