STP (Spanning Tree Protocol)

Done

Spanning Tree Protocol is a Layer 2 Protocol that makes redundancy possible.

Broadcast Storm

It happens when a looping of broadcasts occur, resulting in the congestion of the network

MAC Address Flapping

This one occurs when due to a problem, a switch keeps updating a MAC address`s interface in the MAC address table, in this topic due to a broadcast storm.

Classic STP (Spanning Tree Protocol)

It is defined in the IEEE 802.1D

It runs by default in many vendor`s switches

It works by placing redundant ports in a blocking state. In this state the port will not forward frames, only sending and receiving BPDUs (Bridge Protocol Data Units). These ports act as backup, turning into a forwarding state in case the previous established ones fail.

Other ports will work in a forwarding state, behaving normally.

STP-enabled switches will send/receive Hello BPDUs out of all interfaces every 2 seconds, advertising they are a switch.

In this Hello BPDU there is a field called Bridge ID, which by itself is subdivided in:

Bridge Priority (16 Bits)
- Default is 32768

MAC Address (48 Bits)

The lowest Bridge ID will be elected the root bridge. This one will have all ports into forwarding state, becoming the heart of the switches.

💡

In a tie, the lowest MAC Address decides the root bridge

All the ports that don`t receive a BPDU, can only assume it is connected to a host, therefore, it will stay in a forwarding state.

Root Ports

The root port is the one that points to the root bridge with the lowest cost of its interfaces connected directly and indirectly to the root bridge. Every switch will have only one root port.

The root cost is determined by the sum of cost of outgoing interfaces along the path to the root bridge.

If the root cost is the same, in order:

Lowest neighbor bridge ID

Lowest neighbor port ID

Designated port

All the ports of the root bridge and the ones on the other end of a root port will be a designated port.

In the remaining links, it will be determined by:

lowest root cost of the SWITCH (don`t confuse with root port)

lowest bridge id of the SWITCH

Blocking Ports

Theses ports are not in a forwarding state, but the receive and process BPDUs. They can be discovered after all port types have been discovered, so they will be the remaining ones.

Commands

show spanning-tree

💡

Displays information about the Spanning Tree Protocol on all VLANs

show spanning-tree vlan 10 // show spanning-tree vlan {vlan-id}

💡

Displays the information of STP of a specific vlan

show spanning-tree details

💡

Displays the STP with more details

show spanning-tree summary

💡

Says only the state of the ports

STP Port States

Blocking	Stable
Listening	Transitional
Learning	Transitional
Forwarding	Stable

Blocking

Non-designated ports stay in a Blocking state

They are disabled to prevent loops.

They do NOT send/receive regular traffic.

They do NOT learn MAC Addresses.

They DO receive BPDU, but do NOT forward them.

Listening

This happens after the Blocking state for designated/root ports.

They stay in this state for 15 seconds by default, as configured in the forward delay.

They do NOT send/receive regular traffic.

They do NOT learn MAC Addresses.

They DO send/receive BPDUs.

Learning

This is a preparation for the forwarding state, where the switch builds up some MAC addresses for its MAC address table

They stay in this state for 15 seconds by default (forward delay).

They do NOT send/receive regular traffic.

They DO learn MAC Addresses.

They DO send/receive BPDUs.

Forwarding

This is the final state for Designated/Root ports, where normal operation occurs of a switch.

They DO send/receive regular traffic.

They DO learn MAC Addresses.

They DO send/receive BPDUs.

STP Timer

💡

The STP Timer on the root bridges defines the network settings

BPDU

PVST+ MAC Address = 0100.0ccc.cd

Classical STP MAC Address = 0180.c200.000

💡

The 80 in hexadecimal refers to the 128, which is the por default priority, while 02 refers to the number of the port (2).

💡

This increases each time it passes in a switch, and when received, the switch will subtract this value with the Max Age value

PortFast

It is a feature that minimize one problem of the STP. What if you connect a endhost to the switch? It will have to wait the 30 seconds of listening/learning states to make sure there are no loops. However, PortFast solves this problem, by bypassing these states and going directly to Forwarding mode.

💡

This should be only used in access ports to endhosts as it could cause a loop otherwise.

Option #1 - Specific interface

configure terminal
interface g0/1
spanning-tree portfast // It only enables PortFast for that specific port

💡

You can set this in a interface in switchport trunk mode, however it just won`t work

Option #2 - Global PortFast

This enables PortFast on all access ports

configure terminal // Global Configuration Mode
spanning-tree portfast default

BPDU Guard

This is an additional feature for PortFast. It Prevents that someone plugs a switch in a PortFast interface, by disabling it.

configure terminal
interface g0/1
spanning-tree bpduguard enable

configure terminal
interface g0/1
spanning-tree portfast bpduguard default

STP Configuration

Define the Root Bridge and its Backup

configure terminal
spanning-tree vlan 10 root primary // Defines this switch as the Root Bridge for VLAN 10

configure terminal
spanning-tree vlan 10 root secundary // Selects this switch as the next candidate as Root Bridge in case the primary fails

Port Settings

Port Cost

configure terminal
interface g0/1
spanning-tree vlan 1 cost 200 // Configures the cost of that port in VLAN 1

Port Priority

configure terminal
interface g0/1
spanning-tree vlan 1 port-priority 32 //Configures the port-priority of vlan 1 to (32.1)