Q. What is it?
A.The whole point of spanning tree is to stop loops from occurring in the network.
Q. How did the loops get there in the first place?
A. As a network admin you put them there by design to add redundancy to your network. By having multiple links going between switches the chance of a failure is reduced. However if a broadcast is sent across the network it can endlessly loop around the redundant links, causing your network to go down.
And now for the big question. How does it work?
802.1D The original spanning tree (STP)
Sends out bridge protocol data units ( BPDU ) to find loops in the network.
Inside the BPDU is the bridge priority of the switch and its MAC address. Not only does it help find loops, but it also helps the switches decide the best way to get around the network and discover if a link has gone down.
By default a BDPU is sent out every 2 seconds
The bridge priority has a range of 0 – 65536 with the default set in the middle at 32768
To find the best way around the network a root bridge/switch is elected. The election is won by the switch with the lowest bridge priority. If two switches have the same bridge ID then the switch with the lowest MAC address is declared the winner.
Note: older switches normally have a lower mac address than newer switches. So if spanning tree is left unconfigured then the oldest switch becomes the root bridge. And that can be really bad!
After the root bridge is elected all the switches in the network converge to find the best path to the root bridge. Once the best path is found everything left over gets blocked.
Each port has a cost based on speed. Least total cost of all the ports determines the best path to root bridge.
Root port is the port used to reach the root bridge
Designated port is forwarding. There can only be one designated port per link
Root bridge has all designated ports
STP port states:
| Disabled | |
| Listening | 15 seconds listening for BPDUs and sending BPDUs |
| Learning | 15 seconds learning MAC addresses, populating the CAM table |
| Forwarding | Traffic is being forwarded |
| Blocking | 20 seconds (max-age) waiting before listening again |
STP port roles:
| Root port | The port used to get to the root bridge |
| Designated port | Port used to forward traffic |
The new 802.1W Rapid spanning tree (RSTP)
Sends BPDU then immediately puts the port in a discarding state. The neighboring switch will decide if the BPDU is superior and send a request to transition the port to a forwarding state. Then the neighbor will put its ports in a discarding state and the process repeats itself until the network converges. However if the BPDU is not superior then the neighbor will do nothing and the port will remain in a discarding state.
Notice how there are no timers, making RSTP very fast to converge
Note: RSTP is reverse compatible with STP
RSTP port states:
| Discarding | Replaces disabled, blocking and listening |
| Learning | |
| Forwarding |
RSTP port roles:
| Root port | The port used to get to the root bridge |
| Designated port | Port used to forward traffic |
| Alternate port | Backup for root port (alternate path to root) discarding |
| Backup port | Backup for designated port on shared medium like a hub |
PerVLAN spanning tree PVST+ and RPVST
On a Cisco device each VLAN has its own instance of spanning tree running. Advantages of this is that you can set a different different root bridge on each VLAN allowing the traffic to be load balanced between the core switches.
3 different ways Cisco does this:
PVST
Cisco proprietary, only works with ISL and not 801.2q meaning that it will not work with equipment from a different vendor
PVST+
Also Cisco proprietary however uses 802.1q so it will play nice with other vendors equipment and is reverse compatible with PVST
Rapid-PVST+
Same as PVST+ except its for RSTP 802.1w. This is also proprietary
PortFast
Before RSTP Cisco used port fast to speed up the failure recovery time of spanning tree. This is done by allowing access ports only to skip spanning tree all together and go straight to forwarding.
Warning! even though port fast cannot be configured on a trunk port two switches can be hooked together on an access port and cause a loop.
BPDU guard watches non-trunk ports for BPDUs and blocks them (errdisable) if one is detected.
Note:
Access ports only
There is also uplinkfast and backbone fast but they are not mentioned in the exam.
Memory tables for spanning tree
3 rules of spanning tree
1. Determine the center of the network
2. Find the fastest way to the center of the network
3. Block anything left over
| STP | RSTP | Port included in topology | Port learning MAC addresses |
| Disabled | Discarding | No | No |
| Blocking | Discarding | No | No |
| Listening | Discarding | Yes | No |
| Learning | Learning | Yes | Yes |
| Forwarding | Forwarding | Yes | Yes |
| Link Bandwidth | STP Cost | RSTP Cost |
| 10Mbps | 100 | 2,000,000 |
| 100Mbps | 19 | 200,000 |
| 1Gbps | 4 | 20,000 |
| 10Gbps | 2 | 2,000 |
This post is a part of my notes on Cisco CCNA exam and is only meant as a reference and not a complete study guide.