STP (Spanning Tree Protocol) - Step by Step Configuration Tutorial

Introduction:

Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on switches. It was first introduced as CST (Common Spanning Protocol) then IEEE introduced its advanced version as STP with specification IEEE 802.1D. The main purpose of STP is to ensure that switches do not create loops when they have redundant paths in a network.

Concepts:

STP runs by default on switches that are 802.1D-compliant. STP implement on switches in order to prevent loops in the network. We use redundant links as backups in the case of a failover in a network. A failure of your primary links activates the backup links so that users can continue to use the network, but without STP on the switches, such a failure can result in a loop.

Diagram:

In this topology, a redundant link is in between Switch 1 and Switch 2. However, this setup can create the possibility of a loop. For example, when a broadcast or multicast packet travels from PC-1 to PC-2 it can simply continue to circulate between both switches.

  But, when STP runs on both switches, the network logically looks like this:

Description of Technology:

In order to provide this path redundancy, as well as to avoid loops, STP forces redundant data paths into a standby (blocked) state and leaves other paths in a forwarding state. If a link in the forwarding state becomes unavailable, STP reconfigures the network and reroutes data paths through the activation of the appropriate standby path.

In STP first all the switches in the network elect a root bridge that becomes the centre point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode are made by this root bridge.

i. Root Bridge: All the switches exchange their information for use in the root bridge selection. Bridge protocol data units (BPDUs) carry this information. Each switch compares these parameters in the BPDU that the switch sends to a neighbour with the parameters in the BPDU that the switch receives from the neighbour. 

How is Root Bridge elected?

Root Bridge is elected on the basis of Bridge ID

Bridge ID – It is made up of two parts:

• Priority (2 bytes) - by default 32768
• MAC Address (6 bytes) Lower is preferred.

In the root bridge selection process, less is better. If Switch A advertises a bridge ID that is a lower number than the bridge ID that Switch B advertises, then the information from Switch A is better. Switch B stops the advertisement of its bridge ID and accepts the bridge ID of Switch A.

Note: Nowadays we find priority in switches is 32769. It is a combination of bridge priority and VLAN id. Like for VLAN 1, the priority will be 32769=32768+1(for VLAN id 1).

ii. Non-Root Bridge:

It is not a root bridge and a non-root bridge finds one best path to reach root bridge and this port is known as Root-Port and block all its alternative paths towards root bridge. Every non-root bridge has only one root port.

iii. Root-port: Root Port is that port which is always available on non-root switches. There are few criteria to elect root port.

1. Path Cost: STP calculates the path cost based on the media speed (bandwidth) of the links between switches. Spanning tree selects the root port based on the path cost. The port with the lowest path cost to the root bridge becomes the root port. The root port is always in the forwarding state.

STP path cost (by IEEE):

Ethernet- 100

Fast Ethernet- 19

1 Gigabit Ethernet- 4

10 Gigabit Ethernet- 2

2.  Port Priority: It determines the best path when multiple links are used between two switches. The path cost of a link is determined by the bandwidth of a link, and when multiple links of the same bandwidth are connected then this port priority is the deciding factor used by every bridge to find the most efficient path to the root bridge.

Port Priority – 128 (by default)

3. Port Number: Every switch port has its own unique port number. When the path cost and port priority are same on both the switches then this port number will be the tie breaker. The port having lower number will be preferred. We always check the port number on root bridge and that link on a non-root bridge which is directly connected to the lower port number of root bridge will be our root port.

 iv. Designated Ports: Designated ports are those ports from where Root Bridge forward BPDU’s. Only designated ports have the capability to send BPDU messages to each switch in its segment. Every 2 seconds root bridge sends BPDU’s to its neighbour. Every link segment has a designated port.

v. BPDU(Bridge Protocol Data Unit): BPDUs are frames that contain information about the Spanning tree protocol (STP). BPDUsare exchanged across the switches within a LAN that uses a spanning tree protocol topology. BPDU packets contain information of route bridge id, route ports, priorities and costs and ensure that the data ends up where it was intended to go.

vi. Blocked port: Blocked ports are those ports which always present on the non-root bridge. Any active port that is not a root port or a designated port is a blocked port.  A blocked port won’t forward frames in order to prevent loops. A blocked port will always listen to BPDU frames from neighbor switches, but it will drop any other frames received and will never transmit a frame.

Step-by-Step Instructions:

Step-1: In above scenario, Switch 1 is the best choice for the root switch of the network because Switch 1 has the lower bridge-id.

switch1#sh spanning-tree VLAN 1

VLAN0001

Spanning tree enabled protocol IEEE

Root ID    Priority    32769

Address     0060.3E14.939D

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec  

Bridge ID Priority    32769 (priority 32768 sys-id-ext 1)

Address     0060.3E14.939D

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Desg FWD 19        128.1    P2p

Fa0/2            Desg FWD 19        128.2    P2p

Fa0/3            Desg FWD 19        128.3    P2p

Step-2: Here, on switch 2 when we give command show spanning-tree VLAN 1, then:  

switch2#sh spanning-tree VLAN 1

VLAN0001

Spanning tree enabled protocol IEEE

Root ID    Priority    32769

Address     0060.3E14.939D

Cost        19

Port        2(FastEthernet0/2)

Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)

Address     00D0.5875.83A9

Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Root FWD 19        128.1    P2p

Fa0/2            Altn BLK 19           128.2    P2p

Fa0/3            Desg FWD 19        128.3    P2p

Here on switch2, we can easily see that switch1 is the root bridge because it has lower priority and all the ports of switch1 are designated ports while in the case of switch2 port no 1 and port no 2 which are directly connected to switch 1 has one in a forwarding state while another one in the blocking state.

Step-3: If we want to change priority of switch-2, we can by giving this command:

switch2(config)#spanning-tree VLAN 1 priority 4096

With the help of this command, we can decrease the priority of sw-2 and make it our root bridge.

switch2#sh spanning-tree VLAN 1

VLAN0001

Spanning tree enabled protocol IEEE

Root ID    Priority    4097

Address     00D0.5875.83A9

This bridge is the root

Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec  

Bridge ID  Priority    4097  (priority 4096 sys-id-ext 1)

Address     00D0.5875.83A9

Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

Aging Time  20  

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Desg FWD 19        128.1    P2p

Fa0/2            Desg LSN 19        128.2    P2p

Fa0/3            Desg FWD 19        128.3    P2p

Step-4: If you want to change your blocked port into root port, you can change it. How?

1. First go to your root bridge.
2. Then decrease the port priority of that designated port which is directly connected to the blocked port.

• Like in this scenario:

switch2(config)#interface fastEthernet 0/2

switch2(config-if)#spanning-tree VLAN 1 port-priority 16

1. Then go to your non-root bridge and give command: show spanning-tree VLAN 1

  switch1#sh spanning-tree VLAN 1

  Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Altn BLK 19        128.1    P2p

Fa0/2           Root FWD 19        128.2    P2p

Fa0/3            Desg FWD 19        128.3    P2p    

Spanning-tree Port States:

The ports on a switch which running IEEE 802.1d STP can change from one state to another through five different states:  

Disabled: In this state, the port is in administratively disabled state and it will not participate in frame forwarding or STP. In the disabled state, the port is virtually non-operational.  

Blocking: A blocked port won’t forward frames in order to prevent loops. A blocked port will always listen to BPDU frames from neighbour switches, but it will drop any other frames received and will never transmit a frame. The purpose of the blocking state is to prevent the use of looped paths.

Listening: In this state, ports will listen to BPDUs and will send BPDUs but will not learn MAC address. A port in listening state prepares itself to forward data frames without populating the MAC address table. It will take 15 seconds from listening to learning state.  

Learning: In learning state, ports listens to BPDUs and learns MAC address. A port in learning state populates the MAC address table but still doesn’t forward data frames. From learning to forwarding mode, it will take 15 seconds by default    

Forwarding: This port sends and receives all data. If the port is a designated or root port at the end of the learning state, it will enter into the forwarding state.

What are Portfast, Uplinkfast and Backbone fast?  

Portfast: Portfast enables access ports on a switch to enter directly into spanning tree forwarding state, bypassing the listening and learning states. If we enable PortFast on a port that is connected to another Layer 2 device, such as the switch, there will be chances of network loops.

  If we have end-devices like server or desktops connected to a switch that are totally sure will not create a switching loop if STP is disabled, we can use PortFast on these ports. With this tool, the port won’t spend a time to come up into blocking to forwarding state while STP is converging.  

Uplinkfast: When we have multiple links connected between different switches then only one of which is forwarding at any given time. UplinkFast provides fast convergence after spanning tree topology change. The uplink group provides an alternate path in case current forwarding link fails. The uplink group is a set of ports consists of the root port (which is forwarding) and a set of blocked ports.

Example: In this topology, Switch A is the root switch and it is directly connected to Switch B with link L1 and Switch C is directly connected with link L2. The port on Switch C is connected to Switch B with link L3 and it is in blocking state.

  Topology- Uplink-1

Topology-: uplink-2

If Switch C detects a direct link failure on the currently active link L2 then the port which was in blocking state earlier will first go to listening, learning state and then forwarding state

    Topology-:uplink-3

But if we enable UplinkFast, the blocked port on Switch C, enters into forwarding state immediately, without transitioning the port through the listening and learning states.

Backbonefast:
The BackboneFast decreases the convergence time of the Spanning Tree Protocol (STP) when an Indirect link (failure of a link to which the switch is not directly connected) failure, anywhere in the Spanning Tree Protocol (STP) Topology.

In this topology, the link between switch-2 and switch-1 (root-bridge) has failed and the link between sw-2 and sw-1 is not a direct link for Switch-3.

When the switch-2 detects the link failure it will invalidate the best BPDU’s stored for its port connecting to sw1(root bridge).After invalidation of BPDU’s from switch-1, Switch-2 will think itself as the root bridge of the STP because now it does not have the information of sw-1 since no other ports are receiving BPDU’s from root bridge.

Now sw-2 will start sending inferior BPDU’s to sw-3.

Inferior BPDU-: A BPDU is considered inferior if the information of root- bridge contained in it is worst when compared to the information which is coming from original root bridge. Switches can identify inferior BPDUs from higher Bridge ID included in the inferior BPDU. A Switch with higher Bridge ID cannot become the Root Bridge.  

Now, the BPDU’s sent from switch-2 is inferior for switch-3, because it is still receiving better BPDU’s from the current root-bridge (switch-1).

Download PDF STP (Spanning Tree Protocol) - Step by Step Configuration Tutorial

When sw-3 start receiving inferior BPDU’s at its interface from Sw-2, switch-3 would ignore the inferior information until the BPDU’s stored with the blocked port expires max age timer (20 seconds).

When the max-age timer expires, and the Switch-3 is still receiving inferior BPDUs from sw2, sw3 will start responding to the inferior BPDUs. The port in sw3, which received the inferior BPDUs from sw2, will move to Listening State, and sw3 will start passing sw1 (Root Bridge) BPDUs to sw2(since the BPDUs from sw1 are superior compared to the BPDUs from SW2).

Now, sw2 will start getting the original BPDUs from the Root Switch (Root Bridge) and move its port through Listening State and Learning State and finally Forwarding State. Both sw3 and sw2 will move their ports into forwarding states and re-establishing the lost connectivity.

Therefore, the time required to re-establish an indirect link failure is (max age timer + listening +learning) which is too high for current network applications.

If Backbone Fast is enabled in the network, Spanning Tree Protocol (STP) behaves as below: When sw-3 receives an inferior BPDU from sw-2, it will send a Root Link Query (RLQ) PDU on all non-designated ports (except the port where it received the inferior BPDU) to hear that the Root Switch (Root Bridge) is available or not.

The port on which sw-3 received the inferior BPDU from sw-2 is also excluded because that path is already failed.

When a Root Link Query (RLQ) response is received on a port and if the answer is negative then the port lost its connection to the root and you can age out its BPDU. If all other non-designated ports received a negative answer, then Switch-3 has lost connection to Root Switch (Root Bridge) and can start the Spanning Tree Protocol (STP)calculation from beginning.

But, if sw3 receives any positive response, it will assume the current Root Switch (Root Bridge) is still reachable. In our case, sw3 will receive a positive response from sw-1(root-bridge) then it will start relaying sw-1 (Root Bridge), BPDUs to sw-2.

Backbone Fast is pro-active (by using Root Link Query (RLQ) and when Backbone fast is implemented, it can minimize the max age timer interval. By enabling Backbone fast, the max age timer can be skipped and the delay is minimized from 50 seconds to 30 seconds.