Understand and Configure STP on Catalyst Switches (2024)

Introduction

This document describes how to use Spanning Tree Protocol (STP) to ensure that you do not create loops when you have redundant paths in your network.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco Catalyst 5500/5000 Switches

• Aconsole cablethat is suitable for the Supervisor Engine in the switch

• Six Catalyst 5509 Switches

The spanning tree principles that the document presents are applicable to almost all devices that support STP.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network.

The configurations in this document apply to Catalyst 2926G, 2948G, 2980G, 4500/4000, 5500/5000, and 6500/6000 Switches that run Catalyst OS (CatOS). Refer to these documents for information on the configuration of STP on other switch platforms:

• STP and MST(Catalyst 6500/6000 Switches that run Cisco IOS^®Software)

• Configure STP and MST(Catalyst 4500/4000 Switches that run Cisco IOS Software)

Network Diagram

This document uses this network setup:

Concepts

STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most popular and widely implemented. You implement STP on bridges and switches in order to prevent loops in the network. Use STP in situations where you want redundant links, but not loops. Redundant links are as important as backups in the case of a failover in a network. A failure of your primary activates the backup links so that users can continue to use the network. Without STP on the bridges and switches, such a failure can result in a loop. If two connected switches run different flavors of STP, they require different controlsto converge. When different flavors are used in the switches, it creates control issues between Blocking and Forwarding states. Therefore, it is recommended to use the same flavors of STP. Consider this network:

In this network, a redundant link is planned between Switch A and Switch B. However, this setup creates the possibility of a bridging loop. For example, a broadcast or multicast packet that transmits from Station M and is destined for Station N simply continues to circulate between both switches.

However, when STP runs on both switches, the network logically looks like this:

This information applies to the scenario in theNetwork Diagram:

• Switch 15 is the backbone switch.

• Switches 12, 13, 14, 16, and 17 are switches that attach to workstations and PCs.

• The network defines these VLANs:

  • 1

  • 200

  • 201

  • 202

  • 203

  • 204

• The VLAN Trunk Protocol (VTP) domain name is STD-Doc.

  See Also

  Comparing Layer 3 and Layer 2 SwitchesLayer 2 vs. Layer 3 Switches - Planet Technology USAIs cisco 3750 a layer 3 switch?Is spanning tree enabled by default?

In order to provide this desired path redundancy, as well as to avoid a loop condition, STP defines a tree that spans all the switches in an extended network. STP forces certain redundant data paths into a standby (blocked) state and leaves other paths in a forwarding state. If a link in the forwarding state becomes unavailable, STP reconfigures the network and reroutes data paths through the activation of the appropriate standby path.

Description of the Technology

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from the perspective of this root bridge. A switched environment, which is different from a bridge environment, most likely deals with multiple VLANs. When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.

All the switches exchange information for use in the root switch selection and for subsequent configuration of the network. Bridge protocol data units (BPDUs) carry this information. Each switch compares the parameters in the BPDU that the switch sends to a neighbor with the parameters in the BPDU that the switch receives from the neighbor.

In the STP root selection process, less is better. If Switch A advertises a root ID that is a lower number than the root ID that Switch B advertises, the information from Switch A is better. Switch B stops the advertisem*nt of its root ID, and accepts the root ID of Switch A.

Refer toOptional STP Featuresfor more information about some of the optional STP features, such as:

• PortFast

• Root guard

• Loop guard

• BPDU guard

STP Operation

Task

Prerequisites

Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most powerful switch, but choose the most centralized switch on the network. All data flow across the network is from the perspective of this switch. Also, choose the least disturbed switch in the network. The backbone switches often serve as the spanning tree root because these switches typically do not connect to end stations. Also, moves and changes within the network are less likely to affect these switches.

After you decide on the root switch, set the appropriate variables to designate the switch as the root switch. The only variable that you must set is thebridge priority. If the switch has a bridge priority that is lower than all the other switches, the other switches automatically select the switch as the root switch.

Clients (end stations) on Switch Ports

You can also issue theset spantree portfastcommand, on a per-port basis. When you enable theportfastvariable on a port, the port immediately switches from blocking mode to forwarding mode. Enablement ofportfasthelps to prevent timeouts on clients who use Novell Netware or use DHCP in order to obtain an IP address. However, donotuse this command when you have switch-to-switch connection. In this case, the command can result in a loop. The 30- to 60-second delay that occurs during the transition from blocking to forwarding mode prevents a temporal loop condition in the network when you connect two switches.

Leave most other STP variables at their default values.

Rules of Operation

This section lists rules for how STP works. When the switches first come up, they start the root switch selection process. Each switch transmits a BPDU to the directly connected switch on a per-VLAN basis.

As the BPDU goes out through the network, each switch compares the BPDU that the switch sends to the BPDU that the switch receives from the neighbors. The switches then agree on which switch is the root switch. The switch with the lowest bridge ID in the network wins this election process.

• STP Rule 1—All ports of the root switch must be in forwarding mode.

  

  Note: In some corner cases, which involve self-looped ports, there is an exception to this rule.

  Next, each switch determines the best path to get to the root. The switches determine this path by a comparison of the information in all the BPDUs that the switches receive on all ports. The switch uses the port with the least amount of information in the BPDU in order to get to the root switch; the port with the least amount of information in the BPDU is the root port. After a switch determines the root port, the switch proceeds to rule 2.

• STP Rule 2—The root port must be set to forwarding mode.

  See Also

  Layer 2/3 - Configuring Spanning Tree Protocol  [Cisco Catalyst 3850 Series Switches]

  In addition, the switches on each LAN segment communicate with each other to determine which switch is best to use in order to move data from that segment to the root bridge. This switch is called the designated switch.

• STP Rule 3—In a single LAN segment, the port of the designated switch that connects to that LAN segment must be placed in forwarding mode.

• STP Rule 4—All the other ports in all the switches (VLAN-specific) must be placed in blocking mode. The rule only applies to ports that connect to other bridges or switches. STP does not affect ports that connect to workstations or PCs. These ports remain forwarded.

Step-by-Step Instructions

Complete these steps:

1. Issue theshow versioncommand in order to display the software version that the switch runs.

   

   Note: All switches run the same software version.

   Switch-15> (enable)show versionWS-C5505 Software, Version McpSW: 4.2(1) NmpSW: 4.2(1)Copyright (c) 1995-1998 by Cisco SystemsNMP S/W compiled on Sep 8 1998, 10:30:21MCP S/W compiled on Sep 08 1998, 10:26:29System Bootstrap Version: 5.1(2)Hardware Version: 1.0 Model: WS-C5505 Serial #: 066509927Mod Port Model Serial # Versions--- ---- ---------- --------- ----------------------------------------1 0 WS-X5530 008676033 Hw : 2.3Fw : 5.1(2)Fw1: 4.4(1)Sw : 4.2(1)

   In this scenario, Switch 15 is the best choice for the root switch of the network for all the VLANs because Switch 15 is the backbone switch.

2. Issue theset spantree root vlan_idcommand in order to set the priority of the switch to 8192 for the VLAN or VLANs that thevlan_id specifies.

   

   Note: The default priority for switches is 32768. When you set the priority with this command, you force the selection of Switch 15 as the root switch because Switch 15 has the lowest priority.

   Switch-15> (enable)set spantree root 1VLAN 1 bridge priority set to 8192.VLAN 1 bridge max aging time set to 20.VLAN 1 bridge hello time set to 2.VLAN 1 bridge forward delay set to 15.Switch is now the root switch for active VLAN 1.Switch-15> (enable) Switch-15> (enable)set spantree root 200VLAN 200 bridge priority set to 8192.VLAN 200 bridge max aging time set to 20.VLAN 200 bridge hello time set to 2.VLAN 200 bridge forward delay set to 15.Switch is now the root switch for active VLAN 200.Switch-15> (enable) Switch-15> (enable)set spantree root 201VLAN 201 bridge priority set to 8192.VLAN 201 bridge max aging time set to 20.VLAN 201 bridge hello time set to 2.VLAN 201 bridge forward delay set to 15.Switch is now the root switch for active VLAN 201.Switch-15> (enable)Switch-15> (enable)set spantree root 202VLAN 202 bridge priority set to 8192.VLAN 202 bridge max aging time set to 20.VLAN 202 bridge hello time set to 2.VLAN 202 bridge forward delay set to 15.Switch is now the root switch for active VLAN 202.Switch-15> Switch-15> (enable)set spantree root 203VLAN 203 bridge priority set to 8192.VLAN 203 bridge max aging time set to 20.VLAN 203 bridge hello time set to 2.VLAN 203 bridge forward delay set to 15.Switch is now the root switch for active VLAN 203.Switch-15> Switch-15> (enable)set spantree root 204VLAN 204 bridge priority set to 8192.VLAN 204 bridge max aging time set to 20.VLAN 204 bridge hello time set to 2.VLAN 204 bridge forward delay set to 15.Switch is now the root switch for active VLAN 204.Switch-15> (enable)

   The shorter version of the command has the same effect, as this example shows:

   Switch-15> (enable)set spantree root 1,200-204 VLANs 1,200-204 bridge priority set to 8189.VLANs 1,200-204 bridge max aging time set to 20.VLANs 1,200-204 bridge hello time set to 2.VLANs 1,200-204 bridge forward delay set to 15.Switch is now the root switch for active VLANs 1,200-204.Switch-15> (enable)

   Theset spantree prioritycommand provides a third method to specify the root switch:

   Switch-15> (enable)set spantree priority 8192 1Spantree 1 bridge priority set to 8192.Switch-15> (enable)

   

   Note: In this scenario, all the switches started with cleared configurations. Therefore, all the switches started with a bridge priority of 32768. If you are not certain that all the switches in your network have a priority that is greater than 8192, set the priority of your desired root bridge to 1.

3. Issue theset spantree portfast mod_num/port_num enablecommand in order to configure the PortFast setting on Switches 12, 13, 14, 16, and 17.

   

   Note: Only configure this setting on ports that connect to workstations or PCs. Do not enable PortFast on any port that connects to another switch.

   • Port 2/1 connects to Switch 13.

   • Port 2/2 connects to Switch 15.

   • Port 2/3 connects to Switch 16.

   • Ports 3/1 through 3/24 connect to PCs.

   • Ports 4/1 through 4/24 connect to UNIX workstations.

   With this information as a basis, issue theset spantree portfastcommand on ports 3/1 through 3/24 and on ports 4/1 through 4/24:

   Switch-12> (enable)set spantree portfast 3/1-24 enableWarning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. 
   to a fast start port can cause temporary spanning-tree loops. Use with caution. Spantree ports 3/1-24 fast start enabled. 
   Switch-12> (enable) Switch-12> (enable)set spantree portfast 4/1-24 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. 
   to a fast start port can cause temporary spanning-tree loops. Use with caution. Spantree ports 4/1-24 fast start enabled. Switch-12> (enable)

4. Issue the show spantree vlan_idcommand in order to verify that Switch 15 is the root of all the appropriate VLANs.

   From the output from this command, compare the MAC address of the switch that is the root switch to the MAC address of the switch from which you issued the command. If the addresses match, the switch that you are in is the root switch of the VLAN. A root port that is 1/0 also indicates that you are at the root switch. This is the sample command output:

   Switch-15> (enable)show spantree 1VLAN 1spanning-tree enabledspanning-tree type ieeeDesignated Root 00-10-0d-b1-78-00!--- This is the MAC address of the root switch for VLAN 1.Designated Root Priority 8192Designated Root Cost 0Designated Root Port  1/0Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 secBridge ID MAC ADDR 00-10-0d-b1-78-00Bridge ID Priority 8192Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

   This output shows that Switch 15 is the designated root on the spanning tree for VLAN 1. The MAC address of the designated root switch,00-10-0d-b1-78-00, is the same as the bridge ID MAC address of Switch 15,00-10-0d-b1-78-00. Another indicator that this switch is the designated root is that the designated root port is 1/0.

   In this output from Switch 12, the switch recognizes Switch 15 as theDesignated Rootfor VLAN 1:

   Switch-12> (enable)show spantree 1VLAN 1spanning-tree enabledspanning-tree type IEEEDesignated Root  00-10-0d-b1-78-00!--- This is the MAC address of the root switch for VLAN 1.Designated Root Priority 8192Designated Root Cost 19Designated Root Port 2/3Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 secBridge ID MAC ADDR 00-10-0d-b2-8c-00Bridge ID Priority 32768Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

   

   Note: The output of theshow spantree vlan_idcommand for the other switches and VLANs can also indicate that Switch 15 is the designated root for all VLANs.

Verify

This section provides information you can use to confirm that your configuration works properly.

• show spantree vlan_id— Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switch on which you issue the command.

• show spantree summary— Provides a summary of connected spanning tree ports by VLAN.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

STP Path Cost Automatically Changes When a Port Speed/Duplex Is Changed

STP calculates the path cost based on the media speed (bandwidth) of the links between switches and the port cost of each port forwarding frame. Spanning tree selects the root port based on the path cost. The port with the lowest path cost to the root bridge becomes the root port. The root port is always in the forwarding state.

If the speed/duplex of the port is changed, spanning tree recalculates the path cost automatically. A change in the path cost can change the spanning tree topology.

Refer to theCalculate and Assign Port Costssection ofConfigure Spanning Treefor more information on how to calculate the port cost.

Troubleshoot Commands

• show spantree vlan_id—Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switch on which you issue the command.

• show spantree summary—Provides a summary of connected spanning tree ports by VLAN.

• show spantree statistics—Shows spanning tree statistical information.

• show spantree backbonefast—Displays whether the spanning tree BackboneFast Convergence feature is enabled.

• show spantree blockedports—Displays only the blocked ports.

• show spantree portstate—Determines the current spanning tree state of a Token Ring port within a spanning tree.

• show spantree portvlancost—Shows the path cost for the VLANs on a port.

• show spantree uplinkfast—Shows the UplinkFast settings.

Command Summary

Related Information

• Spanning Tree Protocol Problems and Related Design Considerations
• Switches Support