1-STP(Spanning-Tree Protocol) (802.1D)

To prevent loop between switches, Cisco uses Spanning-Tree protocol. STP is the simplest and oldest protocol which is enable by default in Cisco devices. STP is a industry standard which is used by other vendors to prevent loops in devices.

STP uses BPDU(bridge protocol data unit) to detect loops in devices. If there is any loops in Cisco devices, block redundant links. As you can see in figure 1, we have 3 switches with the same priority and in the root bridge selection, switch with the lowest priority selects as a root bridge. Now, we have the same priority, so the second feature in root bridge selection is the lowest Mac-Address. Therefore, switch A becomes root bridge and switch B and C use their shortest path to reach root bridge. This port is called root port. Then, we have selection between switch B and C, as we mentioned, switch B has the lowest Mac-Address, so it becomes Designated port and in switch C connection will be blocked.

Figure 1: STP States
Enter a caption for this image (optional)

Default priority of switch is 32768 and is multiple of 4096( between 0-61440) while, default port-priority in switch is 128 and multiple of 16.

In STP , we have 5 states, namely:

disabled, blocking(20sec), listening(15sec), learning(15sec), forwarding

It means, we have to wait at least 50 seconds until fully convergence.

We can configure switch for STP and change the priority or make a switch as primary root:

sw1(config)# spanning-tree vlan 1 priority 4096
sw1(config)# spanning-tree vlan 1 root primary

you can use show command to see the root or states of connections:

sw1# show spanning-tree
sw1# show spanning-tree vlan 1
2- PVST+ (Per Vlan Spanning-Tree)

This is the same idea of STP . The only difference here is using in Vlan instead of STP. The delay in receiving BPDUs can cause problems like convergence time problems. Per-VLAN Spanning Tree (PVST) is a solution for these problems. PVST operates a separate instance of STP for each individual VLAN . So, it helps load-balancing more efficiently.

3- RSTP(Rapid Spanning-Tree Protocol) (802.1w)

Cisco enhanced the original 802.1D specification with features such as Uplink Fast, Backbone Fast, and Port Fast to speed up the convergence time of a bridged network. In RSTP we have five states, namely:

STP (802.1D) Port State

RSTP (802.1w) Port State











It means, by removing listening states now convergence takes on 30 seconds. To configure, simply add:

sw1(config)# spanning-tree mode rapid-pvst

Figure 2: RSTP port states
Enter a caption for this image (optional)

As you see in Figure 2, we have Alternate port instead of block port in RSTP. Also, RSTP can detect edge port and separate root port from edge port.

3-1 PortFast

PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.

You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. To config it:

sw1(config)# int fa0/1
sw1(config-if)# spanning-tree portfast
3-2 BPDU guard and BPDU Filter

PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs. Cisco recommend every ports connected to endpoint devices should have BPDU guard. BPDU guard:

  • Change the interface to errdisable state

  • Prevent from receiving BPDU

To enable BPDU guard:

sw1(config)# int fa0/1
sw1(config-if)# spanning-tree bpduguard enable

While, BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states. BPDU filtering:

  • Prevent from sending and receiving BPDU

  • Stop spanning-tree in the interface

3-3 Loop Guard and Root Guard

BPDU guard and root guard are similar, but their impact is different. BPDU guard disables the port upon BPDU reception if PortFast is enabled on the port. The disablement effectively denies devices behind such ports from participation in STP. You must manually reenable the port that is put into errdisable state or configure errdisable-timeout.

Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.

sw1(config)# int fa0/1
sw1(config-if)# spanning-tree guard root

When one of the ports in a physically redundant topology no longer receives BPDUs, the STP conceives that the topology is loop free. Eventually, the blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop.

The loop guard feature makes additional checks. If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state. Without the loop guard feature, the port assumes the designated port role. The port moves to the STP forwarding state and creates a loop.

sw1(config)# int fa0/1
sw1(config-if)# spanning-tree guard loop
4-MSTR(Multiple Spanning-tree Protocol) (802.1s)

MST extends the IEEE 802.1w rapid spanning tree (RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing in a VLAN environment. MST converges faster than Per VLAN Spanning Tree Plus (PVST+) and is backward compatible with 802.1D STP, 802.1w (Rapid Spanning Tree Protocol [RSTP]), and the Cisco PVST+ architecture.

MST allows you to build multiple spanning trees over trunks. You can group and associate VLANs to spanning tree instances. Each instance can have a topology independent of other spanning tree instances. This architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances.

In large networks, you can more easily administer the network and use redundant paths by locating different Vlan and spanning tree instance assignments in different parts of the network.

MST includes some regions and each region contains Vlans. As it shown in below code, we have different instances and in each instance we have Vlans. If Vlans don’t have any instance, it goes to instance 0.

sw(config)# spanning-tree mst conf
sw(config-mst)# name HRT
sw(config-mst)# revision 1
sw(config-mst)# instance 1 vlan 2-3
sw(config-mst)# instance 2 vlan 4-8
sw(config-mst)# instance 3 vlan 9-11
sw(config-mst)# exit
sw(config)#spanning-tree mode mst

to show mst configuration:

sw# show spanning-tree mst conf