Understand and Configure STP on Catalyst

Switches
Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
Network Diagram
Concepts
Description of the Technology
STP Operation
Task
Step-by-Step Instructions
Verify
Troubleshoot
STP Path Cost Automatically Changes When a Port Speed/Duplex Is Changed
Troubleshoot Commands
Command Summary
Related Information

Introduction
This document describes how to use Spanning Tree Protocol (STP) to ensure that you do not create loops
when you have redundant paths in your network.

Prerequisites
Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco Catalyst 5500/5000 Switches

• A console cable that is suitable for the Supervisor Engine in the switch

• Six Catalyst 5509 Switches

The spanning tree principles that the document presents are applicable to almost all devices that support
STP.

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, ensure
that you understand the potential impact of any command.
Background Information
Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for
STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have
redundant paths in your network. Loops are deadly to a network.

The configurations in this document apply to Catalyst 2926G, 2948G, 2980G, 4500/4000, 5500/5000, and
6500/6000 Switches that run Catalyst OS (CatOS). Refer to these documents for information on the
configuration of STP on other switch platforms:

• STP and MST (Catalyst 6500/6000 Switches that run Cisco IOS®Software)

• Configure STP and MST (Catalyst 4500/4000 Switches that run Cisco IOS Software)

Network Diagram

This document uses this network setup:

Concepts
STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D
is the most popular and widely implemented. You implement STP on bridges and switches in order to
prevent loops in the network. Use STP in situations where you want redundant links, but not loops.
Redundant links are as important as backups in the case of a failover in a network. A failure of your primary
activates the backup links so that users can continue to use the network. Without STP on the bridges and
switches, such a failure can result in a loop. If two connected switches run different flavors of STP, they
require different controls to converge. When different flavors are used in the switches, it creates control
issues between Blocking and Forwarding states. Therefore, it is recommended to use the same flavors of
STP. Consider this network:
In this network, a redundant link is planned between Switch A and Switch B. However, this setup creates the
possibility of a bridging loop. For example, a broadcast or multicast packet that transmits from Station M
and is destined for Station N simply continues to circulate between both switches.

However, when STP runs on both switches, the network logically looks like this:

This information applies to the scenario in the Network Diagram:

• Switch 15 is the backbone switch.

• Switches 12, 13, 14, 16, and 17 are switches that attach to workstations and PCs.

• The network defines these VLANs:

○ 1

○ 200

○ 201

○ 202

○ 203

○ 204

• The VLAN Trunk Protocol (VTP) domain name is STD-Doc.

In order to provide this desired path redundancy, as well as to avoid a loop condition, STP defines a tree that
spans all the switches in an extended network. STP forces certain redundant data paths into a standby
(blocked) state and leaves other paths in a forwarding state. If a link in the forwarding state becomes
unavailable, STP reconfigures the network and reroutes data paths through the activation of the appropriate
standby path.

Description of the Technology

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in
the network. All other decisions in the network, such as which port to block and which port to put in
forwarding mode, are made from the perspective of this root bridge. A switched environment, which is
different from a bridge environment, most likely deals with multiple VLANs. When you implement a root
bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have
its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs
can all reside in a single switch or in various switches.

Note: The selection of the root switch for a particular VLAN is very important. You can choose the
root switch, or you can let the switches decide, which is risky. If you do not control the root
 selection process, there can be suboptimal paths in your network.

All the switches exchange information for use in the root switch selection and for subsequent configuration
of the network. Bridge protocol data units (BPDUs) carry this information. Each switch compares the
parameters in the BPDU that the switch sends to a neighbor with the parameters in the BPDU that the switch
receives from the neighbor.

In the STP root selection process, less is better. If Switch A advertises a root ID that is a lower number than
the root ID that Switch B advertises, the information from Switch A is better. Switch B stops the
advertisement of its root ID, and accepts the root ID of Switch A.

Refer to Optional STP Features for more information about some of the optional STP features, such as:

• PortFast

• Root guard

• Loop guard

• BPDU guard

STP Operation
Task

Prerequisites

Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to
be the most powerful switch, but choose the most centralized switch on the network. All data flow across the
network is from the perspective of this switch. Also, choose the least disturbed switch in the network. The
backbone switches often serve as the spanning tree root because these switches typically do not connect to
end stations. Also, moves and changes within the network are less likely to affect these switches.

After you decide on the root switch, set the appropriate variables to designate the switch as the root switch.
The only variable that you must set is the bridge priority . If the switch has a bridge priority that is lower than
all the other switches, the other switches automatically select the switch as the root switch.

Clients (end stations) on Switch Ports

You can also issue the set spantree portfast command, on a per-port basis. When you enable the portfast variable
on a port, the port immediately switches from blocking mode to forwarding mode. Enablement
of portfast helps to prevent timeouts on clients who use Novell Netware or use DHCP in order to obtain an IP
address. However, donotuse this command when you have switch-to-switch connection. In this case, the
command can result in a loop. The 30- to 60-second delay that occurs during the transition from blocking to
forwarding mode prevents a temporal loop condition in the network when you connect two switches.

Leave most other STP variables at their default values.

Rules of Operation

This section lists rules for how STP works. When the switches first come up, they start the root switch
selection process. Each switch transmits a BPDU to the directly connected switch on a per-VLAN basis.
As the BPDU goes out through the network, each switch compares the BPDU that the switch sends to the
BPDU that the switch receives from the neighbors. The switches then agree on which switch is the root
switch. The switch with the lowest bridge ID in the network wins this election process.

Note: Remember that one root switch is identified per-VLAN. After the root switch identification,
the switches adhere to these rules.

• STP Rule 1—All ports of the root switch must be in forwarding mode.

Note: In some corner cases, which involve self-looped ports, there is an exception to this
rule.

Next, each switch determines the best path to get to the root. The switches determine this path by a
comparison of the information in all the BPDUs that the switches receive on all ports. The switch uses
the port with the least amount of information in the BPDU in order to get to the root switch; the port
with the least amount of information in the BPDU is the root port. After a switch determines the root
port, the switch proceeds to rule 2.

• STP Rule 2—The root port must be set to forwarding mode.

In addition, the switches on each LAN segment communicate with each other to determine which
switch is best to use in order to move data from that segment to the root bridge. This switch is called
the designated switch.

• STP Rule 3—In a single LAN segment, the port of the designated switch that connects to that LAN
segment must be placed in forwarding mode.

• STP Rule 4—All the other ports in all the switches (VLAN-specific) must be placed in blocking
mode. The rule only applies to ports that connect to other bridges or switches. STP does not affect
ports that connect to workstations or PCs. These ports remain forwarded.

Note: The addition or removal of VLANs when STP runs in per-VLAN spanning tree (PVST /
PVST+) mode triggers spanning tree recalculation for that VLAN instance and the traffic is
disrupted only for that VLAN. The other VLAN parts of a trunk link can forward traffic normally.
The addition or removal of VLANs for a Multiple Spanning Tree (MST) instance that exists
triggers spanning tree recalculation for that instance and traffic is disrupted for all the VLAN parts
of that MST instance.

Note: By default, spanning tree runs on every port. The spanning tree feature cannot be turned off
in switches on a per-port basis. Although it is not recommended, you can turn off STP on a per-
VLAN basis, or globally on the switch. Extreme care must be taken whenever you disable spanning
tree because this creates Layer 2 loops within the network.

Step-by-Step Instructions

Complete these steps:

1. Issue the show version command in order to display the software version that the switch runs.
 Note: All switches run the same software version.

<#root>
Switch-15> (enable)

show version

WS-C5505 Software, Version McpSW: 4.2(1) NmpSW: 4.2(1)

Copyright (c) 1995-1998 by Cisco Systems
NMP S/W compiled on Sep 8 1998, 10:30:21
MCP S/W compiled on Sep 08 1998, 10:26:29

System Bootstrap Version: 5.1(2)

Hardware Version: 1.0 Model: WS-C5505 Serial #: 066509927

Mod Port Model Serial # Versions

--- ---- ---------- --------- ----------------------------------------
1 0 WS-X5530 008676033 Hw : 2.3
Fw : 5.1(2)
Fw1: 4.4(1)
Sw : 4.2(1)

In this scenario, Switch 15 is the best choice for the root switch of the network for all the VLANs
because Switch 15 is the backbone switch.

2. Issue the set spantree root vlan_id command in order to set the priority of the switch to 8192 for the VLAN
or VLANs that the vlan_id specifies.

Note: The default priority for switches is 32768. When you set the priority with this
command, you force the selection of Switch 15 as the root switch because Switch 15 has the
lowest priority.

<#root>
Switch-15> (enable)

set spantree root 1

VLAN 1 bridge priority set to 8192.

VLAN 1 bridge max aging time set to 20.
VLAN 1 bridge hello time set to 2.
VLAN 1 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 1.
Switch-15> (enable)

Switch-15> (enable)

set spantree root 200

VLAN 200 bridge priority set to 8192.

VLAN 200 bridge max aging time set to 20.
VLAN 200 bridge hello time set to 2.
VLAN 200 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 200.
Switch-15> (enable)

Switch-15> (enable)

set spantree root 201

VLAN 201 bridge priority set to 8192.

VLAN 201 bridge max aging time set to 20.
VLAN 201 bridge hello time set to 2.
VLAN 201 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 201.
Switch-15> (enable)

Switch-15> (enable)

set spantree root 202

VLAN 202 bridge priority set to 8192.

VLAN 202 bridge max aging time set to 20.
VLAN 202 bridge hello time set to 2.
VLAN 202 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 202.
Switch-15>

Switch-15> (enable)

set spantree root 203

VLAN 203 bridge priority set to 8192.

VLAN 203 bridge max aging time set to 20.
VLAN 203 bridge hello time set to 2.
VLAN 203 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 203.
Switch-15>

Switch-15> (enable)

set spantree root 204

VLAN 204 bridge priority set to 8192.

VLAN 204 bridge max aging time set to 20.
VLAN 204 bridge hello time set to 2.
VLAN 204 bridge forward delay set to 15.
Switch is now the root switch for active VLAN 204.
Switch-15> (enable)

The shorter version of the command has the same effect, as this example shows:

<#root>
Switch-15> (enable)

set spantree root 1,200-204

VLANs 1,200-204 bridge priority set to 8189.

VLANs 1,200-204 bridge max aging time set to 20.
VLANs 1,200-204 bridge hello time set to 2.
VLANs 1,200-204 bridge forward delay set to 15.
Switch is now the root switch for active VLANs 1,200-204.
Switch-15> (enable)
 The set spantree priority command provides a third method to specify the root switch:

<#root>
Switch-15> (enable)

set spantree priority 8192 1

Spantree 1 bridge priority set to 8192.

Switch-15> (enable)

Note: In this scenario, all the switches started with cleared configurations. Therefore, all the
switches started with a bridge priority of 32768. If you are not certain that all the switches in
your network have a priority that is greater than 8192, set the priority of your desired root
bridge to 1.

3. Issue the set spantree portfast mod_num/port_num enable command in order to configure the PortFast setting on
Switches 12, 13, 14, 16, and 17.

Note: Only configure this setting on ports that connect to workstations or PCs. Do not enable
PortFast on any port that connects to another switch.

• Port 2/1 connects to Switch 13.

• Port 2/2 connects to Switch 15.

• Port 2/3 connects to Switch 16.

• Ports 3/1 through 3/24 connect to PCs.

• Ports 4/1 through 4/24 connect to UNIX workstations.

With this information as a basis, issue the set spantree portfast command on ports 3/1 through 3/24 and
on ports 4/1 through 4/24:

<#root>
Switch-12> (enable)

set spantree portfast 3/1-24 enable

Warning: Spantree port fast start should  only be enabled on ports connected to a single host. Connec
to a fast start port can cause temporary spanning-tree loops. Use with caution. Spantree ports 3/1
Switch-12> (enable) Switch-12> (enable)

set spantree portfast 4/1-24 enable

Warning: Spantree port fast start should  only be enabled on ports connected to a single host. Conne
to a fast start port can cause temporary spanning-tree loops. Use with caution. Spantree ports 4/1
4. Issue the show spantree vlan_id command in order to verify that Switch 15 is the root of all the
appropriate VLANs.

From the output from this command, compare the MAC address of the switch that is the root switch to
the MAC address of the switch from which you issued the command. If the addresses match, the
switch that you are in is the root switch of the VLAN. A root port that is 1/0 also indicates that you are
at the root switch. This is the sample command output:

<#root>
Switch-15> (enable)

show spantree 1

VLAN 1
spanning-tree enabled
spanning-tree type ieee

Designated Root 00-10-0d-b1-78-00

!--- This is the MAC address of the root switch for VLAN 1.

Designated Root Priority 8192

Designated Root Cost 0

Designated Root Port

1/0

Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge ID MAC ADDR 00-10-0d-b1-78-00

Bridge ID Priority 8192

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

This output shows that Switch 15 is the designated root on the spanning tree for VLAN 1. The MAC
address of the designated root switch,00-10-0d-b1-78-00, is the same as the bridge ID MAC address
of Switch 15,00-10-0d-b1-78-00. Another indicator that this switch is the designated root is that the
designated root port is 1/0.

In this output from Switch 12, the switch recognizes Switch 15 as the Designated Root for VLAN 1:

<#root>
Switch-12> (enable)

show spantree 1

VLAN 1
spanning-tree enabled
spanning-tree type
 IEEEDesignated Root

00-10-0d-b1-78-00

!--- This is the MAC address of the root switch for VLAN 1.

Designated Root Priority 8192

Designated Root Cost 19

Designated Root Port 2/3
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge ID MAC ADDR 00-10-0d-b2-8c-00

Bridge ID Priority 32768

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Note: The output of the show spantree vlan_id command for the other switches and VLANs
can also indicate that Switch 15 is the designated root for all VLANs.

Verify
This section provides information you can use to confirm that your configuration works properly.

• show spantree vlan_id—

Shows the current state of the spanning tree for this VLAN ID, from the
perspective of the switch on which you issue the command.

• show spantree summary— Provides a summary of connected spanning tree ports by VLAN.

Troubleshoot
This section provides information you can use to troubleshoot your configuration.

STP Path Cost Automatically Changes When a Port Speed/Duplex Is Changed

STP calculates the path cost based on the media speed (bandwidth) of the links between switches and the
port cost of each port forwarding frame. Spanning tree selects the root port based on the path cost. The port
with the lowest path cost to the root bridge becomes the root port. The root port is always in the forwarding
state.

If the speed/duplex of the port is changed, spanning tree recalculates the path cost automatically. A change
in the path cost can change the spanning tree topology.

Refer to the Calculate and Assign Port Costs section of Configure Spanning Tree for more information on
how to calculate the port cost.

Troubleshoot Commands

Note: Refer to Important Information on Debug Commands before you use debug commands.
 • show spantree vlan_id—Showsthe current state of the spanning tree for this VLAN ID, from the
perspective of the switch on which you issue the command.

• show spantree summary—Provides a summary of connected spanning tree ports by VLAN.

• show spantree statistics—Shows spanning tree statistical information.

• show spantree backbonefast—Displays whether the spanning tree BackboneFast Convergence feature is
enabled.

• show spantree blockedports—Displays only the blocked ports.

• show spantree portstate—Determines the current spanning tree state of a Token Ring port within a
spanning tree.

• show spantree portvlancost—Shows the path cost for the VLANs on a port.

• show spantree uplinkfast—Shows the UplinkFast settings.

Command Summary

Syntax: show version

As used in this document: show version

Syntax: set spantree root [vlan_id]

As used in this document: set spantree root 1

set spantree root 1,200-204

Syntax: set spantree priority [vlan_id]

As used in this document: set spantree priority 8192 1

Syntax: set spantree portfast mod_num/port_num {enable | disable}

As used in this document: set spantree portfast 3/1-24 enable

Syntax: show spantree [vlan_id]

As used in this document: show spantree

Related Information
• Spanning Tree Protocol Problems and Related Design Considerations
• Switches Support
• Cisco Technical Support & Downloads