This will be a series of articles discussing how to configure Spanning Tree Protocol (STP) and its associated features.

In this first article we will discuss how to check STP operation, how to influence the root bridge election and how to influence the path selection algorithm. We will focus on configuration examples, “show” outputs and where it will be needed, plus reminders about theory will also be provided.

Below is our topology, with 2 VLANs configured and two hosts in each VLAN:

In the above topology, everything was left at default with regards to Spanning Tree Protocol. The VLANs and the interfaces from all switches in the respective VLANs were configured. Also, the interfaces between all three switches were configured as trunk allowing all VLANs.

If you need to quickly check the current parameters for timers and priority, you can use “show spanning-tree bridge”:

SW12#show spanning-tree bridge 

                                                   Hello  Max  Fwd
Vlan                         Bridge ID              Time  Age  Dly  Protocol
---------------- --------------------------------- -----  ---  ---  --------
VLAN0001         32769 (32768,   1) f4ac.c115.e300    2    20   15  ieee        
VLAN0013         32781 (32768,  13) f4ac.c115.e300    2    20   15  ieee        
VLAN0024         32792 (32768,  24) f4ac.c115.e300    2    20   15  ieee        
SW12#

As you can see, we are running STP for three VLANs: 1, 13 and 24. The timers were left to default along with the default priority. The type of STP used is IEEE, the Cisco implementation of 802.1D.

So without altering STP, let’s check its current status to find the root bridge and see how the MAC addresses of the hosts are learned on each switch.

Let’s start with SW12 and check for VLAN 13. The output will be similar for VLAN 24.

SW12#show mac address-table vlan 13
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  13    0050.7966.6804    DYNAMIC     Gi0/0
  13    0050.7966.6806    DYNAMIC     Gi0/2
Total Mac Addresses for this criterion: 2
SW12#

As you can see, the PC1 MAC address is learned from Gi0/0 (directly connected) and the PC3 MAC address is learned via SW34 over GI0/2.

Let’s check the current operation of STP for VLAN 13:

SW12#show spanning-tree vlan 13

VLAN0013
  Spanning tree enabled protocol ieee
  Root ID    Priority    32781
             Address     0027.0c1a.db80
             Cost        4
             Port        3 (GigabitEthernet0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32781  (priority 32768 sys-id-ext 13)
             Address     f4ac.c115.e300
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Desg FWD 4         128.1    P2p 
Gi0/2               Root FWD 4         128.3    P2p 
Gi0/3               Altn BLK 4         128.4    P2p 
Gi0/4               Altn BLK 4         128.5    P2p 


SW12#

As you can see, the root bridge is a switch that has the bridge ID 0027.0c1a.db80 and the SW12 interface towards the root bridge is GigabitEthernet0/2 with a cost of 4.

Also, the interface towards SW3 (Gi0/4) is in Alternate role and Blocking state, which means that no MAC learning or flooding will happen on that interface.

We will see later what the implications for this are.

SW12 is not the root bridge for VLAN 13 because of the higher Bridge ID that it has. F4ac.c115.e300 is higher than 0027.0c1a.db80.

So let’s check the current STP status and MAC address table for the same VLAN on SW34:

SW34#show mac address-table vlan 13
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  13    0050.7966.6804    DYNAMIC     Gi0/2
  13    0050.7966.6806    DYNAMIC     Gi0/0
Total Mac Addresses for this criterion: 2
SW34#

Actually, let’s also quickly check the MAC table for VLAN 24 and confirm that we are learning the MAC addresses for PC2 and PC4 in the same way. We will use it later as comparison after we change the root bridge for VLAN 24:

SW34#show mac address-table vlan 24
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  24    0050.7966.6805    DYNAMIC     Gi0/2
  24    0050.7966.6807    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 2
SW34#

The MAC of PC1 is learned from SW12 and the MAC of PC3 is learned through the interface directly connected to PC3.

Let’s check the STP operation for VLAN 13:

SW34#show spanning-tree vlan 13

VLAN0013
  Spanning tree enabled protocol ieee
  Root ID    Priority    32781
             Address     0027.0c1a.db80
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32781  (priority 32768 sys-id-ext 13)
             Address     0027.0c1a.db80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Desg FWD 4         128.1    P2p 
Gi0/2               Desg FWD 4         128.3    P2p 
Gi0/3               Desg FWD 4         128.4    P2p 
Gi0/4               Desg FWD 4         128.5    P2p 


SW34#

As you can see, SW34 is the root bridge, which means that all its interfaces will be in Designated role and Forwarding state.

In STP, all traffic should pass through the root bridge because MAC learning is done through it. Remember the above statement with regards to the interface of SW12 towards SW3. The implication of this statement is that SW3 will learn the MAC addresses of PC1 and PC3 from SW34. Let’s confirm this:

SW3#show mac address-table vlan 13
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  13    0050.7966.6804    DYNAMIC     Gi0/1
  13    0050.7966.6806    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 2
SW3#

So SW3 learned the MAC address of PC1 via this path: PC1 – SW12 – SW34 – SW3, although there is direct link between SW12 and SW3.

As mentioned in the beginning, everything for STP was left at default for both VLANs, hence a very similar output will be seen on all devices if we check VLAN 24.

This means that SW34 will be the root bridge for both VLANs and even though you can run multiple instances of STP so that you can elect different root bridges for each VLAN, the current network is working similar to how the legacy 802.1D is used in the network.

As mentioned, IEEE in the output of “show spanning-tree bridge” stands for Cisco PVST.

Let’s change the current configuration on SW3 and make it the root bridge for VLAN 24, and then see what is changing when we compare the same outputs as for VLAN 13.

We have two configuration options to make SW3 the root bridge.

One of them is to explicitly specify the priority of the bridge to a value that is lower than the current priority of SW34. SW34 is using the default priority, 32768, but it is winning the root bridge election due to the lower MAC address.

The other configuration option is to use the “primary” macro, which will set the priority to the next lower bridge priority so that the switch will become the root bridge.

We will see both methods in action. Let’s start with explicitly configuring the priority. As you will see, you need to configure a priority that is a multiple of 4096. If you don’t know the exact value, you can type anything there and you will get a list of possible values:

SW3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#spanning-tree vlan 24 priority ?
    bridge priority in increments of 4096

SW3(config)#spanning-tree vlan 24 priority 24000
% Bridge Priority must be in increments of 4096.
% Allowed values are: 
24	4096  8192  12288 16384 20480 24576 28672
  32768 36864 40960 45056 49152 53248 57344 61440
SW3(config)#spanning-tree vlan 24 priority 24576
SW3(config)#end
SW3#

Now, let’s check the bridge priority for VLAN 24:

SW3#show  spanning-tree bridge 

                                                   Hello  Max  Fwd
Vlan                         Bridge ID              Time  Age  Dly  Protocol
---------------- --------------------------------- -----  ---  ---  --------
VLAN0001         32769 (32768,   1) f4ac.c105.d200    2    20   15  ieee        
VLAN0013         32781 (32768,  13) f4ac.c105.d200    2    20   15  ieee        
VLAN0024         24600 (24576,  24) f4ac.c105.d200    2    20   15  ieee        
SW3#

As you can see, the priority for VLAN 24 has changed and SW34 should now see SW3 as the root bridge for VLAN24 through the interface Gi0/4. Let’s check:

SW34#show spanning-tree vlan 24

VLAN0024
  Spanning tree enabled protocol ieee
  Root ID    Priority    24600
             Address     f4ac.c105.d200
             Cost        4
             Port        5 (GigabitEthernet0/4)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32792  (priority 32768 sys-id-ext 24)
             Address     0027.0c1a.db80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.2    P2p 
Gi0/2               Desg FWD 4         128.3    P2p 
Gi0/3               Desg FWD 4         128.4    P2p 
Gi0/4               Root FWD 4         128.5    P2p 


SW34#

Remember how the MAC table on SW34 was looking for VLAN24 before we changed the root bridge? Let’s compare the current status of the MAC table for VLAN 24:

SW34#show mac address-table vlan 24
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  24    0050.7966.6805    DYNAMIC     Gi0/4
  24    0050.7966.6807    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 2
SW34#

As you can see, the MAC address of PC2 is now learned via SW3, which is the root bridge.

Let’s now discuss the second method of configuring a switch to become the root bridge. This is how the “primary” macro is being used:

SW3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#
*May  9 21:11:14.645: %SYS-5-CONFIG_I: Configured from console by console
SW3(config)#spanning-tree vlan 24 root ?
  primary    Configure this switch as primary root for this spanning tree
  secondary  Configure switch as secondary root

SW3(config)#spanning-tree vlan 24 root primary 
SW3(config)#end
SW3#

The bridge priority was lowered to 24576:

SW3#show spanning-tree bridge 

                                                   Hello  Max  Fwd
Vlan                         Bridge ID              Time  Age  Dly  Protocol
---------------- --------------------------------- -----  ---  ---  --------
VLAN0001         32769 (32768,   1) f4ac.c105.d200    2    20   15  ieee        
VLAN0013         32781 (32768,  13) f4ac.c105.d200    2    20   15  ieee        
VLAN0024         24600 (24576,  24) f4ac.c105.d200    2    20   15  ieee        
SW3#

This is because the previous root priority was 32768. As you can see, we can use the “secondary” macro. If we used that value, the priority would have changed to 28762. This is to ensure that you can configure a primary root bridge and a secondary root bridge of your choice.

Once you configure the “primary” or the “secondary” macro, the priority is put explicitly in the configuration in the same way as you would have configured it:

spanning-tree vlan 24 priority 24576

Now let’s get back to VLAN 13 and see how we can modify the cost of an interface to alter the shortest path to the root bridge.

Remember that SW3 had to use Gi0/1 to reach SW34, the root bridge. The cost was 4. This is because between SW3 and SW34 there is only one GigabitEthernet link whose cost is 4.

VLAN0013
  Spanning tree enabled protocol ieee
  Root ID    Priority    32781
             Address     0027.0c1a.db80
             Cost        4
             Port        2 (GigabitEthernet0/1)

The spanning tree cost change for an interface is done on the actual interface like this:

SW3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#int gi0/1
SW3(config-if)#spanning-tree cost ?
    port path cost

SW3(config-if)#spanning-tree cost 100
SW3(config-if)#end
SW3#

In this case, we configured a cost of 100 for Gi0/1. So the current situation is like this: SW3 can reach SW34 directly with a cost of 100 or it can reach SW34 through SW12 with a cost of 8. Obviously, the path with the lowest cost will be chosen and Gi0/0 will be the new root port:

SW3#show spanning-tree vlan 13

VLAN0013
  Spanning tree enabled protocol ieee
  Root ID    Priority    32781
             Address     0027.0c1a.db80
             Cost        8
             Port        1 (GigabitEthernet0/0)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32781  (priority 32768 sys-id-ext 13)
             Address     f4ac.c105.d200
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  15  sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Root FWD 4         128.1    P2p 
Gi0/1               Altn BLK 100       128.2    P2p 


SW3#

As you can see, there are two links between SW12 and SW34 (Gi0/2 and Gi0/3). Based on the shortest path selection, there is a tie up to the point where the port ID has to be used. The lower the port ID, the better. In this case, Gi0/2 has a lower port ID than Gi0/3, hence SW12 is using Gi0/2 as root port. But what if we want to use Gi0/3 as the root port? We can modify the port priority of Gi0/3 to a lower value than the one from Gi0/2. Both of them are using the default value of 128.

Let’s modify the port priority of Gi0/3 and then confirm that the new root port on SW12 is Gi0/3. Remember that the configuration has to be done on SW34 so that SW12 will see in the BPDUs received from SW34 that the port priority has changed:

SW34(config)#int gi0/3
SW34(config-if)#spanning-tree port-priority 64
SW34(config-if)#end
SW34#

Let’s now confirm that the root port on SW12 is Gi0/3:

VLAN0013
  Spanning tree enabled protocol ieee
  Root ID    Priority    32781
             Address     0027.0c1a.db80
             Cost        4
             Port        4 (GigabitEthernet0/3)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

And we have now reached the end of the article. To briefly summarize, we saw how we can select different root bridges for different VLANs and how we can alter the path the packets take in a switched network by changing the path selection algorithm.

In the next part of the series we will discuss a few features of Spanning Tree Protocol so stay tuned.

References:

  1. Cisco CCNA Routing and Switching ICND2 200-101 Official Cert Guide – Wendell Odom