The purpose of the article is not to discuss the operation of Spanning Tree Protocol (STP), but how to modify a few parameters in order to change the default behavior.

However, I will refresh some basic information that we need in order to understand what will be discussed in the article.

Bridge ID is the identifier of the switch in the context of STP. It consists of bridge priority (which defaults to 32768) and the MAC address. A lower value means a better value. If the bridge priority is the same, then the tie-breaker will be the MAC address (there cannot be two identical MAC addresses). Older devices have lower MAC addresses than the newer devices and this usually leads to low performance devices acting as root bridges.

These are the tie-breakers for selecting the root bridge:

  • Lowest root bridge ID
  • Lowest root path cost
  • Lowest sender bridge ID
  • Lowest port priority

The topology used for this article and for simulation is below:

You are given the option to download the GNS3 topology file along with the switches configuration. As you will see, the configuration is pretty basic.

If you use these configuration files, please adapt the path to them in the GNS3 topology file.

There is one thing about how GNS3 is emulating switches.

The Cisco 3640 allows you to use one specific type of card which enables the switching features. This card is called NM-16ESW. This card has 16 ports.

This is a screenshot of the SW1 slots:

Once the topology is loaded and all the devices are powered on, the next step would be to configure the two hosts (PC_1 and PC_3) with IP addresses. Because we will have only one VLAN, there is no need to configure a default route.

Before you can configure the hosts, you should know that they are emulated using a lightweight version of Linux. You can download it from here http://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/linux-microcore-3.8.2.img. Once you downloaded it, you need to configure GNS3. Go to Edit – Preferences – Qemu. You should have something similar to this. Keep in mind that the path location might be different based on where you decided to store the Linux image.

Once you start the hosts, because the configuration doesn’t survive to any device power-off, you will need to configure the IP address on eth0 of each host.

Keep in mind that using ‘tc’ as username when you access the hosts using the console, will log you in directly to shell without asking for any password.

This is needed on PC_3 to change the hostname and to add the right IP address on eth0. Do the similar configuration on PC_1.

tc@box:~$ sudo hostname PC_3
tc@PC_3:~$ sudo ifconfig eth0 1.1.1.103 netmask 255.255.255.0

If you would try to ping PC_3 from PC_1, it will work, but all the traffic will be through VLAN 1, which is the only VLAN present on a Cisco switch when you take it out of the box. This is for plug and play installation. Maybe you don’t need fancy features and you just need to connect a few hosts to a device so they can reach each other. However, it’s advisable not to use VLAN 1 due to security concerns. We will use VLAN 100.

Try the connectivity between PC_1 and PC_3 after you configure the switches as it is required. You should see something similar:

tc@PC_1:~$ ping 1.1.1.103
PING 1.1.1.103 (1.1.1.103): 56 data bytes
64 bytes from 1.1.1.103: seq=0 ttl=64 time=5.882 ms
^C
--- 1.1.1.103 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 5.882/5.882/5.882 ms
tc@PC_1:~$ arp -a
? (1.1.1.103) at 00:ab:09:5d:9a:00 [ether]  on eth0
tc@PC_1:~$

As you can see from the topology itself, I identified each host using the IP and the MAC addresses.

Because the article is related to Layer 2 features, we will have to deal only with MAC addresses, which can be different when you load the topology on your computer.

Don’t expect to have the same MAC addresses as I do.

The tasks that should be accomplished in this article are:

  • SW1 should be the primary root bridge
  • SW3 should be the root bridge in case SW1 reboots
  • Traffic from PC_3 to PC_1 should take this path: SW3 – SW2 – SW1
  • SW3 should choose F0/4 to send traffic to SW2. In case F0/4 breaks, the traffic should fall over to F0/3
  • SW2 should use F0/1 to send traffic to SW1. In case F0/1 breaks, the traffic should fall over to F0/0
  • Modify different STP parameters to solve the two above tasks.

This is needed on all three switches to add VLAN 100:

SW1#vlan database
SW1(vlan)#vlan 100
VLAN 100 added:
    Name: VLAN0100
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#

On SW1:

spanning-tree vlan 100 root primary
!
interface FastEthernet0/0
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan all
!
interface FastEthernet0/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan all
 spanning-tree port-priority 96
!
interface FastEthernet0/2
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan all
!
interface FastEthernet0/5
 switchport access vlan 100
 spanning-tree portfast
!

On SW2, add the following configuration on all inter-switch links:

 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan all

On SW3:

spanning-tree vlan 100 priority secondary
!
interface FastEthernet0/2
 switchport mode trunk
 spanning-tree vlan 100 cost 10000
!
interface FastEthernet0/3
 switchport mode trunk
 spanning-tree vlan 100 cost 100
!
interface FastEthernet0/4
 switchport mode trunk
!
interface FastEthernet0/5
 switchport access vlan 100
 spanning-tree portfast
!

If this has been configured, it’s time to see how STP is operating.

Because this is all Layer 2, to find out how the traffic is flowing through the network we need to find out how each switch is learning the MAC addresses of the hosts.

First, let’s confirm that SW1 is the root bridge, then that SW2 will be the next root bridge and not SW3 in case something is happening with SW1:

SW1#show spanning-tree vlan 100 brief

VLAN100
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     cc00.1c9c.0001
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192
             Address     cc00.1c9c.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

As you can see, SW1 is proclaiming itself the root bridge due to the 8192 priority.

Let’s see what SW2 and SW3 are saying:

SW2#show spanning-tree vlan 100 brief

VLAN100
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     cc00.1c9c.0001
             Cost        19
             Port        2 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     cc02.1c9c.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

As you can see, SW2 (which has a priority of 32768) knows that the root bridge is connected on FastEthernet0/1. Let’s see who is connected there:

SW2#show cdp neighbors | i 0/1
SW1.lab.local    Fas 0/1            139        R S I      3640      Fas 0/1
SW2#

As you can see, SW1 is connected on F0/1.

Let’s check SW3:

SW3#show spanning-tree vlan 100 brief

SW3#show spanning-tree vlan 100 brief

VLAN100
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     cc00.1c9c.0001
             Cost        38
             Port        5 (FastEthernet0/4)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    16384
             Address     cc01.1c9c.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

SW3 (which has a priority of 16384) knows that the root bridge is connected on FastEthernet0/4. Let’s check what switch is connected on F0/4:

SW3#show cdp neighbors | i 0/4
SW2.lab.local    Fas 0/4            125        R S I      3640      Fas 0/4
SW3#

Actually, SW3 by default should have preferred the link F0/2 to reach SW1 which is a direct link, but because the cost was increased to a very high value, SW1 is closer though SW2 (on F0/4) than through the direct link:

SW3#show spanning-tree vlan 100 brief | b Interface
Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/2      128.3    128 10000 BLK     0  8192 cc00.1c9c.0001 128.3
FastEthernet0/3      128.4    128   100 BLK    19 32768 cc02.1c9c.0001 128.4
FastEthernet0/4      128.5    128    19 FWD    19 32768 cc02.1c9c.0001 128.5
FastEthernet0/5      128.6    128    19 FWD    38 16384 cc01.1c9c.0001 128.6

SW3#

So the first three tasks were completed: SW1 is the primary root bridge, SW3 is next in line for root bridge succession and the traffic path will be SW3 – SW2 – SW1.

The traffic between PC_1 and PC_3 was started so the MAC table should have been populated with the MAC addresses of the hosts.

Let’s check the MAC address table of SW3:

SW3#show mac-address-table
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
cc01.1c9c.0000          Self          1     Vlan1
00ab.095d.9a00          Dynamic     100     FastEthernet0/5
00ab.2d90.1b00          Dynamic     100     FastEthernet0/4

SW3#

00ab.095d.9a00 is the MAC of PC_3 and 00ab.2d90.1b00 is the MAC of PC_1.

While it can’t be anything else where the MAC of PC_3 should be coming from (because the host is directly connected on F0/5), we have two possible links over which we can learn the MAC of PC_1: F0/4 and F0/3.

For the task where SW3 should choose F0/4 instead of F0/3, we will choose to modify the cost and increase it for F0/3 interface. Therefore, F0/3 will have a much higher cost than F0/4.

SW3#show spanning-tree vlan 100 interface f0/3 cost
100
SW3#

SW3#show spanning-tree vlan 100 interface f0/4 cost
19
SW3#

Because both links are going to SW2 and there is no other path to reach SW1 except through SW2, then the best path selection will stop at comparing the costs of the two links.

So another task was solved.

Let’s move on and confirm that the MAC of PC_1 is learned on SW2 on the interface FastEthernet0/1 and not FastEthernet0/0:

SW2#show mac-address-table
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
cc02.1c9c.0000          Self          1     Vlan1
00ab.2d90.1b00          Dynamic     100     FastEthernet0/1
00ab.095d.9a00          Dynamic     100     FastEthernet0/4

SW2#

As you can remember, we didn’t change anything related to STP on SW2, yet the STP has changed its default behaviour.

The cost of both interfaces is the same (the default one):

SW2#show spanning-tree vlan 100 interface f0/1 cost
19
SW2#show spanning-tree vlan 100 interface f0/0 cost
19
SW2#

Actually, the configuration change that triggered SW2 to change its behaviour is done on SW1, when we configured the port priority to 96 on F0/1:

spanning-tree port-priority 96

SW1#show spanning-tree vlan 100 brief | b Interface
Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0      128.1    128    19 FWD     0  8192 cc00.1c9c.0001 128.1
FastEthernet0/1       96.2     96    19 FWD     0  8192 cc00.1c9c.0001  96.2
FastEthernet0/2      128.3    128    19 FWD     0  8192 cc00.1c9c.0001 128.3
FastEthernet0/5      128.6    128    19 FWD     0  8192 cc00.1c9c.0001 128.6

SW1#

As you can see, the priority of F0/1 is lower than the one from F0/0.

Because of this, SW2 is putting F0/0 in blocking state and F0/1 in forwarding.

SW2#show spanning-tree vlan 100 brief | b Interface
Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0      128.1    128    19 BLK     0  8192 cc00.1c9c.0001 128.1
FastEthernet0/1      128.2    128    19 FWD     0  8192 cc00.1c9c.0001  96.2
FastEthernet0/3      128.4    128    19 FWD    19 32768 cc02.1c9c.0001 128.4
FastEthernet0/4      128.5    128    19 FWD    19 32768 cc02.1c9c.0001 128.5

SW2#

And lastly, the MAC table on SW1:

SW1#show  mac-address-table
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
cc00.1c9c.0000          Self          1     Vlan1
00ab.095d.9a00          Dynamic     100     FastEthernet0/1
00ab.2d90.1b00          Dynamic     100     FastEthernet0/5

SW1#

Let’s shutdown F0/1 between SW2 and SW1 and confirm that the traffic will fail over to F0/0. The MAC of PC_1 should be learned through F0/0 and F0/0 should be in forwarding state on SW2:

SW2#show spanning-tree vlan 100 brief | b Interface
Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0      128.1    128    19 FWD     0  8192 cc00.1c9c.0001 128.1
FastEthernet0/3      128.4    128    19 FWD    19 32768 cc02.1c9c.0001 128.4
FastEthernet0/4      128.5    128    19 FWD    19 32768 cc02.1c9c.0001 128.5

SW2#show mac-address-table
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
cc02.1c9c.0000          Self          1     Vlan1
00ab.095d.9a00          Dynamic     100     FastEthernet0/4
00ab.2d90.1b00          Dynamic     100     FastEthernet0/0

SW2#

As you might already have figured out, the hosts could communicate without this STP configuration change. However, sometimes you need to change the parameters to force traffic through specific devices even though that is not the short physical link.

Also, you might want to have a more robust device to be the root bridge instead of an old device which based on the root bridge selection algorithm, which involves the MAC address in bridge priority creation, can become the root bridge.