Module 10 - Spanning Tree Protocol (STP)

Network Redundancy

It is an essential part of network design, modern networks are expected to run 24/7/365. Short downtimes can be disastrous for businesses, if one component fails, you must ensure that other components will take over with little or no downtime. This should be implemented at every possible point in the network.

Broadcast Storms 

This occurs whenever broadcast or multicast frames continuously circulates through a Layer 2 network since ethernet header does not have a Time To Live (TTL) field. Broacast frames loop around indefinitely and the network will be too congested for legitimate traffic.

MAC Address Flapping

It is when frames with the same source MAC address repeatedly arrive on different interfaces, the switch is continuously updating the interface in its MAC address table.

Spanning Tree Protocol

This prevents layer 2 loops by placing redundant ports in a blocking state, essentially disabling the interface. The disabled interface act as backups that can enter a forwarding state if an active interface fails.

Bridge Priority 

This determines the root bridge election, the value is in increments by 4096, the lowest bridge ID is elected as the root bridge.

Root Bridge

It is the central reference switch elected using the lowest Bridge ID.

Root Port

Port on non-root switch closest to the root bridge.

Designated Port

Port that forwards traffic for a segment.

Blocked Port

Port placed in standby to prevent loops.

Bridge Protocol Data Unit (BPDU)

These are the messages that are transmitted across the network to enable switches to participate in the Spanning Tree Protocol, STP control messages sent every 2 seconds.

Blocking Port State

Does not forward traffic; only listens for BPDUs. It is stable.

Listening Port State

Listens for BPDUs but does not learn MACs. It is transitional.

Learning Port State

Builds MAC table but does not forward yet. It is transitional.

Forwarding Port State

It is fully operational, it sends and receives BPDUs as well as forward them and learns the MAC address.

Portfast

This allows ports to skip the STP states and go directly to forwarding. 

spanning-tree portfast

Enables PortFast on an interface.

BPDU Guard

It is a security feature that protects the network infrastructure by

It shutting down port if BPDU is received (it is used with portfast).

spanning-tree vlan [ID] root primary

This command sets the switch as the primary root bridge.

spaning-tree vlan [ID] root secondary

This command sets the switch as the secondary root bridge.

spanning-tree portfast default

enables PortFast on all access ports.

spanning-tree portfast bpduguard enable

enables BPDU Guard on an interface.

spanning-tree portfast bpduguard default

enables BPDU Guard globally.

show spanning-tree

This command displays STP status and roles.

Root Guard

If you enable root guard on an interface, even if it receives a superior BPDU (lower bridge ID) on that interface, the switch will not accept the new switch as the root bridge. The interface will be disabled. It is a security feature.

Loop Guard

If you enable loop guard on an interface, even if the interface stops receiving BPDUs, it will not start forwarding. The interface will be disabled.

Per-VLAN Spanning Tree (PVST)

Allows the creation of a spanning-tree for each VLAN.

Rapid PVST

An updated STP that creates one spanning tree per vlan, using RSTP and enabling faster convergence. It provides for rapid recovery of connectivity following the failure of a device, a device port, or a LAN.