Spanning Tree Protocol

Configuring Spanning Tree Protocol Costs on a Cisco Switch

The purpose of the Spanning Tree Protocol (STP) is to prevent loops on a switched or bridged network. STP is enabled on Catalyst 1900 series switches by default. In fact, one instance of Spanning Tree is enabled for each and every VLAN.

In earlier articles we examined some of the default settings relating to the Spanning Tree Protocol, including bridge priorities, port costs, and port priorities. These settings can all be changed from their default values if required.

The cost or priority of a switch interface is changed using the spantree command from interface configuration mode. Notice that the cost associated with a port can range between 1 and 65536, while the priority of a port can be set to any number between 0 and 255.

Cisco1912#config t Enter configuration commands, one per line. End with CNTL/Z Cisco1912(config)#interface f0/27 Cisco1912(config-if)#spantree ? cost Change an interface's spanning tree path cost priority Change an interface's spanning tree priority start-forwarding Allow a change from blocking to forwarding Cisco1912(config-if)#spantree cost ? <1-65535> Change an interface's spanning tree path cost Cisco1912(config-if)#spantree priority ? <0-255> Change an interface's spanning tree priority

In order to simplify the configuration of Spanning Tree on a switch, global settings are configured using what are known as Spanning Tree templates. These templates include settings such as bridge priority, hello interval, and so forth. On a Cisco 1900 switch, up to four templates can be defined. Ultimately, these templates can be applied to different VLANs, allowing you to configure STP settings once for many different VLANs. By default, all VLANs have the first Spanning Tree template applied, as shown below.

Cisco1912#show span? Spantree spantree-option spantree-template Cisco1912#show spantree-template 1

Bridge Template 1 Bridge Priority : 32768 (8000 hex) Max age when operating as root : 20 second(s) Hello time when operating as root : 2 second(s) Forward delay when operating as root : 15 second(s) VLANs assigned to option : 1-1005

Some of the default values shown above should look familiar. Notice that the default bridge priority is set to 32768, and that the hello interval is set to 2 seconds by default.
If you wanted a particular switch to become the root bridge, it would be a good idea to lower its priority value. This is accomplished using the spantree-template 1 priority command, as shown below. In this case, I have set the priority value to 1000.

Cisco1912#config t Enter configuration commands, one per line. End with CNTL/Z Cisco1912(config)#spantree-template 1 ? forwarding-time Set a Spanning Tree FORWARD Interval hello-time Set a Spanning Tree HELLO Interval max-age Set a Spanning Tree MAX AGE Interval priority Set a Spanning Tree PRIORITY vlan Assign up to ten VLANs to a bridge template Cisco1912(config)#spantree-template 1 priority 1000 Cisco1912(config)#exit Cisco1912#show spantree-template 1

Bridge Template 1 Bridge Priority : 1000 (3E8 hex) Max age when operating as root : 20 second(s) Hello time when operating as root : 2 second(s) Forward delay when operating as root : 15 second(s) VLANs assigned to option : 1-1005

There may of course be times where you want to turn Spanning Tree off, for example if your network topology is loop-free. This is accomplished by issuing the no spantree command from global configuration mode, followed by the VLAN number for which you want Spanning Tree disabled. To re-enable Spanning Tree, simply remove the no option.

Cisco1912(config)#no spantree 100 Cisco1912(config)#spantree 100

Spanning Tree Protocol Convergence

While our network is now loop free, STP keeps working away. BPDUs are still sent out at 2-second intervals to be sure that things are how they should be. If at any point a bridge doesn’t hear from another bridge, the topology will need to be recalculated. For example, let’s say that bridge B fails. Bridge C will stop receiving BPDUs on its blocked port. Once 20 seconds have passed without receiving a BPDU from Bridge B, Bridge C will:

First go into a listening state for 15 seconds. During the listening state, a bridge is examining BPDUs sent by other bridges.
Then go into a learning state for 15 seconds. During this time, the bridge is building the MAC address table for the connected segment. Remember that it was in a blocked state previous to this.

After these stages, Bridge C will become the new designated bridge for segment BC, and will begin forwarding frames. Note that convergence took about 50 seconds to complete – 20 seconds waiting for a BPDU, plus 15 seconds listening and 15 seconds learning. The time during which a switch is listening and learning is referred to as the Forward Delay.

While a number of BPDUs are passed back and forth while a Spanning Tree topology is being calculated, in truth calculating a Spanning Tree topology is really no more than a three-step process:

Elect the Root Bridge
Elect a Root Port on each non-Root Bridge
Elect one Designated Port on each network segment.

Once these steps are completed, a network should be loop free. However, you should also recall that while listening or learning, ports are not forwarding frames. A network is converged once all bridges have switched to a forwarding or blocking state.

Spanning Tree Protocol Designated Ports

You may have noticed that we haven’t talked about loops yet. If you look back at Figure 3-5, a loop definitively exists. On each network segment, one port needs to be chosen at the Designated Port. The responsibility of the Designated Port is to act as the single interface to forward traffic destined for the Root Bridge. Recall that in our network example, 3 segments exist. Refer back to Figure 5 to review the costs associated with each port on our network.

To choose the Designated Port, another election needs to take place. Bridges compare their port costs to decide who gets to be the Designated Port for that segment. Consider each segment in this figure:

On segment AC, the Designated Port will be port 2 on bridge A. That’s because port 2 on bridge A has a cost of 0, while port 1 on bridge C has a cost of 19.

On segment AB, the Designated Port will be port 1 on bridge A. Again, port 1 on bridge A has a cost of 0, while port 1 on bridge B has a cost of 19. Since their port cost is always 0, it should be clear that ports on the Root Bridge will always be Designated Ports for their connected segments.

On segment BC, there is a tie. Port 2 on each bridge has a cost of 19. As such, the Designated Port will be the switch with the lowest MAC address. In this case that’s bridge B, so port 2 on bridge B will become the Designated Port.

Note that after all this is done, all traffic from segment BC will be forwarded out port 2 on switch B. Port 2 on switch C will be put into blocking mode, as shown in the figure below. Notice also that there are no longer any loops on our network.

Figure: Designated Ports for each segment.

On any given segment, the bridge that has the current Designated Port is also known as the designated bridge.

Spanning Tree Protocol Root Ports

After the Root Bridge has been elected, it’s time for bridges to designate what are known as Root Ports. Before we can look at how Root Ports work, you need to know something about port costs. Obviously some ports are faster than others, and usually a faster port will be used to interconnect switches. As such, ports have what is known as a cost value, based on their speed. The lower a cost value, the faster a port. Table 3-1 outlines cost values used in STP calculations. It’s worth noting that when originally defined by the IEEE, 1 Gbps seemed like the fastest possible port speed. As such, there are two cost ranges that you’ll find on switches. The first column shows the original IEEE Spanning Tree port costs, and the second shows the new cost numbers. The Cisco 1900 switch uses the original IEEE values by default. Note that port cost values can also be changed.

Table: Original and new IEEE port costs.

Port Speed	Original IEEE Port Cost	New IEEE Port Cost
1 Gbps	1	4
100 Mbps	10	19
10 Mbps	100	100

Remember that a cost is associated with a port. These cost values are used in calculating which port will be the Root Port for any given bridge. All Non-Root Bridges will have one Root Port.

The figure below outlines why designating a Root Port is important. In it, bridges are exchanging BPDUs to try and find the lowest cost to the Root Bridge. Note that Bridge A is the Root Bridge in this case. Because it is the Root Bridge, both of its ports have a cost of 0. In this example, all of the bridges are connected using 100Mbps links. The port cost outlined in the table for a 100Mbps link is 19 (using the new IEEE costs).

Let’s walk through the process step by step. The Root Bridge will send out BPDUs with a cost of 0. These BPDUs will go to the 100Mbps port 1 on both bridges B and C. Since these ports have a cost of 19, the cost associated with port 1 on switches B and C reaching the Root Bridge is 19.

Figure: Port costs and Root Ports.

Now since B and C are also connected on segment BC with 100Mbps ports, these ports will also forward out BPDUs. Let’s assume that B is sending a BPDU to C. In it, it will announce a cost of 19 to reach the root. When it reaches C, this bridge will add its port cost of 19 to the value in the BPDU. As such, bridge C knows that it can reach the Root Bridge using port 2 with an aggregate cost of 38, or it can reach the Root Bridge with a cost of 19 using port 1. For bridge C, the Root Port becomes port 1, as it does for Bridge B as well. For both bridges B and C, port 1 represents the lowest cost to the root.

To summarize, a Root Port is the port on a switch that has the lowest cost path to the Root Bridge.

Spanning Tree Protocol Root Bridge

The first critical concept in understanding Spanning Tree is that of the Root Bridge. In any Spanning Tree instance, there is only one Root Bridge, and it must be elected. The Root Bridge is elected in the initial exchange of BPDUs between bridging devices. But how does the Root Bridge get elected? That’s simple. In networks running STP, every bridge has a priority value associated with it. By default, the priority of all bridges is 32,768, unless changed by an administrator. The bridge with the highest priority gets to be the Root Bridge. But wait – you’ll need to remember that the highest priority is the bridge with the lowest priority value. That is, a bridge priority of 1000 would beat the default priority of 32,768.

You have probably never touched bridge priorities. So if all the priorities are equal, who wins? That answer is the bridge with the lowest MAC address. All BPDUs contain a field called the Bridge ID (BID), which is actually made up of both the bridge’s priority and its MAC address. In cases where all priorities are equal, the bridge with the lowest MAC address gets to be the Root Bridge. Consider Figure the figure below, where Bridge A will become the Root Bridge, based on its MAC address.

Figure: Root Bridge election using priorities and MAC addresses.

So why should you care about a Root Bridge? The answer is that all other bridging devices need to calculate a path to the Root Bridge in order to make decisions on which links will be used, and which will not. By calculating the distance to the Root Bridge, not only does STP work to build a loop-free topology, but also one that will have the shortest distance between devices. In the case of STP, “shortest” refers to the path that has the lowest aggregate cost to the root. We’ll discuss aggregate costs in just a moment.

Tip: When bridge priorities are equal, the switch with the lowest MAC address will become the root bridge.

Let me start by saying that there are still many network administrators out there who consider the words “Spanning Tree” to be evil. This stems from the fact that many networks were first segmented using bridges, and this is where Spanning Tree got its start. The main problem is that just like anything else; Spanning Tree doesn’t work by magic. When a network is designed with redundancy and a link fails, it takes time to figure everything out and get back up to date – a process referred to as convergence. When a network using Spanning Tree does experience a failure, it can take anywhere between 30 seconds to over a minute for the network to converge. On a less-than-reliable large network, this can cause just as many headaches as it solves. To that end, many network administrators stopped using Spanning Tree and instead designed their networks loop-free, deciding that the lack of redundancy was better than dealing with convergence issues. In fact, once routing became a popular way to segment a network, many folks thought they had seen the end of Spanning Tree.

That was of course until Layer 2 switching became popular, reintroducing the need for the Spanning Tree Protocol on networks. The good news is that in the meantime, networks and equipment have gotten much more reliable. In that way, Spanning Tree isn’t nearly as painful as it once might have been, although the protocol itself still works in the same way it used to.

Spanning Tree isn’t nearly as difficult as most people make it out to be. At the most basic level, Spanning Tree’s job is to eliminate loops in a bridged or switched network that are caused by redundant paths. It does this by learning the topology of the network, and then selectively blocking ports to eliminate any loops. This is where the ‘tree’ part comes in. Instead of a network with loops, with Spanning Tree what you end up with is a tree-like structure of branches. When a failure occurs, Spanning Tree recalculates the topology, and makes use of the redundant path. If you keep this in mind as you’re trying to understand the protocol, you’ll really find that Spanning Tree isn’t that complex.

Tip: Spanning Tree’s main purpose is eliminate loops caused by redundant links on switched or bridged networks.

On most switches, Spanning Tree is turned on by default, mainly to help save you from yourself. You might accidentally introduce a loop to your network without really thinking about it when adding new equipment. To that end, Spanning Tree can also be turned off; although you’ll want to be sure that you really understand your network connections before doing that. By default, an instance of Spanning Tree runs on each VLAN that you’ve configured, although it can be turned off on a per-VLAN or global basis. When turned on, a switch using 802.1d will communicate with other switches using Spanning Tree to calculate its configuration. A Spanning Tree port can be in one of four states. These include:

Listening. In this state, a port is listening to Spanning Tree messages (BPDUs) and attempting to figure out how the network is configured.
Learning. In this state, a port is adding addresses to its MAC table, but not yet forwarding frames.
Forwarding. When in this state, a port is sending and receiving data as normal. During normal operation, a port will be in either a forwarding or a blocking state.
Blocking. When in this state, a port will neither send nor receive data, but will listen to network messages relating to Spanning Tree. By default, all ports are in blocking mode when a switch is first powered on.

So how is the state of a port decided? Well, messages are passed between bridges or switches that are referred to as Bridge Protocol Data Units (BPDUs). BPDUs are very small frames sent using multicasts to let other switches now about the network topology with respect to Spanning Tree. We’ll reference BPDUs often as we look at how the Spanning Tree topology is built.

Broadcast Storms

A broadcast storm occurs when packets are continuously forwarded around a network, grinding it to a halt. This is most easily illustrated with a simple example. Consider the network in Figure 3-1, with two bridges (Bridge A and Bridge B) connecting network segments 1 and 2. At first glance, the network probably looks good – if one of the two bridges fails, a second redundant path to the other segment exists. However, this design quickly becomes problematic, as I describe in the steps below.

Figure: Bridged network with redundancy.

Imagine that Computer 1 wants to send a frame to Computer 2. Let’s say that the bridges have already discovered that Computer 1 is on segment one, and that Computer 2 is on segment 2, and they have already added both to their MAC address tables. This is outlined in the figure below.

Bridge A MAC Table		Bridge B MAC Table
MAC	Interface	MAC	Interface
Computer 1	1	Computer 1	1
Computer 2	2	Computer 2	2

Remember that both segments are shared. As such, when Computer 1 sends a frame, both Bridge A and Bridge B will see it. Herein lies the first problem – both bridges see the frame and both will forward it. This means that 2 frames will be forwarded onto segment 2, even though only one was originally sent.

When those frames are forwarded, we have an even bigger problem. The frames will not only arrive at Computer 2 twice, but will also end up being encountered by both bridges on their segment 2 interfaces, as shown in the figure below.

Figure: Frame forwarded by both Bridge A and Bridge B.

So why is this a problem? Well, you’ll need to recall how a bridge builds its forwarding table. In this case, Bridge A will see the frame forwarded by Bridge B, and will look at the source address. The source address is still that of Computer 1. Because of this, Bridge A will now think that Computer 1 has been moved to segment 2, and will change its MAC address table. In the same way, Bridge B will see the frame forwarded by Bridge A, and will do the same. See the problem starting already?

Now let’s say that Computer 2 responds. The bridges will not forward these frames, because they think that Computer 1 is also on segment 2. Since Computer 1 never gets a response, it sends the original frame again – a bigger problem. The bridges now believe that Computer 1 is again on segment 1 (by looking at the source MAC address), and change their MAC tables yet again. 2 frames again get forwarded, and so on. Ultimately this corrupts the MAC address table. Based on the quantity of traffic being moved (remember, it could be many systems transmitting), a broadcast storm takes over the network. All this happens simply because we wanted a little redundancy.

So how do you avoid this scenario? Am I saying that you can’t have redundant links between switches? Not at all, but you will need a little help. In order to avoid the loops just described, you’ll need to use something called Spanning Tree Protocol (STP), defined in standard 802.1d. It will eliminate network loops until an active link loses connectivity. When this happens, Spanning Tree will automatically reconfigure the network to use the redundant path.

Layer 2 Switching

In Chapter 2 we covered a basic overview of bridging and switching functions, including a look at how these devices help to segment a network into a number of smaller collision domains. In this chapter we’ll go many steps further, with a look at switching methods, loop avoidance, Virtual LANs, Spanning Tree Protocol, trunk connections, frame tagging, Token Ring switching, and Cisco Catalyst switch models.

For the purpose of the CCNA exam, you’ll need to be familiar with the configuration of Cisco Catalyst 1900 series switches, the most basic manageable switches that Cisco offers. These particular switches have two different configuration modes – one menu-driven, the other command line-based. The 1900 comes with one of two software versions – the Enterprise version includes the command line interface (CLI), while the Standard Edition does not. In this chapter we’ll stick to the initial configuration of a 1900 using a terminal session and the menu interface. Getting into the command line at this point would be premature, since we haven’t examined the Cisco Internetwork Operating System (IOS) yet. For that reason, the 1900 configuration details can be found in Appendix A. By the time we get there, you’ll almost be an IOS pro.

The material to be covered in this chapter includes:

Cisco switching methods
Redundancy and loop avoidance on bridged and switches networks
Spanning Tree Protocol
Virtual LANs (VLANs)
Trunking and VLAN identification
Cisco Catalyst 1900 initial configuration
Layer 2 multicasting techniques
Cisco switching equipment

Switching Reviewed

By this point, you should be familiar with the basic benefits that a switch provides. You know that a switch segments a network into smaller collision domains, and this helps to provide better performance and throughput. You also have an awareness of how a MAC address table is built, and how a bridge or switch makes forwarding/filtering decisions. Finally, you should recall that when a computer is plugged directly into its own switch port, full duplex communication becomes possible. The ability to communicate without collisions makes full bandwidth available to systems. For example, if two Fast Ethernet network cards are plugged into individual 100 Mbps switch ports, they become capable of simultaneously sending and receiving 100 at Mbps. While some people (including marketers, of course!) will suggest that this means the card is capable of 200 Mbps performance, this is stretching the truth. The card can only transmit or receive in either direction at a maximum of 100 Mbps, even if it can do both at the same time.

While a switch goes a long way towards providing better network performance, you have to remember that at the end of the day, it’s still only a Layer 2 device. Because of that, all broadcasts and multicasts will still be forwarded (or flooded) out all switch ports, along with frames whose destination address isn’t yet known to the switch.

Does a switch allow networks to grow larger than when hubs are used? Certainly. However, in order to provide a higher level of performance and cut down on broadcast traffic, a large network will still need to be split into different broadcast domains. This still requires the use of routers– keep this in mind when you’re thinking about network switching.

Tip: Remember that a switch or a bridge will create a larger number of smaller collision domains.

New IEEE Port Cost

Switching Reviewed