Introduction
Redundant switch links improve availability, but they can also create Layer 2 loops. The Spanning Tree Protocol (STP) prevents loops by placing some redundant switch ports into a blocking state while keeping backup paths available.
Learning Goals
By the end of this module, you should be able to:
- Explain why Layer 2 redundancy can create loops.
- Describe broadcast storms and MAC address instability.
- Explain how STP creates a loop-free topology.
- Identify root bridge, root ports, designated ports, and alternate ports.
- Compare STP and RSTP concepts.
- Explain PortFast and BPDU Guard.
Redundancy in Layer 2 Networks
Redundant links are useful because they provide backup paths when a cable, port, or switch fails. However, Ethernet frames do not have a time-to-live field like IP packets. If a Layer 2 loop exists, frames can circulate indefinitely.
Problems caused by Layer 2 loops include:
- repeated broadcast frames,
- duplicate frames arriving at hosts,
- unstable MAC address table entries,
- high CPU and bandwidth usage,
- network-wide outages from broadcast storms.
Broadcast Storms
A broadcast storm occurs when broadcasts are endlessly replicated through a looped Layer 2 topology. Because switches flood broadcasts, each loop can multiply the amount of traffic. The network may become unusable even though the physical links are still up.
Purpose of STP
STP builds a logical tree topology from a physical topology that may contain redundant links. It keeps selected ports forwarding and places other ports into a non-forwarding state. If an active path fails, STP can recalculate and activate a backup path.
How STP Builds a Loop-Free Topology
STP uses Bridge Protocol Data Units (BPDUs) exchanged between switches. From these messages, switches choose:
- the root bridge,
- each non-root switch's root port,
- each segment's designated port,
- any alternate or blocked ports needed to prevent loops.
Root Bridge Election
The root bridge is the reference point for the spanning tree. The switch with the lowest Bridge ID becomes the root bridge.
The Bridge ID includes:
- bridge priority,
- extended system ID, often related to VLAN ID,
- switch MAC address.
Lower values win. Administrators can influence the root bridge by setting bridge priority.
Activity: Set the Root Bridge
Root Ports
Every non-root switch selects one root port. The root port is the switch's best path toward the root bridge. STP chooses it based on lowest total path cost. If costs tie, STP uses additional tiebreakers such as upstream bridge ID and port ID.
Designated Ports
Each network segment has one designated port. This port is the best forwarding path from that segment toward the root bridge. Designated ports forward traffic.
On the root bridge, all active ports are designated ports because the root bridge is already the center of the STP topology.
Alternate and Blocked Ports
An alternate port provides a backup path but does not forward regular traffic while the current topology is stable. Blocking redundant ports prevents loops while preserving backup connectivity.
Activity: Predict STP Roles
STP Port States and Timers
Classic STP uses states such as blocking, listening, learning, forwarding, and disabled. These states help prevent loops during topology changes.
Common timers include:
- Hello timer: how often BPDUs are sent.
- Forward delay: time spent in listening and learning states.
- Max age: how long BPDU information is kept before being considered stale.
Per-VLAN Spanning Tree
Cisco environments often run a separate spanning tree instance per VLAN. This allows different VLANs to use different root bridges and forwarding paths. It can improve load distribution, but it also requires careful planning.
Evolution of STP
Several STP variants exist:
- STP (802.1D): Original spanning tree behavior.
- PVST+/Per-VLAN STP: Separate STP instance per VLAN in Cisco environments.
- Rapid STP (RSTP/802.1w): Faster convergence than classic STP.
- Rapid PVST+: Cisco per-VLAN implementation of rapid spanning tree behavior.
- MST: Maps multiple VLANs to fewer spanning tree instances.
RSTP Concepts
RSTP improves convergence by using faster state transitions and updated port roles. Common RSTP roles include root, designated, alternate, and backup. RSTP port states are simplified into discarding, learning, and forwarding.
PortFast and BPDU Guard
PortFast allows an edge port connected to an end device to move quickly to forwarding. It should not be used on ports connected to other switches.
BPDU Guard protects edge ports. If a BPDU is received on a PortFast-enabled edge port, BPDU Guard can shut the port down to prevent accidental or malicious switch connections.
Activity: Secure an Edge Port
Alternatives to STP
Some modern designs reduce reliance on STP by using Layer 3 links, routed access designs, chassis virtualization, link aggregation, or fabric technologies. Even so, STP remains important because many switched networks still need Layer 2 loop protection.
Summary
STP prevents Layer 2 loops by calculating a loop-free forwarding topology. It elects a root bridge, selects forwarding ports, and blocks redundant paths until needed. RSTP improves convergence, while PortFast and BPDU Guard help secure and speed up edge ports.