Articles

STP and RSTP: Prevent Loops in Switched Networks (2026)

April 18, 2026 6 min read

Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) are fundamental to preventing network loops in switched Ethernet environments, but their real magic lies in how they actively dismantle redundant paths, rather than just detecting a problem after it occurs.

Let’s see it in action. Imagine a simple network: two switches, SW1 and SW2, connected by two links. Without STP/RSTP, if both links were active, traffic could endlessly loop between the switches, flooding the network and bringing it to a halt.

+-------+       +-------+
|       |       |       |
|  SW1  |-------|  SW2  |
|       |       |       |
+-------+       +-------+
    ^               ^
    |               |
  Link 1          Link 2

Here’s how STP would typically handle this. One of the links will be designated as the "blocking" port, effectively disabling it to break the potential loop.

STP/RSTP in Action: A Basic Example

Consider two Cisco switches, SW1 and SW2, connected by interfaces GigabitEthernet1/0/1 on SW1 and GigabitEthernet1/0/1 on SW2.

On SW1, if we were to enable STP (which is usually on by default):

SW1# show spanning-tree interface GigabitEthernet1/0/1 detail

Interface GigabitEthernet1/0/1
        Hardware is Ethernet, address is 001a.a1b2.c3d4
        Description: Link to SW2
        Configured type is auto
        Port is 1000 Mbps, half-duplex
        Port fast is disabled
        BPDU guard is disabled
        BPDU filter is disabled
        Port type is auto
        Network type is point-to-point
        Port role is Designated Port
        Port state is Forwarding
        BPDU sent 1000, BPDU received 1000
        Root path cost is 0
        Root port cost is 0
        Timers: message_age 0, forward_delay 0, max_age 0, hello 2
        Timers: topology_change 0, root_change 0
        BPDU-Guard: Disabled
        BPDU-Filter: Disabled
        *** Designated Root Port ***
        Designated Bridge is 001a.a1b2.c3d4
        Designated Port ID is 128.1
        Designated Cost is 19

(Note: The exact output will vary based on switch model, IOS version, and network state. The key is to look for Port role and Port state.)

On SW2, connected to SW1:

SW2# show spanning-tree interface GigabitEthernet1/0/1 detail

Interface GigabitEthernet1/0/1
        Hardware is Ethernet, address is 001a.a1b2.c3d4
        Description: Link to SW1
        Configured type is auto
        Port is 1000 Mbps, half-duplex
        Port fast is disabled
        BPDU guard is disabled
        BPDU filter is disabled
        Port type is auto
        Network type is point-to-point
        Port role is Alternate Port
        Port state is Blocking
        BPDU sent 1000, BPDU received 1000
        Root path cost is 20
        Root port cost is 20
        Timers: message_age 0, forward_delay 0, max_age 0, hello 2
        Timers: topology_change 0, root_change 0
        BPDU-Guard: Disabled
        BPDU-Filter: Disabled
        *** Alternate Port ***
        Designated Bridge is 001a.a1b2.c3d4
        Designated Port ID is 128.1
        Designated Cost is 19

Here, SW1’s port is the "Designated Port" in a "Forwarding" state, meaning it’s active and passing traffic. SW2’s port is an "Alternate Port" in a "Blocking" state. This blocking port is the one that STP has chosen to disable to prevent a loop. If the active link (SW1’s GigabitEthernet1/0/1) fails, SW2’s blocking port will transition to a forwarding state, and traffic will resume.

The Mental Model: Electing a Root Bridge and Building a Tree

The core problem STP/RSTP solves is redundancy. When you have multiple paths between switches, you risk broadcast storms and MAC address table instability. STP/RSTP creates a loop-free logical topology by electing a single "Root Bridge" and then ensuring that all other switches have a single path back to that Root Bridge.

  1. Root Bridge Election: All switches send out "Bridge Protocol Data Units" (BPDUs). These packets contain the bridge priority and MAC address. The switch with the lowest bridge priority (and then the lowest MAC address as a tie-breaker) becomes the Root Bridge. The Root Bridge is the ultimate destination in the tree.

  2. Root Port Election: On every non-root switch, the port that offers the lowest "path cost" to the Root Bridge is elected the "Root Port." This is the primary path from that switch to the root.

  3. Designated Port Election: For each network segment (link between switches or a segment connected to end devices), one switch’s port is elected the "Designated Port." This is the port responsible for forwarding traffic onto that segment. It’s typically the port with the lowest path cost to the Root Bridge.

  4. Blocking Ports: Any port that is not a Root Port or a Designated Port becomes a "Blocking Port." These ports are essentially shut down by STP/RSTP to prevent loops. They listen for BPDUs but do not forward user data.

RSTP: The Speed Demon

RSTP (802.1w) is an evolution of STP (802.1d). While STP can take 30-50 seconds to converge after a topology change (due to timers like Forward Delay and Max Age), RSTP can converge in as little as a few milliseconds to a few seconds. It achieves this by:

  • New Port Roles: RSTP introduces "Alternate Ports" (which would have been Blocking in STP) and "Backup Ports" (for redundant links to the same segment).
  • Edge Ports: Ports connected to end devices (PCs, servers) can be configured as "Edge Ports" (similar to PortFast in STP). These ports immediately transition to Forwarding and do not generate topology change notifications.
  • Proposal/Agreement Mechanism: RSTP uses a handshake between switches to quickly negotiate port roles and states, bypassing the slow timer-based transitions of STP.

Key Configuration Levers

  • Bridge Priority: spanning-tree vlan <vlan-id> priority <value> (lower is better). You can set specific switches to be the root bridge by giving them a very low priority.
  • Path Cost: spanning-tree vlan <vlan-id> cost <value> (lower is better). This influences which port is chosen as the Root Port. Higher bandwidth links typically have lower default costs.
  • PortFast/Edge Port: spanning-tree <interface> portfast or spanning-tree <interface> edgeport (enables immediate transition to Forwarding for end devices).
  • BPDU Guard: spanning-tree <interface> bpduguard enable (disables a port if it receives a BPDU, assuming an end device is connected and shouldn’t be sending BPDUs).
  • Root Guard: spanning-tree <interface> rootguard enable (prevents a port from becoming a Root Port, useful on ports connected to downstream switches to ensure a specific switch remains the root).

STP and RSTP operate by constantly exchanging BPDUs. These small packets are the lifeblood of the loop prevention mechanism, allowing switches to understand the network topology and make decisions about which ports should be active and which should be blocked.

The most surprising aspect of STP/RSTP is how it uses active negotiation and a defined hierarchy to pre-emptively disable redundant paths, rather than just reacting to a loop once it has formed.

The next logical step after mastering loop prevention is understanding how to manage traffic flow across the active paths, which leads into concepts like EtherChannel and Quality of Service (QoS).

Want structured learning?

Take the full Computer Networking course →