Spanning Tree Protocol (STP) is a network layer protocol that prevents switching loops by creating a loop-free logical topology.
Let’s see STP in action. Imagine a simple network with three switches: SW1, SW2, and SW3. SW1 is connected to SW2, and SW2 is connected to SW3. To add redundancy, SW1 and SW3 are also connected directly.
+-------+ +-------+ +-------+
| |-------| |-------| |
| SW1 | | SW2 | | SW3 |
| |-------| |-------| |
+-------+ +-------+ +-------+
\___________________________________/
Without STP, if SW2 forwards a broadcast frame from SW1 towards SW3, and SW3 forwards it back to SW1, and SW1 forwards it back to SW2, you’ve got a loop. Broadcasts will multiply infinitely, consuming all bandwidth and crashing the network.
STP solves this by electing a Root Bridge, which is the switch with the lowest Bridge ID (a combination of priority and MAC address). All other switches are non-Root Bridges. The Root Bridge sends out superior Bridge Protocol Data Units (BPDUs) every 2 seconds.
For each network segment (the link between two switches), STP selects a Designated Bridge. This is the switch that has the lowest path cost to the Root Bridge. The port on the Designated Bridge connected to that segment becomes a Designated Port.
On non-Root Bridges, STP selects a Root Port for each switch. This is the port with the lowest path cost to the Root Bridge.
Finally, any port that is not a Root Port or a Designated Port is a Blocked Port. Blocked ports do not forward traffic, effectively breaking the loop.
Here’s how it looks with our three switches. Let’s say SW2 has the lowest Bridge ID and becomes the Root Bridge.
- Root Bridge Election: SW2 is elected Root Bridge.
- Root Port Selection:
- SW1 will have its port connected to SW2 as its Root Port.
- SW3 will have its port connected to SW2 as its Root Port.
- Designated Port Selection:
- On the segment between SW1 and SW2, SW2’s port is the Designated Port.
- On the segment between SW2 and SW3, SW2’s port is the Designated Port.
- On the segment between SW1 and SW3, one of them will become the Designated Bridge. Let’s say SW1 has a lower path cost to the Root (SW2) through its Root Port. Thus, SW1’s port connected to SW3 is the Designated Port.
- Blocked Port: SW3’s port connected to SW1 will be blocked.
+-------+ +-------+ +-------+
| |-------| |-------| |
| SW1 | | SW2 | | SW3 |
| (Root)|<------| (Root)|------>| (Root)|
| Port | | Port | | Port |
+-------+ +-------+ +-------+
\________/ \________/
Designated Designated
Port Port
| |
+----(Blocked)----+
The actual path cost is determined by the speed of the links. Faster links have lower costs. Common costs:
- 10 Gbps: 2
- 1 Gbps: 4
- 100 Mbps: 19
- 10 Mbps: 100
The default STP priority is 32768. If two switches have the same priority, the switch with the lowest MAC address wins. You can manually set the priority on a switch to influence root bridge election. For example, to make SW1 the root bridge, you’d configure spanning-tree vlan 1 priority 4096 on SW1.
STP has different versions. Rapid Spanning Tree Protocol (RSTP) is a much faster version that reduces convergence time from 30-50 seconds to a few seconds. It defines new port states (Discarding, Learning, Forwarding) and port roles (Root, Designated, Alternate, Backup). An Alternate port is one that provides an alternative path to the root, and a Backup port is one that provides a redundant path to a segment where another port on the same switch is already Designated. These ports are in a Blocking (Discarding) state but are ready to take over quickly if a primary path fails.
A key detail often overlooked is that the entire spanning tree calculation is done independently for each VLAN. This means a separate STP instance runs for VLAN 1, another for VLAN 2, and so on. If you have a loop in VLAN 10, it won’t affect traffic in VLAN 20, because STP will block a port for VLAN 10 but keep it forwarding for VLAN 20. This is why configuring STP per-VLAN is crucial for effective network segmentation.
After STP is fully converged and no loops exist, you’ll still see BPDUs being exchanged on active links.