SkarpSkarp

Chapter 9 of 27

Loop Prevention with Spanning Tree Protocol and Rapid STP

Prevent catastrophic Layer 2 loops by mastering Spanning Tree concepts, port roles, and how Rapid STP accelerates convergence in modern networks.

27 min readen

Why We Need Spanning Tree: The Layer 2 Loop Problem

Redundancy Creates Risk

Redundant Layer 2 links are great for availability, but they can create dangerous loops because Ethernet has no TTL to kill looping frames.

Loop Symptoms

Loops cause broadcast storms, MAC table instability, and high CPU on switches. A single broadcast can multiply and circulate indefinitely.

Triangle Topology Example

Picture three switches in a triangle, all in one VLAN. A broadcast from a PC is flooded around the ring again and again until the LAN is unusable.

What We Need

We need a Layer 2 mechanism that detects redundant paths, builds one loop-free tree for forwarding, and keeps other links as backups.

Enter Spanning Tree

Spanning Tree Protocol prevents loops by placing redundant paths into a blocking state while keeping a loop-free logical topology.

Classic STP Basics: Bridges, BPDUs, and Root Bridge Election

STP and 802.1D

Classic STP comes from IEEE 802.1D. Modern networks use Rapid STP, but the CCNA still expects you to understand the original logic.

What Are BPDUs?

Switches exchange Bridge Protocol Data Units (BPDUs) carrying the current root bridge, root path cost, sender bridge ID, and sender port ID.

Bridge ID Components

Bridge ID = bridge priority + extended system ID (often VLAN ID) + MAC address. Lowest Bridge ID becomes the root.

Election Process

Each switch starts as root. When it hears a BPDU advertising a lower root Bridge ID, it updates its view and forwards the better BPDU.

Controlling the Root

In design, you set a lower spanning-tree priority on your chosen core/distribution switch so it consistently wins root bridge elections.

STP Port Roles and States (802.1D)

Port Roles Overview

STP assigns each port a role: Root Port, Designated Port, or Non-Designated, based on how it fits into the loop-free tree.

Root Port

Each non-root switch chooses one Root Port: the port with the lowest-cost path to the root bridge. Only one RP per switch.

Designated and Non-Designated

For each segment, one port is Designated and forwards. Other ports on that segment become Non-Designated and block to prevent loops.

Port States in STP

Classic states: Blocking, Listening, Learning, Forwarding, Disabled. Only Forwarding passes user data; Learning builds MAC tables.

Slow Convergence

After a change, classic STP may spend about 30 seconds in Listening and Learning before forwarding, leading to noticeable outages.

Rapid Spanning Tree Protocol (RSTP, 802.1w) Concepts

Why RSTP?

Classic STP can take around 30 seconds to converge. RSTP (802.1w) was created to provide much faster recovery from failures.

Modern Variant Definition

Rapid Spanning Tree Protocol (RSTP, 802.1w) is the modern STP variant that provides faster convergence in Layer 2 networks.

New Port Roles

RSTP keeps Root and Designated roles but adds Alternate (backup path to root) and Backup (backup for a designated port).

Simplified States

RSTP uses three states: Discarding, Learning, and Forwarding, collapsing some of the older STP states.

BPDU Changes

With RSTP, every switch generates BPDUs and uses them for rapid handshakes, instead of relying only on the root bridge’s timers.

Visualizing STP and RSTP on a Simple Three-Switch Network

Our Sample Topology

Three switches (SW1, SW2, SW3) form a triangle with trunk links in VLAN 10. All links are equal-cost gigabit connections.

Root Bridge Choice

You configure SW1 with the lowest priority, so it becomes the root bridge for VLAN 10. All its active ports are Designated.

Roles on SW2

SW2’s direct link to SW1 is its Root Port. The link between SW2 and SW3 has one side Designated and the other Non-Designated (blocking).

Roles on SW3

SW3’s direct link to SW1 is its Root Port. The remaining SW3–SW2 link is blocked on one side to prevent a loop.

RSTP Perspective

Under RSTP, the blocked port becomes an Alternate Port in Discarding state, ready to quickly move to Forwarding if the active path fails.

Tuning STP: Priority, Port Cost, and PortFast

Why Tune STP?

You want the logical spanning tree to match your design, not be random. Tuning priority, cost, and PortFast helps you control that.

Setting Root Bridge Priority

Use `spanning-tree vlan X priority <value>` or `spanning-tree vlan X root primary` so your chosen core switch reliably becomes the root.

Adjusting Port Cost

On interfaces, `spanning-tree vlan X cost N` lets you make some links more attractive as root paths by lowering their cost.

PortFast for Edge Ports

Enable PortFast on access ports to end devices so they skip STP delays and go directly to Forwarding, improving host startup times.

BPDU Guard Protection

Combine PortFast with BPDU Guard so if someone accidentally connects a switch, the port shuts down instead of creating a loop.

Thought Exercise: Predicting Root and Port Roles

Use this mental exercise to solidify STP and RSTP behavior.

Scenario

  • Four switches in a line: SW1 - SW2 - SW3 - SW4.
  • All are connected with gigabit trunks in VLAN 20.
  • Priorities:
  • SW1: 4096
  • SW2: 32768 (default)
  • SW3: 32768 (default)
  • SW4: 32768 (default)
  • No manual cost tuning.

Task 1: Root bridge

  1. Which switch becomes the root bridge? Why?
  2. How would the answer change if all priorities were equal but SW4 had the lowest MAC address?

Task 2: Port roles with SW1 as root

Assume SW1 is root. For VLAN 20, decide:

  1. On SW2: which port is Root Port? What is its state?
  2. On SW3: which port is Root Port? What role/state does the port toward SW4 have?
  3. On SW4: which port is Root Port? What is its state?

Task 3: RSTP twist

Now imagine there are two parallel links between SW2 and SW3. With RSTP enabled:

  1. Which link between SW2 and SW3 will be Forwarding?
  2. What RSTP role/state will the other link take?
  3. If the active link fails, what happens to the backup link?

Write down your answers, then check yourself against the solution in your notes or with a lab sim. Focus on being able to justify each role and state using root path cost and tie-breakers.

Quiz 1: STP and RSTP Fundamentals

Test your understanding of core STP and RSTP concepts.

On a non-root switch running RSTP, which port role represents a loop-free backup path toward the root bridge and is typically in a discarding state until needed?

  1. Root Port
  2. Designated Port
  3. Alternate Port
  4. Backup Port
Show Answer

Answer: C) Alternate Port

In RSTP, an Alternate Port is a loop-free backup path toward the root bridge. It normally stays in the Discarding state and can quickly transition to Forwarding if the current Root Port fails. A Backup Port is a backup for a Designated Port on the same shared segment, not a backup path to the root.

Quiz 2: Root Bridge and Port Role Selection

Apply your knowledge of bridge IDs, priorities, and port roles.

You have two switches connected by a single trunk link in VLAN 30. Both run RSTP. Switch A priority is 32768, Switch B priority is 4096. All else equal. Which statement is correct?

  1. Switch A becomes root and its trunk port is a Root Port.
  2. Switch B becomes root and its trunk port is a Designated Port.
  3. Switch A becomes root and its trunk port is an Alternate Port.
  4. Switch B becomes root and its trunk port is a Root Port.
Show Answer

Answer: B) Switch B becomes root and its trunk port is a Designated Port.

Lower bridge priority wins root. Switch B (4096) becomes the root bridge. On a root bridge, all active ports toward the LAN are Designated Ports. Switch A, as a non-root, will have its trunk port as a Root Port, but that option is not listed; the correct statement about the root is that Switch B is root and its trunk is Designated.

Key STP and RSTP Terms Review

Flip these cards to reinforce core definitions and roles before moving on.

Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP) is a Layer 2 protocol that prevents loops in a bridged network by placing redundant paths into a blocking state while maintaining a loop-free logical topology.
Root Bridge
The switch with the lowest Bridge ID (priority + extended system ID + MAC address). It is the logical center of the spanning tree; all path costs are calculated relative to it.
Root Port (RP)
On a non-root switch, the single port that has the lowest-cost path to the root bridge. It forwards traffic toward the root.
Designated Port (DP)
For each network segment, the port that advertises the best path to the root bridge. It forwards traffic for that segment.
Alternate Port (RSTP)
An RSTP port role representing a loop-free backup path toward the root bridge. It is normally in Discarding state and can quickly move to Forwarding if the Root Port fails.
RSTP Definition
Rapid Spanning Tree Protocol (RSTP, 802.1w) is the modern STP variant that provides faster convergence.
PortFast
A Cisco feature that treats a port as an edge port, allowing it to transition directly to Forwarding (bypassing STP delays) when connected to end devices, not other switches.
BPDU Guard
A protection feature that err-disables a PortFast-enabled port if it receives BPDUs, preventing accidental loops from connecting switches to edge ports.

Troubleshooting STP Issues on Cisco Switches

Unexpected Root Bridge

If an access switch becomes root, traffic paths are suboptimal. Use `spanning-tree vlan X priority` or `root primary` on your core to fix it.

Access Port Not Forwarding

If a host port is Blocking/Discarding, verify it is not accidentally linked to another switch, then enable PortFast and BPDU Guard if it is an edge.

Detecting Loops

Loops cause CPU spikes, broadcast storms, and MAC flapping. Use STP and MAC table commands to find and disable the offending link.

Change Carefully

Before tuning STP, always understand your physical topology and which switches should be root and secondary root.

Key Terms

PortFast
A Cisco feature that configures a port as an edge port, allowing it to bypass normal STP state transitions and move quickly to Forwarding when connected to end devices.
Root Port
On a non-root switch, the single port that has the lowest-cost path to the root bridge. It forwards traffic toward the root.
BPDU Guard
A Cisco protection mechanism that shuts down a PortFast-enabled port if it receives BPDUs, preventing accidental loops from connecting switches to edge ports.
Root Bridge
The switch with the lowest Bridge ID in an STP/RSTP domain. It acts as the logical center of the spanning tree; all path costs are measured relative to it.
Alternate Port
An RSTP port role representing a loop-free backup path toward the root bridge, normally in Discarding state, ready to rapidly transition to Forwarding if the Root Port fails.
Bridge ID (BID)
A unique identifier for a switch in STP/RSTP, consisting of bridge priority, extended system ID (often VLAN ID), and MAC address. The lowest BID becomes the root bridge.
Broadcast Storm
A condition in which broadcast traffic is replicated and forwarded endlessly in a Layer 2 network, typically due to loops, consuming bandwidth and CPU resources.
Designated Port
For each network segment, the port that advertises the best path to the root bridge. It forwards traffic for that segment.
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP) is a Layer 2 protocol that prevents loops in a bridged network by placing redundant paths into a blocking state while maintaining a loop-free logical topology.
Bridge Protocol Data Unit (BPDU)
A control frame used by switches running STP or RSTP to exchange information about the root bridge, path cost, and port roles, enabling them to compute a loop-free spanning tree.
Rapid Spanning Tree Protocol (RSTP)
Rapid Spanning Tree Protocol (RSTP, 802.1w) is the modern STP variant that provides faster convergence.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself