The single switch elected by STP as the logical center of the Layer 2 topology. It has the lowest Bridge ID (priority + MAC). All path cost calculations are measured relative to the root bridge.

On a non-root switch, the port with the lowest-cost path to the root bridge. There is exactly one root port per non-root switch, and it is always in the forwarding state.

On each network segment, the port that has the lowest path cost to the root bridge. Designated ports are responsible for forwarding frames toward that segment and are in the forwarding state.

Alternate port (RSTP)

An RSTP port role that provides a backup path to the root bridge. It corresponds to a blocking port in classic STP and can rapidly transition to forwarding if the active path fails.

A Cisco feature applied to access ports that allows them to transition immediately to the forwarding state, bypassing normal STP listening and learning delays. Intended only for end-host ports.

On a non-root switch, the port with the lowest-cost path to the root bridge. There is exactly one root port per non-root switch, and it is always in the forwarding state.

A Cisco protection feature that shuts down a PortFast-enabled port if it receives a BPDU, placing it into err-disabled state to prevent potential Layer 2 loops.

Spanning Tree Protocol and Rapid Spanning Tree Protocol — CCNA 200-301 Deep-Dive Masterclass: Network Fundamentals, Security, and Automation

Why We Need STP in Switched Networks

Redundancy vs. Loops

We add multiple links between switches for redundancy, but Ethernet has no loop prevention. A physical loop between switches can cause severe problems in a VLAN-based, trunked campus network.

Loop Symptoms

Layer 2 loops lead to broadcast storms, multiple copies of unicast frames, and MAC table instability as the same source MAC rapidly appears on different ports.

Role of STP

Spanning Tree Protocol (STP) prevents loops by keeping redundant paths physically present but logically blocking just enough links to create a single loop-free active path.

CCNA Skill Focus

You must be able to look at a topology, spot potential loops, and predict which ports STP will block to maintain redundancy without creating Layer 2 loops.

STP Fundamentals: Bridges, BPDUs, and the Root Bridge

STP and BPDUs

STP (IEEE 802.1D) uses Bridge Protocol Data Units (BPDUs) to share topology info so switches can agree on a loop-free tree and decide which ports forward or block.

Bridge ID Basics

Each switch has a Bridge ID: a 2-byte priority (default 32768) plus a 6-byte MAC address. With VLAN-aware STP, the VLAN ID is folded into the priority field.

Root Bridge Election

All switches initially think they are root. When they see a BPDU with a lower Bridge ID, they yield. The switch with the lowest priority, then lowest MAC, becomes the root.

Design Tip

Do not let the root be random. On Cisco, set core/distribution switches as root for key VLANs using root primary or by lowering STP priority.

STP Path Cost, Port Roles, and Port States

Path Cost

STP uses path cost based on link speed. The total cost to the root is the sum of per-port costs along the path; lower total cost is preferred.

Port Roles

Root port: best path to root on each non-root switch. Designated port: best path on each segment. Other ports become non-designated and are candidates to block.

Port States

Classic STP uses Blocking, Listening, Learning, Forwarding, and Disabled. Only forwarding ports carry user traffic; blocking ports only listen to BPDUs.

Why It Matters

Understanding roles and states lets you predict which ports will forward or block and how long convergence will take after a change.

Predicting Root Bridge, Root Ports, and Blocked Ports

Step 1: Identify the Root

Switch A has priority 24576, while B and C have 32768. Since A’s Bridge ID is lowest, A becomes the root bridge for this topology.

Step 2: Choose Root Ports

On B and C, the direct 1 Gb/s links to A have cost 4, better than any two-hop path. So the ports facing A are root ports and will forward.

Step 3: Decide on B–C Link

On link B–C, both have equal path cost (4) to the root. Tie-breaker is Bridge ID: B wins, so B’s port is designated, C’s port blocks.

Resulting Tree

All A ports forward; B has a root and a designated port; C has a root and a blocking port. The physical triangle becomes a logical loop-free tree.

Rapid Spanning Tree Protocol (RSTP, 802.1w): Modern Convergence

Why RSTP?

Classic STP can take 30–50 seconds to converge after a change. RSTP (802.1w) was created to provide much faster, often sub-second, convergence.

RSTP on Cisco

Cisco uses RSTP in MST mode and Rapid PVST+ for per-VLAN trees. Rapid PVST+ applies RSTP logic separately to each VLAN.

New Roles and States

RSTP keeps root and designated ports and adds alternate and backup roles. It reduces states to discarding, learning, and forwarding.

Faster Convergence

RSTP uses proposal/agreement handshakes instead of just timers, allowing ports to transition to forwarding much more quickly after a topology change.

Cisco STP/RSTP Modes, PortFast, and BPDU Guard

Cisco STP Modes

Cisco supports pvst, rapid-pvst, and mst. For CCNA, focus on PVST+ (classic per-VLAN STP) and Rapid PVST+ (per-VLAN RSTP).

PortFast

PortFast is enabled on access ports to end devices. It lets ports go immediately to forwarding, avoiding STP delays for PCs and phones.

BPDU Guard

BPDU Guard shuts down a PortFast port if it ever sees a BPDU, protecting the network from accidental loops via misconnected switches.

Best Practice

Access ports should use PortFast + BPDU Guard; trunk/switch uplinks should not. This is a common CCNA design and configuration question.

Key STP/RSTP Cisco Commands and Sample Output

Check STP Mode

Use `show spanning-tree summary` to see if the switch runs pvst, rapid-pvst, or mst and whether it is root for any VLANs.

Per-VLAN Details

`show spanning-tree vlan 10` shows the root ID, this bridge’s ID, timers, and a table of ports with their roles, states, and costs.

Reading Port Roles

In the interface table, focus on Role (Root, Desg, Altn), Sts (FWD, DSC), and Type (P2p, Edge). Edge usually means PortFast is enabled.

Troubleshooting Use

From this output, you can identify root ports, blocked/alternate ports, and confirm that access ports are configured as PortFast edge ports.

Thought Exercise: Predict the Blocked Port

Scenario Overview

Three switches (D, E, F) form a triangle with 1 Gb/s links. D and E have lower priority than F; D has the lowest MAC, so D becomes the root bridge.

Choosing Root Ports

On E and F, the direct links to root D have lower cost than any two-hop path, so the ports toward D are root ports and will forward.

Deciding the Blocked Port

On link E–F, both have equal cost to the root, so compare Bridge IDs. E wins and becomes designated; F’s port blocks to break the loop.

Your Turn

Invent your own 3-switch triangle with different priorities. Predict the root, root ports, and blocked port, then sketch to verify a single loop-free path.

Quiz 1: STP and RSTP Concepts

Answer this question to check your understanding of STP basics and RSTP improvements.

Which statement is MOST accurate about Rapid Spanning Tree Protocol (RSTP, 802.1w) compared to classic STP (802.1D) on Cisco switches?

RSTP eliminates the need for a root bridge by using equal-cost multipath forwarding at Layer 2.
RSTP converges faster than classic STP by introducing alternate and backup port roles and using a handshake mechanism instead of only timers.
RSTP uses different BPDU frame types than STP and is therefore not backward compatible with classic STP.
RSTP requires all links to operate in half-duplex mode to support rapid transition to forwarding.

Show Answer

Answer: B) RSTP converges faster than classic STP by introducing alternate and backup port roles and using a handshake mechanism instead of only timers.

RSTP keeps the root bridge concept but improves convergence by adding alternate/backup port roles and using proposal/agreement handshakes, allowing ports to transition to forwarding much faster. It remains backward compatible with classic STP and does not require half-duplex or Layer 2 ECMP.

Quiz 2: Predicting Port Roles

Test your ability to reason about STP port roles and states.

In a triangle of switches with equal-speed links, Switch X is the root bridge. On Switch Y, the port toward X is a root port and forwarding. On the Y–Z link, Switch Y has a lower path cost to the root than Switch Z. What is the most likely STP role/state of Switch Z's port on the Y–Z link?

Root port in forwarding state
Designated port in forwarding state
Non-designated (alternate) port in blocking/discarding state
Disabled port in administratively down state