Knowledge Base

Design & Configure

Spanning Tree Protocol (STP) Configuration

The Spanning Tree Protocol (STP) is defined by IEEE standard 802.1D-1988. The STP generates a single spanning tree inside a network. Such mode proved to be useful for supporting applications and protocols in which frames are delivered out of sequence or as duplicates.

The topology is named Spanning Tree, because it is constructed as a loop-free active forwarding topology, meaning that it is a tree-type topology that spans the entire network.

The spanning tree is generated during the process of exchanging Bridge Protocol Data Units (BPDUs) between bridges in a LAN. The spanning tree algorithm functions in two following ways:

  • Computing a loop-free portion of the topology, called a spanning tree, via an automated process. The topology is dynamically pruned to the spanning tree by declaring certain redundant ports on a switch and placing them into a “blocking” state.
  • If possible, automatically recovering from a switch failure that could result in the partitioning of the extended LAN by reconfiguring the spanning tree to use redundant paths.

By default, RSTP is the mode enabled on every port of a switch. It prevents Layer 2 loops in a network.


How to configure STP?


Step 1. STP configuration

  1. Enter Global Configuration mode:
    switch# configure terminal
  2. As mentioned before, the device is in RSTP mode. Change to STP mode:
    switch(config)# spanning-tree mode stp
  3. The spanning tree is enabled on all switch ports as a default setting. If the setting has been disabled, enable it for STP:
    switch(config)# spanning-tree enable
  4. By default, all devices have the same root bridge priority, 32768 (8000 in hexadecimal), so the device with the lowest MAC address becomes the root bridge. If the device is required to be the root bridge, set the root bridge priority to a value lower than 32768. Enter a value in the range 0 to 61440. If you enter a number that is not a multiple of 4096, the switch will round the number down:
    switch(config)# spanning-tree priority <priority>


Step 2. Root Guard configuration

The Root Guard feature is responsible for verifying if the port on which it was enabled is a designated port. If the port with enabled Root Guard receives a superior BPDU, it goes to a Listening state (for STP) or discarding state (for RSTP and MSTP).

  1. Enter Interface Configuration mode for the switch ports on which the Root Guard should be enabled:
    switch(config)# interface <port-list>
  2. Enable the Guard Root feature for these ports:
    switch(config-if)# spanning-tree guard root
  3. Return to Privileged Exec mode:
    switch(config)# end


Step 3. STP configuration verification

Display the spanning tree configuration for the device and confirm the new root bridge priority (Bridge Priority):

switch# show spanning-tree [interface <port-list>]

Note that the Bridge ID is in a form like this: 8192xxxxxxxxxxxx, with other IDs following the same pattern. This ID is made up of two parts: 8192 being the devices’ root bridge priority in hexadecimal, and xxxxxxxxxxxx – the devices’ MAC address.


Looking for more manuals on STP? Check the configs below:

  1. Rapid Spanning Tree Protocol
  2. Multiple Spanning Tree Protocol
  3. Span Port Configuration

Author: Jaroslaw Banakh