What Is STP and Why Does It Exist?
Ethernet switches forward frames by flooding unknown destinations out every port except the one they arrived on. In a redundant network — where you have multiple switches connected for failover — this creates a serious problem: broadcast frames loop endlessly, consuming all available bandwidth. Without a mechanism to break loops, a single broadcast storm will bring down the entire Layer 2 domain.
Spanning Tree Protocol (STP), defined in IEEE 802.1D, solves this by logically blocking redundant paths in the network. It keeps exactly one active path between any two network segments while keeping the backup links dormant. If the active path fails, STP detects it and unblocks a redundant path — all without any administrator intervention.
Root Bridge Election
STP selects one switch as the Root Bridge — the logical center of the spanning tree. All forwarding decisions flow from this election.
Every switch has a Bridge ID (BID), which is an 8-byte value made up of:
- Bridge Priority (2 bytes) — a configurable value, default 32768
- MAC Address (6 bytes) — burned-in address of the switch
The switch with the lowest Bridge ID wins the election. Since all switches start with the same default priority, the tiebreaker is the MAC address — the lowest MAC wins. This is why in production you always set priority explicitly to control which switch becomes root.
Switch(config)# spanning-tree vlan 1 priority 4096Priority must be a multiple of 4096. Setting it lower than the default 32768 makes your switch the preferred root.
Port Roles
Once the root bridge is elected, STP assigns a role to every port in the network:
Root Port (RP)
The single port on each non-root switch that provides the best path back to the root bridge. "Best path" is determined by path cost — lower bandwidth links cost more. The switch with the lowest cumulative cost to the root wins. Only one root port per switch.
Designated Port (DP)
On every network segment, there is exactly one designated port — the port that forwards traffic toward the root. The root bridge has all designated ports. On other switches, the port with the lowest cost-to-root on that segment becomes designated.
Blocked Port (Non-Designated)
Any port that is neither a root port nor a designated port gets placed in a blocking state. It receives BPDUs but does not forward frames. This is the port that eliminates the loop.
Port States
STP ports transition through five states during convergence:
| State | Forwards Frames? | Learns MACs? | Duration |
| Blocking | No | No | Up to 20 sec |
| Listening | No | No | 15 sec |
| Learning | No | Yes | 15 sec |
| Forwarding | Yes | Yes | Stable |
| Disabled | No | No | Admin down |
The 15-second listening and learning timers are why classic 802.1D STP takes 30–50 seconds to converge after a topology change — a significant limitation in modern networks.
BPDUs — How Switches Communicate
Switches exchange Bridge Protocol Data Units (BPDUs) every 2 seconds. BPDUs carry:
- The sending switch's Bridge ID
- The root bridge's Bridge ID (as the sender knows it)
- The cumulative path cost to the root
Non-root switches do not originate BPDUs — they relay the root bridge's BPDUs with their own cost added. If a switch stops receiving BPDUs, it assumes the upstream link has failed and begins reconverging.
The Hello Time (2 sec), Forward Delay (15 sec), and Max Age (20 sec) are all set by the root bridge and carried in BPDUs.
RSTP — The Modern Improvement
Classic 802.1D's 30–50 second convergence is unacceptable for today's networks. Rapid Spanning Tree Protocol (RSTP), defined in IEEE 802.2w and later absorbed into 802.1D-2004, reduces convergence to under a second by:
- Introducing new port roles: Alternate and Backup ports (pre-computed backups)
- Allowing direct transition from Discarding → Forwarding for edge ports
- Using a proposal/agreement handshake mechanism instead of passive timers
Cisco switches run PVST+ (Per-VLAN Spanning Tree Plus) or Rapid PVST+ by default, running a separate spanning tree instance per VLAN. In modern deployments, always configure Rapid PVST+:
Switch(config)# spanning-tree mode rapid-pvstUnderstanding classic 802.1D remains essential for the CCNA exam and for troubleshooting legacy networks — but in production, RSTP is what you deploy.