Objectives
| # | Objective |
|---|
| 1 | Observe the default STP topology โ identify the root bridge and all port roles without any configuration |
| 2 | Manipulate bridge priority on SW1 to force it to become root bridge for VLAN 1 |
| 3 | Verify STP convergence with show spanning-tree โ confirm port roles and states |
| 4 | Open the STP Topology Explorer โ step through root election, port role assignment and loop prevention |
| 5 | Enable PortFast on access ports and protect with BPDU Guard โ understand why and what happens on violation |
| 6 | Troubleshoot: a BPDU Guard violation has been injected โ diagnose the err-disabled port and recover it |
| 7 | Knowledge check โ STP concepts, port roles and PVST |
Key Concepts
| Concept | What it means |
|---|
| STP / 802.1D | Spanning Tree Protocol โ prevents Layer 2 loops by logically blocking redundant paths while keeping the network connected. |
| Root Bridge | The switch elected as the centre of the STP tree. All other switches calculate their best path back to the root. Lowest Bridge ID wins. |
| Bridge ID | An 8-byte value: 2 bytes priority (default 32768) + 6 bytes MAC address. The switch with the lowest Bridge ID becomes root. |
| Port Roles | Root Port (RP): best path to root. Designated Port (DP): forwards frames toward root on a segment. Blocked (BP): discards frames to break the loop. |
| Port States | Blocking โ Listening โ Learning โ Forwarding (takes 30โ50 seconds in classic STP). PortFast skips to Forwarding immediately. |
| PVST+ | Per-VLAN Spanning Tree Plus โ Cisco proprietary. Runs a separate STP instance per VLAN, allowing load balancing across redundant links. |
| PortFast | Immediately moves an access port to Forwarding state โ no 30s delay. Safe only on ports connected to end devices, never to other switches. |
| BPDU Guard | Err-disables a PortFast port if it receives a BPDU (which means a switch was connected). Protects the STP topology. |
Topology โ Three Switches in a Triangle
| Link | SW1 Port | SW2 Port | STP Outcome |
|---|
| SW1 โ SW2 | Gi0/1 | Gi0/1 | Forwarding (root links) |
| SW1 โ SW3 | Gi0/2 | Gi0/2 (SW3) | Forwarding (root links) |
| SW2 โ SW3 | Gi0/3 | Gi0/3 (SW3) | One port BLOCKED |
Key Commands
| Command | Purpose |
|---|
| show spanning-tree | Full STP detail โ root ID, bridge ID, port roles and states |
| show spanning-tree vlan 1 | STP for a specific VLAN |
| show spanning-tree vlan 1 detail | Verbose โ port cost, timers, BPDUs |
| show spanning-tree summary | Quick overview across all VLANs |
| spanning-tree vlan 1 priority <n> | Set bridge priority (must be multiple of 4096) |
| spanning-tree vlan 1 root primary | Shortcut โ sets priority to win root election |
| spanning-tree portfast | Enable PortFast on an interface |
| spanning-tree bpduguard enable | Enable BPDU Guard on an interface |
| spanning-tree portfast bpduguard default | Enable BPDU Guard globally on all PortFast ports |
| show interfaces Gi0/0 status | Check if port is err-disabled |
| shutdown / no shutdown | Recover an err-disabled port |
After verifying STP convergence, click ๐ฒ STP Explorer to step through root election, port roles and loop prevention with a live annotated diagram.
Bridge priority must be a multiple of 4096: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768 (default), 36864โฆ61440. Values not matching will be rejected.