802.1d – STP

1. BPDUs – Bridge Protocol Data Units

BPDUs are sent as 802.3 frames with a source address equal to the MAC address of the sending switch port and with a destination address of 01:80:C2:00:00:00. The LLC header has the DSAP and SSAP fields set to 0x42.

  • Protocol ID is set to 0x0000 (IEEE 802.1d)
  • The version can be one of 0x00 (802.1d STP), 0x02 (802.1w – RSTP) and 0x03 (802.1s – MSTP).
  • The Type field indicates wether this BPDU is a Config BPDU(0x00) or a TCN – Topology Change Notification BPDU (0x80).
  • Bit 1 in the Flags field signals a TCN BPDU, while Bit 8 in the same field signals a TC ACK.
  • Timer fields like Message Age, Max Age, Hello Time and Forward Delay are stored in units of 1/256 sec.

2. How a Bridge ID is unique in a VLAN

To find out the Base Mac Address used by STP, you can use the following command:

Sw# show version | i Mac

Also, to see Spanning Tree parameters used for each vlan, you can use:

Sw# show spanning-tree bridge
                                                   Hello  Max  Fwd
Vlan                         Bridge ID              Time  Age  Dly  Protocol
---------------- --------------------------------- -----  ---  ---  --------
VLAN0001         32769 (32768,   1) 000d.edec.9680    2    20   15  rstp
VLAN0010         32778 (32768,  10) 000d.edec.9680    2    20   15  rstp
VLAN0028         32796 (32768,  28) 000d.edec.9680    2    20   15  rstp

2.1 Traditional

This method is used by default if the switch can support 1024 unique MAC addresses for its own use. STP uses one MAC address for each instance and since the MAC address is unique, the Bridge ID becomes unique.

Traditional Bridge ID

Bridge Priority: 0 – 65535. Default: 32768

2.2 Extended

This method is used if the switch can’t use 1024 unique MAC addresses for itself. STP uses one MAC address for all instances, but uses the VLAN-ID to make the Bridge ID unique for each VLAN.

Extended Bridge ID

The Bridge ID is split into Priority Multiplier (4 bits) and VLAN-ID (12 bits). This means that the Bridge Priority is equal to 4096k + VLAN-ID. (0<=k<=15). Default BridgeID = 32768 + VLAN ID, K=8.
The use of the Extended System ID can be disabled, using:

Sw(config)# no spanning-tree extended system-id

2.3. Setting the Bridge ID

The Bridge ID can be set manually or by using a macro:

! Manual:
Sw(config)# spanning-tree vlan VLAN-LIST priority BRIDGE-PRIORITY
! Macro:
Sw(config)# spanning-tree vlan VLAN-LIST root {primary | secondary} [diameter DIA]

The macro command will use the following algorithm to determine what BRIDGE-PRIORITY to assign the switch:

  • For primary:
    • If the current Root Bridge Priority is more than 24576 (k=6), then set the BRIDGE-PRIORITY to 24756
    • If the current Root Bridge Priority is less than or equal to 24576 then set the BRIDGE-PRIORITY to a value 4096 less than the current Root Bridge Priority
    • If the BRIDGE-PRIORITY should be set to less than 4096, then the macro command will fail and the priority should be manually set.
  • For secondary:
    • Sets the BRIDGE-PRIORITY to 28762 (k=7).

Using the root macro will overwrite any custom STP timers that were configured

3. Port Cost

In early implementations, a linear scale is used for the cost of a link:
Cost = {1000 Mbps}/{Port Bandwidth}
The disadvantage of using such a formula is that links with bandwidth higher than 1 Gbps (1000 Mbps) were considered of equal cost (1).
Nowadays, a non-linear scale is used, according to the following table:

Bandwidth STP Cost
4 Mbps 250
10 Mbps 100
16 Mbps 62
45 Mbps 39
100 Mbps 19
155 Mbps 14
622 Mbps 6
1 Gbps 4
10 Gbps 2

To modify the default port cost, use:

Sw(config-if)# spanning-tree [vlan VLAN-LIST] cost COST
! cost: 1-65535
! the cost can be set for all vlans, or just for the ones in the VLAN-LIST

To verify, use:

Sw# show spanning-tree interface INTERFACE [cost]
Vlan             Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
VLAN0010         Desg FWD 19        128.48   P2p
VLAN0028         Desg FWD 19        128.48   P2p
VLAN0030         Desg FWD 19        128.48   P2p

Setting the port cost is a method of influencing which ports are in FWD and which are in BLK state on a switch. Setting the cost on the downstream switch will influence the port election on that switch.

4. Port ID

The Port ID is a combination of Port Priority and Port Number. The Port Priority can be set as multiples of 16 in the range 0-255. Default value is 128. The Port Number is also in the range 0-255.
You cannot change the port Number, but you can change its priority, using:

Sw(config-if)# spanning-tree [vlan VLAN-LIST] port-priority PORT-PRIORITY

To verify, use:

Sw# show spanning-tree interface INTERFACE
Vlan             Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
VLAN0010         Desg FWD 19        128.48   P2p
VLAN0028         Desg FWD 19        128.48   P2p
VLAN0030         Desg FWD 19        128.48   P2p

To see the Upstream port priority, look for ‘designated port id X.X’ when using:

Sw# show spanning-tree [vlan VLAN-ID] [interface INTERFACE] detail
 Port 48 (FastEthernet0/48) of VLAN0010 is forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.48.
   Designated root has priority 32778, address 000a.f472.f380
   Designated bridge has priority 32778, address 000d.edda.eb80
   Designated port id is 128.48, designated path cost 4
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 69469, received 5

A lower port priority is preferred. This method is used to influence the election of a forwarding port on a downstream switch, by setting a lower priority for a port on the upstream switch.

5. Determining the Best BPDU

The best BPDU is chosen using the following algorithm:

  1. Lowest Root Bridge ID
  2. Lowest Path Cost to the Root Bridge
  3. Lowest Sender Bridge ID
  4. Lowest Sender Port ID
  5. Lowest Receiver Port ID – not part of the BPDU, but evaluated locally

The BPDU mechanism works as follows:

  1. When starting up, all switches think they are the Root Bridge. In 802.1d, as long as a switch thinks it is the Root Bridge, it will generate Config BPDUs every HelloTime and will send them out all (designated) ports, towards the other switches
  2. If a switch receives a BPDU with a lower ID in the Root Bridge field, it will not consider itself anymore as the Root Bridge and will stop sending config BPDUs with itself as Root. It will only send out the Designated ports a modified version of the Config BPDUs received from the Root Bridge (on the Root Port).
  3. A switch will not send BPDUs out on a port as long as it receives better BPDUs than the ones it would out that port. If better BPDUs are not received for a period of time (MaxAge = 20 sec default), the local port can once again send BPDUs.
  4. As an exception, if a switch receives an inferior BPDU on a Designated Port, it will send a BPDU out that port to update the other switch

6. STP Convergence

The STP Convergence is achieved in 3 steps:

  1. Elect a Root Bridge
  2. Elect Root Ports
  3. Elect Designated Ports

6.1 Electing a Root Bridge

When they first boot, all switches start sending BPDUs with themselves as the Root, until they receive a BPDU with a lower Bridge ID. In the end, all switches will receive BPDUs with the lowest Bridge ID as the Root Bridge. This Bridge will be considered the Root Bridge.

6.2 Port Roles

To see the role of a port in Spanning Tree, use:

Sw# show spanning-tree interface INTERFACE

6.2.1 Root Ports

The Root port is the port on the switch that has the best path to the Root Bridge. Unless the switch considers itself to be the Root Bridge, each switch will elect one port as the Root Port for each STP instance. The port where the best BPDU is received will be the Root Port. The Root Ports will transit to the forwarding state – FWD

6.2.2 Designated Ports

On each segment, there are usually 2 or more switches. At first, each switch will think it is the designated switch on the segment, and will forward BPDUs on the segment. Eventually, all switches on the segment will find which is the switch that sends the best BPDUs on the segment. This switch will become the Designated Bridge and the port that sends the best BPDU on the segment will become the Designated Port.
All ports on the Root Bridge should become Designated Ports, unless there is a loop connecting 2 ports on the Root Bridge.
The Designated ports will transit to the forwarding state – FWD

6.2.3 Backup Ports

All non-Root and non-Designated ports become Backup Ports.
All Backup ports will transit to the Blocked State – BLK.

6.3 Port States

In 802.1d, there are 4 port states in addition to the Disabled state where the port is shut down or not participating in the STP process.

  • Blocking State – BLK
  • Listening State – LIS
  • Learning State – LRN
  • Forwarding State – FWD

To transit from BLK to FWD, one port must go through the LIS and LRN phase.
Ports can directly transition from all other states to the BLK state.
To see the state of a port in spanning tree, use:

Sw# show spanning-tree interface INTERFACE
Sw# debug spanning-tree switch state

6.3.1 Blocking State – BLK

All ports start in the BLK State. Ports can transition to the LIS state if they are elected to become Designated or Root ports. This is done only in the following situations:

  • if the port does not receive better BPDUs than the ones it would send for a MaxAge period (Default: 20 sec)
  • immediately in case of direct failures of the local root/designated port, based on port priority rules

Ports in the BLK state can only receive BPDUs. Receiving no BPDUs in a MaxAge period will transition the port to the LIS state. All Backup ports are immediately put in the BLK state.

6.3.2 Listening State – LIS

Once in the LIS State, a port can both send and receive BPDUs, but it cannot forward data. Ports in the LIS state will transition back to the BLK state if they lose their Designated or Root status. This can only happen if they receive better BPDUs.
Ports in the LIS state will transition to the LRN state if they don’t receive better BPDUs in a Forward Delay period (Default: 15 sec).

6.3.3 Learning State – LRN

Once in the LRN state, a port can both send and receive BPDUs, it still cannot forward data, but it will build its MAC address table based on the traffic it receives. Ports in the LRN state will transition back to the Blocking state if they lose their Designated or Root status. This can only happen if they receive better BPDUs.
Ports in the LRN state will transition to the FWD state if they don’t receive better BPDUs in a Forward Delay period (Default: 15 sec).

6.3.4 Forwarding State – FWD

Root and Designated ports end up in the forwarding state. This state permits the port to send and receive BPDUs, but also to forward traffic (finally). A port in the Forwarding State can only move to the blocking state if it becomes a Backup port (loses its Designated or Root status).
When a port first initializes it will take up to 50 seconds for it to get to the FWD state:
MaxAge_BLK+FwdDelay_LIS+FwdDelay_LRN = 20+15+15 = 50 sec

! Example on a Root Bridge
SW1 #show spanning-tree [brief] [vlan VLAN-ID]
VLAN1
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     aaaa.aaaa.aaaa
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     aaaa.aaaa.aaaa
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/13     128.54   128    19 FWD     0 32768 aaaa.aaaa.aaaa 128.54
FastEthernet1/15     128.56   128    19 FWD     0 32768 aaaa.aaaa.aaaa 128.56

! Example on a non-root Bridge:
SW2#show spanning-tree [brief] [vlan VLAN-ID]

VLAN1
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     aaaa.aaaa.aaaa
             Cost        19
             Port        54 (FastEthernet1/13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     cccc.cccc.cccc
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/13     128.54   128    19 FWD     0 32768 aaaa.aaaa.aaaa 128.54
FastEthernet1/15     128.56   128    19 BLK    19 32768 bbbb.bbbb.bbbb 128.55

7. TCN – Topology Change Notification

There are 2 types of BPDUs.

  • Config BPDUs are generated by the Root Bridge and go downstream to the Spanning Tree’s leafs.
  • TCN BPDUs go upstream towards the Root Bridge and are the only BPDUs sent out the Root Port.

How TCN BPDUs work:

  1. A bridge originates a TCN BPDU if:
    • It transitions a port into FWD state and it has at least one Designated Port
    • It transitions a port form FWD or LRN to BLK state
  2. A bridge will send TCN BPDUs every Hello Time (locally configured) until the TCN is acknowledged.
  3. The upstream bridge sets the TCN ACK flag in it’s next BPDU that it sends downstream to acknowledge the TCN BPDU received.
  4. The upstream bridge propagates the TCN BPDU out its Root Port.
  5. When the TCN BPDU arrives at the Root Bridge, the Root Bridge sets the TCN Acknowledgement flag and the Topology Change flag in the next Configuration BPDU.
  6. These flags instructs all bridges to shorten their bridge table aging process from the default 300 sec to the current FwdDelay, thus reducing the convergence time from 300 sec to 50 sec.
  7. The Root Bridge continues to set the TCN flag in all its Config BPDUs for the total of FwdDealy + MaxAge (default:35 sec)

8. STP Timers

Timers can only be modified on the Root Bridge. Timer values are carried in Config BPDUs. Modifications on other bridges will be ignored until they become Root Bridge.

8.1 Hello Time

HelloTime is the time between Config BPDUs sent by the Root Bridge. It is also the interval between TCN BPDUs until the bridge receives a TCN ACK. Default: 2 sec. Lowering Hello Time to 1 sec does not improve convergence
Hello Time can be set manually:

Sw(config)# spanning-tree [vlan VLAN-LIST] hello-time SEC
!hello_time: 1 - 10, default: 2

or by using a macro:

Sw(config)# spanning-tree vlan VLAN-LIST root {primary | secondary} [diameter DIAMETER] [hello-time SEC]

8.2 Forward Delay

FwdDelay is the duration of Listening and Learning States. Also, when a bridge receives a BPDUs with TC flag set, it will set the bridge table aging period to FwdDelay. Default: 15 sec (This value was calculated using a max radius of 7 bridges, a Hello Time of 2 sec and a max of 3 lost BPDUs).
RFC dictates that time spent in the LIS and LRN states must be equal.
A simplified formula for FwdDelay calculation is:
FwdDelay = (4*HELLO + 3*DIAMETER)/2
For details, see Cisco’s article on Understanding and Tuning Spanning Tree Protocol Timers

Default FwdDelay is 15 sec. You can change it with:

Sw(config)# spanning-tree [vlan VLAN-LIST] forward-delay SEC
!SEC: 4 - 30, default: 15

8.3 Max Age

How much time is the Best BPDU stored. If the Best BPDU is not received anymore, it is aged out, and a new Root/Designated Port Election will take place. Convergence is achieved in maximum 50 sec(20+15+15). Direct failures can make the port skip the Max Age timer and put another port directly into a Listening State. In the latter case, convergence is achieved in 30 sec(15+15)
A simplified formula for Max Age is:
MaxAge = 4*HELLO + 2*DIAMETER - 2

For details, see Cisco’s article on Understanding and Tuning Spanning Tree Protocol Timers

The default MaxAge value is 20 sec. To change it, use:

Sw(config)# spanning-tree [vlan VLAN-LIST] max-age SEC
! SEC: 6 - 40, default: 20

8.4 Message Age

Message Age is set to 0 on BPDUs originated by the Root Bridge. Bridges that process BPDUs will increment this value by 1 at every bridge hop before forwarding the BPDU.
If BPDUs from the Root are missed, the switch will count the missed BPDUs and when a BPDU from the root is finally received, it will increment this value once for each missed BPDU.

8.5 Bridge Table Aging Time

When a BPDU with TCN is received, the Bridge Table Aging Time will change from 300 sec to FwdDelay to reduce convergence time.

9. Cisco STP Enhancements

9.1 Portfast

This feature enables the transition of a port from the BLK state directly to the FWD state, bypassing LIS and LRN states. This feature should only be used on access ports where only one host is connected.
Transitions from FWD to BLK or BLK to FWD on ports configured as portfast do not generate TCN BPDUs out the Root Port. Ports configured as Portfast still run spanning tree in order to block a potential loop, so they still send BPDUs.
BPDU Guard and BPDU Filter can be enabled on portfast ports.
To enable the portfast status of a port, you can use the command:

Sw(config-if)# spanning-tree porfast

You can also use a macro that enables portfast, sets the port to access mode and disables PAgP

Sw(config-if)# switchport host

The last option is to use a global command that will enable portfast for all non-trunking ports:

Sw(config)# spanning-tree portfast default

To verify, use:

Sw# show spanning-tree interface INTERFACE portfast

When portfast is off, convergence is achieved in 50 sec, and when it is on, it is instant.

9.2 Uplink Fast

If a switch has multiple uplinks that lead to the Root Bridge, only one of them will be elected as the Root Port, and all others will be Backup Ports. When the primary uplink fails, a new one will be elected as the Root Port, but it still has to go from BLK through LIS and LRN states, before reaching the FWD state.
The Uplink Fast feature enables leaf-mode switches at the end of the spanning tree branches to have a functioning Root Port while keeping one or more redundant or potential Root Ports in Blocking state. When the primary root port uplink fails, the next lowest Root Path Cost port is unblocked and used without delay.
Uplink Fast is enabled per switch, on all VLANs. To enable it, use:

Sw(config)# spanning-tree uplink-fast [max-update-rate PPS]
!PPS: 0-65535. Default: 150

The command will not be allowed on the Root Bridge. When entering this command the switch will automatically:

  • Raise Bridge Priority to 49152 (k=12) to make sure that this switch does not become the Root Bridge and that the switch is not used as a transit switch to get to the Root Bridge
  • Increment Port Cost by 3000 making the ports undesirable as paths to the root for any downstream switches.

If the root port fails and uplink fast is enabled, as soon as a new root port is elected, the switch will sends multicast frames to 0100.0CCD.CDCD on behalf of all entries in the CAM table so that upstream switches can learn about the new uplink. These frames are sent at a configurable rate (max-update-rate). If the rate is set to 0, these frames are not sent.
To verify:

Sw# show spanning-tree uplink-fast

Uplink Fast reduces convergence in case of direct failures from 30-50 sec down to zero.

9.3 Backbone Fast

It helps STP to converge faster, in case of indirect link failure.
A switch detects an indirect link failure when it receives inferior BPDUs from the Designated Bridge on a Root Port or a Blocked Port. When this happens, the switch will use the RLQ(Root Link Query) protocol to see if upstream switches have a stable path to the Root Bridge. RLQ is enabled only when Backbone Fast is enabled, so you must use Backbone Fast on all switches in the network:

Sw(config)# spanning-tree backbone-fast

To verify:

Sw# show spanning-tree backbone-fast

If backbone fast is enabled, when the switch receives an inferior BPDU:

  • If the inferior BPDU came on a Blocked Port – The switch considers the Root Port and all other blocked ports as alternate paths to the Root Bridge. It starts using RLQ
  • If the inferior BPDU came on the Root Port
    • If there are no Blocked Ports – The switch assumes it is the Root Bridge – This is done quicker than by using the default MaxAge mechanism
    • If there are Blocked Ports – The switch considers all Blocked Ports as alternate paths to the Root Brige. It starts using RLQ

9.3.1 RLQ – Root Link Queries

RLQ Requests are sent out all alternate paths.
When a switch receives a RLQ request it will send a RLQ reply if it thinks it is the Root Bridge (it actually is or it lost connectivity to the Root Bridge). In any other case, it will relay the RLQ request to all other connected switches.
The switch that send the RLQ Request will eventually receive a RLQ Reply from the Root Bridge.

  • If the reply came on the current Root Port, than the path to the Root is stable.
  • If the reply came on a non-Root Port, then an alternate path must be used. MaxAge will immediately expire so the port will go directly to the LIS state and from there to LRN and FWD. This way, convergence in case of indirect failure is reduced from 50 to 30 sec.

10. Protection Mechanisms

10.1 Root Guard

Root Guard should be used on ports where you do not expect root bridges to appear. It will protect against better BPDUs on ports where the Root Bridge should not be found.
If better BPDUs are received on a Root Guard enabled port, the switch will move the port in a “Root-inconsistent” state. In this state, no data is sent or received, but the switch can listen to BPDUs. If BPDUs are not received anymore, the port enters normal STP cycle.

Sw(config-if)# spanning-tree guard root
Sw# show spanning-tree inconsistent-ports
Name                 Interface              Inconsistency
-------------------- ---------------------- ------------------
VLAN0021             FastEthernet0/1            Root Inconsistent

Number of inconsistent ports (segments) in the system : 1

Another indication can be seen while looking at the spanning tree data for the VLAN:

Sw# show spanning-tree vlan 21 | b Interface
Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg BKN*100       128.66   Shr *ROOT_Inc 
! The port is blocked with the status ROOT_Inc

10.2 BPDU Guard

BPDU Guard is a feature that protects against any BPDUs received. If any BPDUs are received on such ports, they are immediately put into errdisable state.
In errdisable state, the ports are shutdown and have to be manually re-enabled (shut/no shut) or they have to wait for errdisable to timeout.
By default, BPDU Guard will shutdown all VLANs on the port, but it can be configured to disable only the offending VLAN if you configure:

Sw(config)# errdisable detect cause bpduguard shutdown vlan

BPDU Guard can be enabled per port, regardless of the portfast status:

Sw(config-if)# spanning-tree bpduguard enable

or it can be enabled globally on every portfast port, using:

Sw(config)# spanning-tree portfast bpduguard default

To enable auto-recovery for bpduguard errordisabled ports, use:

Sw(config)# errdisable recovery cause bpduguard
! To configure the auto-recovery interval:
Sw(config)# errdisable recovery interval INTERVAL
! default 300 sec

10.3 BPDU Filter

BPDU Filter disables sending and receiving of BPDUs on the ports it is configured on. It is as if STP is not runnning on those ports. BPDU Filtering can be be enabled globally or per port, but there is a difference in how it works:
To enable BPDU Filtering for all portfast ports:

Sw(config)# spanning-tree portfast bpdufilter default

This way, all portfast ports will stop sending BPDUs. If a BPDU is received on a PortFast port with BPDU filtering, the port will lose its portfast status and will disable BPDU filtering. It will now work like a normal STP port.

You can also enable BPDU filtering on each port, regardless of the portfast status.

Sw(config-if)# spanning-tree bpdufilter {enable | disable}

This way, the port acts as if STP is disabled and may lead to loops in the network.

10.4 Loop Guard

When enabled, it keeps track of the BPDU activity on non-designated ports. As long as BPDUs are received, the port is allowed to behave normally. When BPDUs go missing, Loop Guard moves the port into Loop-inconsistent state, so that it cannot go into FWD after MaxAge expires.
To enable Loop Guard, use:

!Per port:
Sw(config-if)# spanning-tree guard loop
!Globally
Sw(config)# spanning-tree loopguard default

10.5 UDLD

UDLD is a Cisco proprietary feature that interactively monitors a port to see if the link is truly bidirectional. UDLD expects the far-end switch to echo these frames back across the same link, with the far-end switch port’s identification added. If echoes are not seen back, the link is considered unidirectional.
There are 2 modes of operation:

  • Normal: when an uni-directional link is detected, the port is allowed to continue operations. The port is marked in an undetermined state and a syslog message is generated.
  • Aggressive: when an uni-directional link is detected, the port sends 8 UDLD messages, once a second. If none is echoed back, the port is put in errdisable state

UDLD doesn’t do anything until the other switch echoes back messages. So, unless UDLD worked before, the link won’t be disabled.
UDLD can be enabled globally for all optic links, using:

Sw(config)# udld {enable|aggressive}

or it can be enabled on each port, regardless of type, using:

Sw(config-if)# udld {enable|aggressive|disable}
The time between probe messages can be adjusted globally with:
Sw(config)# udld message time SEC

To verify, use:

Sw# show udld INTERFACE

To reset all ports blocked by UDLD, use:

Sw# udld reset

11. IEEE, PVST and PVST+

Originally, IEEE adopted the 802.1d Spanning Tree standard. BPDUs were carried over 802.1q links as untagged frames. This means that only one STP instance was supported. This was known as the MST (Mono Spanning Tree) or CST (Common Spanning Tree)
Cisco decided to run one 802.1d instance on each VLAN, resulting in PVST (Per VLAN Spanning Tree). PVST runs only on ISL trunks so it was not inter-operable with IEEE 802.1d
In the end, Cisco came up with PVST+ a version of PVST that runs also on 802.1q links and is interoperable with IEEE 802.1d.
PVST+ sends different BPDUs for each VLAN. The IEEE 802.1d version sends one BPDU regardless of the number of VLANs. When a Cisco switch connects to a IEEE region, it will exchange untagged BPDUs over the native VLAN with the CST instance and will encapsulate BPDUs for the other VLANs inside a multicast frame that will be forwarded by the IEEE switches out all ports, eventually reaching other Cisco Switches that will understand their special meaning. This mode of tunneling is possible because the VLAN ID information is added to the frame as a TLV field.
PVST+ is the default spanning tree mode running on Cisco switches. If MST or rapid-pvst was enabled, you can re-enable PVST+ using:

Sw(config)# spanning-tree mode pvst

Leave a Reply

Your email address will not be published. Required fields are marked *