Tag Archives: spanning-tree

Spanning Tree

IEEE 802.D

  • Protocol ID: 0
  • Reserved multicast MAC address 0180.C200.0000 using IEEE 802.2 LLC SAP encapsulation with both SSAP and DSAP fields equal to 0x42
  • Ignore inferior PDUs until Max_Age-Message_Age
  • TCN originated out of root port. The designated bridge receives the TCN, acknowledges it, and generates another one for its own root port. Root will send config BPDU with TCN flag set for Forward_Delay+Max_Age. Switches reduce MAC address tables aging time to Forward_Delay once the receive configuration BPDU with TC bit set. Switch originating TCN will stop it once it receives TCN ACK from upstream bridge.

Hello: 2s
Max_Age: 20s (info age out)
Forward_Delay: 15s (listening/learning states)
Message_age: Incremented every time a BPDU traverses a switch (so it might be compared to the hop count).(start at 0)
2xForward_Time (direct link falure)
2xForward_Time + (Max_Age-Message_Age) (inderect failure or BPDU timeout)

UplinkFast: Upon link failure immediately activate ALT path. Dummy mcast with known MACs as source. Set bridge PRIO and link COST to high values not to become transit.
FlexLink: Active/standby pair (switchport backup command). mac address-table move {receive|transmit} and switchport backup interface x/y mmu.
BackboneFast: Explicitly verify inferior BPDU info. RLQ queries out of all candidate paths to the current root. Root floods a positive RLQ response out of ALL its designated ports. Saves Max_Age time.
LoopGuard: If BPDUs are not received on a non-designated port (root or alternate), and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state.


Cisco switch connects to an IEEE switch using a 802.1q trunk with default native VLAN (VLAN 1)

  • CST (Common Spanning Tree) is the spanning tree built by joining a single instance from PVST+ domain (VLAN 1 instance) with MST (Mono Spanning Tree) . the spanning tree of IEEE domain.
  • The PVST+ switch sends IEEE STP BPDUs corresponding to local VLAN 1 STP to IEEE MAC address as untagged frames across the link
  • Special new SSTP (shared spanning tree, synonym to PVST+) BPDUs are being sent to SSTP multicast MAC address 0100.0ccc.cccd also untagged. These SSTP BPDUs are encapsulated using IEEE 802.2 LLC SNAP header (SSAP=DSAP=”0xAA” and SNAP PID=”0x010B”). Special TLV with the source VLAN number. IEEE switches simply flood them through the respective VLAN topology. The reason for sending additional SSTP BPDUs across VLAN 1 is purely informational, to perform consistency checking. The idea is to inform all other potential Cisco switches attached to MST cloud about our native VLAN.
  • As for non-native VLANs (VLANs 2-4095) Cisco switch sends only SSTP BPDUs, tagged with respective VLAN number and destined to the SSTP MAC address.

Cisco switch connects to IEEE switch using 802.1q trunk with non-default native VLAN (e.g VLAN 100).

  • IEEE switch sends IEEE STP BPDUs to IEEE multicast MAC address and those BPDUs are processed by VLAN 1 (CST) STP instance in the Cisco switch.
  • PVST+ side (Cisco switch) sends untagged IEEE STP BPDUs corresponding to VLAN 1 (CST) STP to IEEE MAC address across the link.
  • At the same time, VLAN 1 BPDUs are replicated to SSTP multicast address, tagged with VLAN 1 number (to inform other Cisco switches that VLAN 1 is non-native on our switch).
  • Finally, BPDUs of the native VLAN instance (VLAN 100 in our case) are sent untagged using SSTP encapsulation and destination address.
  • As in Case 1 for the remaining non-native VLANs (VLANs 2-4095) Cisco switch sends SSTP BPDU only, tagged with respective VLAN tag and destined to the SSTP MAC address.

PVST+ is used on 802.1q trunks to tunnel PVST instances across an MST (mono spanning tree) cloud and build a CST consisting of PVST VLAN 1 and IEEE MST. PVST+ BPDUs contain special TLV with the source VLAN ID, which allows interconnected switches to detect inconsitencies or misconfigurations.


IEEE 802.1W -> IEEE 802.1D-2004 standard
Protocol ID: 2

  • Simplified port states (discard -> learn -> forwarding)
  • New port roles (backup; edge)
  • Sync process

TCN only generated when non-edge link becomes forwarding. TCN causes MAC table to flush (per vlan/instance).
spanning-tree portfast default; if BPDU received – remove edge status.

Link types:
– p2p (full duplex) – use sync
– shared (half duplex) – fall back to legacy

– elect local root port
– block all non-edge designated ports
– start sync on all designated ports

Hello’s == keepalives. This gives 6 second vs 20 second Max_Age of legacy.
Topology change:
Set tcWhile == Hello + 1s on all non-edge Designated and Root ports except of the one the TCN was received
Flush MAC learned on these ports
Send TCN on these ports every Hello seconds until tcWhile expires.


IEEE 802.1S -> IEEE 802.1Q-2005 standard
Protocol ID: 3
Based on RSTP (same sync process, etc).
Max 65 instances.

1. Region Name
2. Revision number(16 bit)
3. Vlan to instance mapping(hash)

  • IST BPDU using special M-Records (one for every active MSTI) which carry root prio, designated bridge prio, port prio, root path cost in TLV.
  • Timer can only be tuned for IST. Other instances inherit it.
  • MSTP does not use MaxAge timer. Special field in BPDU – Remaining Hops. Root send BPDU with hop count equal to MaxHops (configurable value).
  • If upstream switch sends superior info but receives BPDU with designated bit set it blocks the downstream port and declares it as STP Dispute link.

Intra region:

  • Details of region are known within region.
  • Manual vlan to instance mapping.
  • Undefind vlans fall to CIST (MSTI0)

Inter region:

  • Details between regions are not known.
  • Regions are treated as virtual bridges.
  • Simplified inter-region calculations: MSTIs are collapsed into CIST

Inter region operations:

  • CIST Root is the bridge that has the lowest Bridge ID among ALL regions. This could be a bridge inside a region or a boundary switch in a region.
  • CIST Regional Root is a boundary switch elected for every region based on the shortest external path cost to reach the CIST Root. Path cost is calculated based on costs of the links connecting the regions, excluding the internal regional paths. CIST Regional Root becomes the root of the IST for the given region as well. Provides Master Port.
  • The CST connects all boundary ports and perceives every region as a single virtual bridge with the Bridge ID equal to CIST Regional Root Bridge ID.
  • Every region builds IST instance using the internal path costs using CIST Regional Root as the IST Root
  • Switches do not send M-Records (MSTI information) out of boundary ports, only CIST information.
  • Since MSTIs in every region are independent, any change affecting MSTI in one region will not affect MSTIs in other regions. This is a direct result of the fact that M-Record information is not exchanged between the regions. However, the CIST recalculations affect every region and might be slow converging.


  • MST is backward compatible with 802.1D and 802.1W.
  • Behaves like inter-region MST.
  • CST Root must be within MSTP domain:
    • Either IST BPDU must be superior for all the VLANS
    • Either IST BPDU is inferior for VLAN 1 and identical or inferior of PVST+ BPDU from all other VLANs
  • MST-PVST+: replicate all IST BPDUs to PVST+ BPDUs for all active VLANs. VLAN 1 info in the opposite direction.


  • spanning tree guard root: recovers automatically if undesired BPDUs are not received MaxAge-MessageAge or 3xHello interval for RSTP
  • spanning tree bpdufilter default: applies on EdgePorts. 1 immediate BPDU and 10 more each hello interval are sent. If no BPDUs received – ceaase sending.
  • spanning tree bpdufilter enable: Interface command. Cease sending & receiving BPDUs unconditionally.
  • Global BPDU Guard supersedes Global BPDU filter. While port-level – vice verca
  • Bridge Assurance must be enabled on both sides. BPDUs as Hellos (even for blocking). BA-inconsistient blocking state.



  • Helper for STP
  • Special frames sent to well-known MAC address 01:00:0C:CC:CC:CC
  • If no echo frame with our ID has been seen from the peer for a certain amount of time, the port is suspected to be unidirectional.
  • In Normal mode, if the physical state of port (as reported by Layer 1) is still up, UDLD marks this port as Undetermined, but does NOT shut down or disable the port, which continues to operate under it’s current STP status.
  • If UDLD is set to Agressive mode, once the switch loses it’s neighbor it actively tries to re-establish the relationship by sending a UDLD frame 8 times every 1 second. If the neighbor does not respond after that, port is considered to be unidirectional and brought to Errdisable state.
  • UDLD Aggressive will only brings link to errdisable state when it detects Bidirectional to Unidirectional state transition. This prevents link from becoming errdisabled when you configure Aggressive mode just on one side. The UDLD state of such link will be Unknown