Configuring STP


This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on the Cisco ME 3400E Ethernet Access switch. The switch can use the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard. On the Cisco ME switch, STP is enabled by default on network node interfaces (NNIs). It is disabled by default, but can be enabled, on enhanced network interfaces (ENIs). User network interfaces (UNIs) on the switch do not participate in STP. UNIs and ENIs on which STP is not enabled immediately forward traffic when they are brought up.

For information about the Multiple Spanning Tree Protocol (MSTP) and how to map multiple VLANs to the same spanning-tree instance, see Chapter 16, "Configuring MSTP." For information about other spanning-tree features such as Port Fast, root guard, and so forth, see Chapter 17, "Configuring Optional Spanning-Tree Features."


Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release.


This chapter consists of these sections:

Understanding Spanning-Tree Features

Configuring Spanning-Tree Features

Displaying the Spanning-Tree Status

Understanding Spanning-Tree Features

STP Overview

Spanning-Tree Topology and BPDUs

Bridge ID, Switch Priority, and Extended System ID

Spanning-Tree Interface States

How a Switch or Port Becomes the Root Switch or Root Port

Spanning Tree and Redundant Connectivity

Spanning-Tree Address Management

Accelerated Aging to Retain Connectivity

Spanning-Tree Modes and Protocols

Supported Spanning-Tree Instances

Spanning-Tree Interoperability and Backward Compatibility

STP and IEEE 802.1Q Trunks

For configuration information, see the "Configuring Spanning-Tree Features" section.

For information about optional spanning-tree features, see Chapter 17, "Configuring Optional Spanning-Tree Features."

STP Overview

STP is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages. Switches might also learn end-station MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network. Spanning-tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology:

Root—A forwarding port elected for the spanning-tree topology

Designated—A forwarding port elected for every switched LAN segment

Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree

Backup—A blocked port in a loopback configuration


Note On the Cisco ME 3400E switch, only NNIs and ENIs on which STP has been enabled participate in STP. Active UNIs and ENIs on which STP is not enabled are always in the forwarding state. In this overview, STP ports can be any interfaces on other switches, but only NNIs or STP-enabled ENIs on a Cisco ME switch.


The switch that has all of its ports as the designated role or the backup role is the root switch. The switch that has at least one of its ports in the designated role is called the designated switch.

Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path. Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at regular intervals. The switches do not forward these frames but use them to construct a loop-free path. BPDUs contain information about the sending switch and its ports, including switch and MAC addresses, switch priority, port priority, and path cost. Spanning tree uses this information to elect the root switch and root port for the switched network and the root port and designated port for each switched segment.

When two ports on a switch are part of a loop, the spanning-tree port priority and path cost settings control which port is put in the forwarding state and which is put in the blocking state. The spanning-tree port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed.


Note The switch sends keepalive messages (to ensure the connection is up) only on interfaces that do not have small form-factor pluggable (SFP) modules.


Spanning-Tree Topology and BPDUs

The stable, active spanning-tree topology of a switched network is controlled by these elements:

The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch.

The spanning-tree path cost to the root switch.

The port identifier (port priority and MAC address) associated with each Layer 2 STP-enabled interface.

When the switches in a network are powered up, each functions as the root switch. Each switch sends a configuration BPDU through all of its ports, or on the Cisco ME switch, only through the STP-enabled ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains this information:

The unique bridge ID of the switch that the sending switch identifies as the root switch

The spanning-tree path cost to the root

The bridge ID of the sending switch

Message age

The identifier of the sending interface

Values for the hello, forward delay, and max-age protocol timers

When a switch receives a configuration BPDU that contains superior information (lower bridge ID, lower path cost, and so forth), it stores the information for that port. If this BPDU is received on the root port of the switch, the switch also forwards it with an updated message to all attached LANs for which it is the designated switch.

If a switch receives a configuration BPDU that contains inferior information to that currently stored for that port, it discards the BPDU. If the switch is a designated switch for the LAN from which the inferior BPDU was received, it sends that LAN a BPDU containing the up-to-date information stored for that port. In this way, inferior information is discarded, and superior information is propagated on the network.

A BPDU exchange results in these actions:

One switch in the network is elected as the root switch (the logical center of the spanning-tree topology in a switched network).

For each VLAN, the switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch. The switch priority value occupies the most significant bits of the bridge ID, as shown in Table 15-1.

A root port is selected for each switch (except the root switch). This port provides the best path (lowest cost) when the switch forwards packets to the root switch.

The shortest distance to the root switch is calculated for each switch based on the path cost.

A designated switch for each LAN segment is selected. The designated switch incurs the lowest path cost when forwarding packets from that LAN to the root switch. The port through which the designated switch is attached to the LAN is called the designated port. For the Cisco ME switch, this only applies to NNIs or to ENIs on which STP has been specifically enabled.

All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode.

Bridge ID, Switch Priority, and Extended System ID

The IEEE 802.1D standard requires that each switch has an unique bridge identifier (bridge ID), which controls the selection of the root switch. Because each VLAN is considered as a different logical bridge with PVST+ and rapid PVST+, the same switch must have as many different bridge IDs as VLANs configured on it. Each VLAN on the switch has a unique 8-byte bridge ID. The two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC address.

The switch supports the IEEE 802.1t spanning-tree extensions, and some of the bits previously used for the switch priority are now used as the VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs can be supported, all while maintaining the uniqueness of the bridge ID. As shown in Table 15-1, the two bytes previously used for the switch priority are reallocated into a 4-bit priority value and a 12-bit extended system ID value equal to the VLAN ID.

Table 15-1 Switch Priority Value and Extended System ID

Switch Priority Value
Extended System ID (Set Equal to the VLAN ID)
Bit 16
Bit 15
Bit 14
Bit 13
Bit 12
Bit 11
Bit 10
Bit 9
Bit 8
Bit 7
Bit 6
Bit 5
Bit 4
Bit 3
Bit 2
Bit 1

32768

16384

8192

4096

2048

1024

512

256

128

64

32

16

8

4

2

1


Spanning tree uses the extended system ID, the switch priority, and the allocated spanning-tree MAC address to make the bridge ID unique for each VLAN.

Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN. For example, when you change the switch priority value, you change the probability that the switch will be elected as the root switch. Configuring a higher value decreases the probability; a lower value increases the probability. For more information, see the "Configuring the Root Switch" section, the "Configuring a Secondary Root Switch" section, and the "Configuring the Switch Priority of a VLAN" section.

Spanning-Tree Interface States

Propagation delays can occur when protocol information passes through a switched LAN. As a result, topology changes can take place at different times and at different places in a switched network. When an STP port transitions directly from nonparticipation in the spanning-tree topology to the forwarding state, it can create temporary data loops. Interfaces must wait for new topology information to propagate through the switched LAN before starting to forward frames. They must allow the frame lifetime to expire for forwarded frames that have used the old topology.

Each Layer 2 interface on a switch using spanning tree exists in one of these states:

Blocking—The interface does not participate in frame forwarding.

Listening—The first transitional state after the blocking state when the spanning tree determines that the interface should participate in frame forwarding.

Learning—The interface prepares to participate in frame forwarding.

Forwarding—The interface forwards frames.

Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port.


Note On a Cisco ME switch, UNIs are always in the forwarding state. ENIs in the default STP mode (disabled) are also in forwarding state, but you can enable STP on an ENI.


A port participating in spanning tree moves through these states:

From initialization to blocking

From blocking to listening or to disabled

From listening to learning or to disabled

From learning to forwarding or to disabled

From forwarding to disabled

Figure 15-1 illustrates how an interface moves through the states.

Figure 15-1 Spanning-Tree Interface States

When you power up the switch, spanning tree is enabled by default, and every NNI in the Cisco ME switch (and every ENI on which STP has been enabled), as well as any other port in other switches in the VLAN or network that are participating in spanning tree, goes through the blocking state and the transitory states of listening and learning. Spanning tree stabilizes each interface at the forwarding or blocking state.


Note UNIs are shut down by default, and when they are brought up, they immediately start forwarding traffic. ENIs act the same as UNIs unless you have specifically enabled STP on the port.


When the spanning-tree algorithm places a Layer 2 spanning-tree interface in the forwarding state, this process occurs:

1. The interface is in the listening state while spanning tree waits for protocol information to transition the interface to the blocking state.

2. While spanning tree waits the forward-delay timer to expire, it moves the interface to the learning state and resets the forward-delay timer.

3. In the learning state, the interface continues to block frame forwarding as the switch learns end-station location information for the forwarding database.

4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled.

Blocking State

A Layer 2 interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU is sent to each switch interface, or to each switch STP port. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root switch. If there is only one switch in the network, no exchange occurs, the forward-delay timer expires, and the interface moves to the listening state. An interface participating in spanning tree always enters the blocking state after switch initialization.

An interface in the blocking state performs these functions:

Discards frames received on the interface

Discards frames switched from another interface for forwarding

Does not learn addresses

Receives BPDUs

Listening State

The listening state is the first state a Layer 2 interface enters after the blocking state. The interface enters this state when the spanning tree decides that the interface should participate in frame forwarding.

An interface in the listening state performs these functions:

Discards frames received on the interface

Discards frames switched from another interface for forwarding

Does not learn addresses

Receives BPDUs

Learning State

A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the learning state from the listening state.

An interface in the learning state performs these functions:

Discards frames received on the interface

Discards frames switched from another interface for forwarding

Learns addresses

Receives BPDUs

Forwarding State

A Layer 2 interface in the forwarding state forwards frames. The interface enters the forwarding state from the learning state.

An interface in the forwarding state performs these functions:

Receives and forwards frames received on the interface

Forwards frames switched from another interface

Learns addresses

Receives BPDUs

Disabled State

A Layer 2 interface in the disabled state does not participate in frame forwarding or in the spanning tree. An interface in the disabled state is nonoperational.

A disabled interface performs these functions:

Discards frames received on the interface

Discards frames switched from another interface for forwarding

Does not learn addresses

Does not receive BPDUs

How a Switch or Port Becomes the Root Switch or Root Port

If all switches in a network are enabled with default spanning-tree settings, the switch with the lowest MAC address becomes the root switch. In Figure 15-2, Switch A is elected as the root switch because the switch priority of all the switches is set to the default (32768) and Switch A has the lowest MAC address. However, because of traffic patterns, number of forwarding interfaces, or link types, Switch A might not be the ideal root switch. By increasing the priority (lowering the numerical value) of the ideal switch so that it becomes the root switch, you force a spanning-tree recalculation to form a new topology with the ideal switch as the root.

Figure 15-2 Spanning-Tree Topology

When the spanning-tree topology is calculated based on default parameters, the path between source and destination end stations in a switched network might not be ideal. For instance, connecting higher-speed links to an interface that has a higher number than the root port can cause a root-port change. The goal is to make the fastest link the root port.

For example, assume that one port on Switch B is a Gigabit Ethernet link and that another port on Switch B (a 10/100 link) is the root port. Network traffic might be more efficient over the Gigabit Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port.

Spanning Tree and Redundant Connectivity

You can create a redundant backbone with spanning tree by connecting two switch interfaces that are participating in spanning tree to another device or to two different devices, as shown in Figure 15-3. Spanning tree automatically disables one interface but enables it if the other one fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value.

Figure 15-3 Spanning Tree and Redundant Connectivity

You can also create redundant links between switches by using EtherChannel groups. For more information, see Chapter 35, "Configuring EtherChannels and Link-State Tracking."

Spanning-Tree Address Management

IEEE 802.1D specifies 17 multicast addresses, ranging from 0x00180C2000000 to 0x0180C2000010, to be used by different bridge protocols. These addresses are static addresses that cannot be removed.

Regardless of the spanning-tree state, each switch receives but does not forward packets destined for addresses between 0x0180C2000000 and 0x0180C200000F.

If spanning tree is enabled, the CPU on the switch receives packets destined for 0x0180C2000000 and 0x0180C2000010. If spanning tree is disabled, the switch forwards those packets as unknown multicast addresses.

Accelerated Aging to Retain Connectivity

The default for aging dynamic addresses is 5 minutes, the default setting of the mac address-table aging-time global configuration command. However, a spanning-tree reconfiguration can cause many station locations to change. Because these stations could be unreachable for 5 minutes or more during a reconfiguration, the address-aging time is accelerated so that station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures.

Because each VLAN is a separate spanning-tree instance, the switch accelerates aging on a per-VLAN basis. A spanning-tree reconfiguration on one VLAN can cause the dynamic addresses learned on that VLAN to be subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch.

Spanning-Tree Modes and Protocols

The switch NNIs and ENIs with STP enabled support these spanning-tree modes and protocols:

PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions. It is the default spanning-tree mode used on most Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.

The PVST+ provides Layer 2 load balancing for the VLAN on which it runs. You can create different logical topologies by using the VLANs on your network to ensure that all of your links are used but that no one link is oversubscribed. Each instance of PVST+ on a VLAN has a single root switch. This root switch propagates the spanning-tree information associated with that VLAN to all other switches in the network. Because each switch has the same information about the network, this process ensures that the network topology is maintained.

Rapid PVST+—This spanning-tree mode is the same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. This is the default spanning-tree mode for the Cisco ME switch NNIs. Rapid PVST+ is compatible with PVST+. To provide rapid convergence, the rapid PVST+ immediately deletes dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for dynamically learned MAC address entries.

The rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only minimal extra configuration. The benefit of rapid PVST+ is that you can migrate a large PVST+ install base to rapid PVST+ without having to learn the complexities of the MSTP configuration and without having to reprovision your network. In rapid-PVST+ mode, each VLAN runs its own spanning-tree instance up to the maximum supported.

MSTP—This spanning-tree mode is based on the IEEE 802.1s standard. You can map multiple VLANs to the same spanning-tree instance, which reduces the number of spanning-tree instances required to support a large number of VLANs. The MSTP runs on top of the RSTP (based on IEEE 802.1w), which provides for rapid convergence of the spanning tree by eliminating the forward delay and by quickly transitioning root ports and designated ports to the forwarding state. You cannot run MSTP without RSTP.

The most common initial deployment of MSTP is in the backbone and distribution layers of a Layer 2 switched network. For more information, see Chapter 16, "Configuring MSTP."

For information about the number of supported spanning-tree instances, see the next section.

Supported Spanning-Tree Instances

In PVST+ or rapid-PVST+ mode, the switch supports up to 128 spanning-tree instances.

In MSTP mode, the switch supports up to 65 MST instances. The number of VLANs that can be mapped to a particular MST instance is unlimited.

Spanning-Tree Interoperability and Backward Compatibility

Table 15-2 lists the interoperability and compatibility among the supported spanning-tree modes in a network.

Table 15-2 PVST+, MSTP, and Rapid-PVST+ Interoperability

 
PVST+
MSTP
Rapid PVST+

PVST+

Yes

Yes (with restrictions)

Yes (reverts to PVST+)

MSTP

Yes (with restrictions)

Yes

Yes (reverts to PVST+)

Rapid PVST+

Yes (reverts to PVST+)

Yes (reverts to PVST+)

Yes


In a mixed MSTP and PVST+ network, the common spanning-tree (CST) root must be inside the MST backbone, and a PVST+ switch cannot connect to multiple MST regions.

When a network contains switches running rapid PVST+ and switches running PVST+, we recommend that the rapid-PVST+ switches and PVST+ switches be configured for different spanning-tree instances. In the rapid-PVST+ spanning-tree instances, the root switch must be a rapid-PVST+ switch. In the PVST+ instances, the root switch must be a PVST+ switch. The PVST+ switches should be at the edge of the network.

STP and IEEE 802.1Q Trunks

The IEEE 802.1Q standard for VLAN trunks imposes some limitations on the spanning-tree strategy for a network. The standard requires only one spanning-tree instance for all VLANs allowed on the trunks. However, in a network of Cisco switches connected through IEEE 802.1Q trunks, the switches maintain one spanning-tree instance for each VLAN allowed on the trunks.

When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+. The switch combines the spanning-tree instance of the IEEE 802.1Q VLAN of the trunk with the spanning-tree instance of the non-Cisco 802.1Q switch.

However, all PVST+ or rapid-PVST+ information is maintained by Cisco switches separated by a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches.

PVST+ is automatically enabled on IEEE 802.1Q trunks, and no user configuration is required. The external spanning-tree behavior on access ports is not affected by PVST+.

For more information on IEEE 802.1Q trunks, see Chapter 12, "Configuring VLANs."

Configuring Spanning-Tree Features

Default Spanning-Tree Configuration

Spanning-Tree Configuration Guidelines

Enabling Spanning Tree on an ENI (required)

Disabling Spanning Tree (optional)

Configuring the Root Switch (optional)

Configuring a Secondary Root Switch (optional)

Configuring Port Priority (optional)

Configuring Path Cost (optional)

Configuring the Switch Priority of a VLAN (optional)

Configuring Spanning-Tree Timers (optional)

Default Spanning-Tree Configuration

Table 15-3 shows the default spanning-tree configuration.

Table 15-3 Default Spanning-Tree Configuration 

Feature
Default Setting

Enable state

Enabled on NNIs in VLAN 1.

Disabled on ENIs. (Not supported on UNIs)

For more information, see the "Supported Spanning-Tree Instances" section.

Spanning-tree mode

Rapid PVST+

Rapid PVST+ interoperates with PVST and PVST+. MSTP is disabled.

Switch priority

32768.

Spanning-tree port priority (configurable on a per-interface basis)

128.

Spanning-tree port cost (configurable on a per-interface basis)

1000 Mbps: 4.

100 Mbps: 19.

10 Mbps: 100.

Spanning-tree VLAN port priority (configurable on a per-VLAN basis)

128.

Spanning-tree VLAN port cost (configurable on a per-VLAN basis)

1000 Mbps: 4.

100 Mbps: 19.

10 Mbps: 100.

Spanning-tree timers

Hello time: 2 seconds.

Forward-delay time: 15 seconds.

Maximum-aging time: 20 seconds.


Spanning-Tree Configuration Guidelines

If more VLANs are defined than there are spanning-tree instances, you can enable PVST+ or rapid PVST+ on STP ports s in only 128 VLANs on the switch. The remaining VLANs operate with spanning tree disabled. However, you can map multiple VLANs to the same spanning-tree instances by using MSTP. For more information, see Chapter 16, "Configuring MSTP."

If 128 instances of spanning tree are already in use, you can disable spanning tree on STP ports in one of the VLANs and then enable it on the VLAN where you want it to run. Use the no spanning-tree vlan vlan-id global configuration command to disable spanning tree on a specific VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable spanning tree on the desired VLAN.


Caution Switches that are not running spanning tree still forward BPDUs that they receive so that the other switches on the VLAN that have a running spanning-tree instance can break loops. Therefore, spanning tree must be running on enough switches to break all the loops in the network; for example, at least one switch on each loop in the VLAN must be running spanning tree. It is not absolutely necessary to run spanning tree on all switches in the VLAN. However, if you are running spanning tree only on a minimal set of switches, an incautious change to the network that introduces another loop into the VLAN can result in a broadcast storm.

If you have already used all available spanning-tree instances on your switch, adding another VLAN creates a VLAN that is not running spanning tree on that switch. If you have the default allowed list on the trunk ports of that switch, the new VLAN is carried on all trunk ports. Depending on the topology of the network, this could create a loop in the new VLAN that will not be broken, particularly if there are several adjacent switches that have all run out of spanning-tree instances. You can prevent this possibility by setting up allowed lists on the trunk ports of switches that have used up their allocation of spanning-tree instances. Setting up allowed lists is not necessary in many cases and can make it more labor-intensive to add another VLAN to the network.

Spanning-tree commands control the configuration of VLAN spanning-tree instances. You create a spanning-tree instance when you assign an STP port (an NNI or ENI with STP enabled) to a VLAN. The spanning-tree instance is removed when the last port is moved to another VLAN. You can configure switch and port parameters before a spanning-tree instance is created; these parameters are applied when the spanning-tree instance is created.

The switch supports PVST+, rapid PVST+, and MSTP, but only one version can be active at any time. (For example, all VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs run MSTP.) For information about the different spanning-tree modes and how they interoperate, see the "Spanning-Tree Interoperability and Backward Compatibility" section.


Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP.

On the ME-3400E switch, when 1-to-1 VLAN mapping is enabled on an NNI or on an ENI on which STP is enabled, the STP instance applies to the service provider VLAN (S-VLAN) within the switch.

Enabling Spanning Tree on an ENI

By default, spanning tree is enabled on all NNIs on the switch and disabled on ENIs. Beginning in privileged EXEC mode, follow these steps to enable spanning tree an ENI:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify a UNI or ENI interface to configure, and enter interface configuration mode.

Step 3 

no shutdown

Enable the port, if necessary. By default, UNIs and ENIs are disabled.

Step 4 

port-type eni

Configure the port as an ENI (if not already configured).

Step 5 

spanning-tree

Enable spanning tree on the interface. The interface will belong to the switch spanning tree instance along with NNIs in the VLAN.

Note This command is visible only on ENIs.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show spanning-tree interface interface-id

Verify your entries.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable spanning tree on an ENI, enter the no spanning-tree interface command.

Changing the Spanning-Tree Mode.

The switch supports three spanning-tree modes: PVST+, rapid PVST+, or MSTP. By default, the switch runs the rapid PVST+ protocol on all NNIs and ENIs on which spanning tree is enabled.

Beginning in privileged EXEC mode, follow these steps to change the spanning-tree mode. If you want to enable a mode that is different from the default mode, this procedure is required.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree mode {pvst | mst | rapid-pvst}

Configure a spanning-tree mode on STP ports on the switch.

Select pvst to enable PVST+.

Select mst to enable MSTP (and RSTP). For more configuration steps, see Chapter 16, "Configuring MSTP."

Select rapid-pvst to enable rapid PVST+ (the default setting).

Step 3 

interface interface-id

(Recommended only for rapid-PVST+ mode) Specify an STP port to configure, and enter interface configuration mode. Valid interfaces include physical NNIs or ENIs with spanning tree enabled, VLANs, and NNI or ENI port channels. The VLAN ID range is 1 to 4094. The port-channel range is 1 to 48.

Note If a physical interface is a UNI, before attempting to configure it as a spanning-tree link, you must enter the port-type nni interface configuration command or configure the port as an ENI and enable spanning tree on the port. See "Enabling Spanning Tree on an ENI" section.
If the interface is a VLAN, only ports with spanning tree enabled in the VLAN will run spanning tree.
If the interface is a port channel, all members of the port channel must be NNIs or ENIs with spanning tree enabled.

Step 4 

spanning-tree link-type point-to-point

(Recommended only for rapid-PVST+ mode) Specify that the link type for this port is point-to-point.

If you connect this port to a remote port through a point-to-point link and the local port becomes a designated port, the switch negotiates with the remote port and rapidly changes the local port to the forwarding state.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

clear spanning-tree detected-protocols

(Recommended only for rapid-PVST+ mode) If any port on the switch running spanning tree is connected to a port on a legacy IEEE 802.1D switch, restart the protocol migration process on the entire switch.

This step is optional if the designated switch detects that this switch is running rapid PVST+.

Step 7 

show spanning-tree summary

and

show spanning-tree interface interface-id

Verify your entries.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default spanning-tree mode setting, use the no spanning-tree link-type interface configuration command.

Disabling Spanning Tree

Spanning tree is enabled by default on all NNIs in VLAN 1 and in all newly created VLANs up to the spanning-tree limit specified in the "Supported Spanning-Tree Instances" section. Spanning tree is disabled on ENIs on the switch but can be enabled on a per-interface basis. Disable spanning tree only if you are sure there are no loops in the network topology.


Caution When spanning tree is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance.

Beginning in privileged EXEC mode, follow these steps to disable spanning-tree on a per-VLAN basis. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

no spanning-tree vlan vlan-id

For vlan-id, the range is 1 to 4094.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree vlan vlan-id

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To re-enable spanning-tree, use the spanning-tree vlan vlan-id global configuration command.

Configuring the Root Switch

The switch maintains a separate spanning-tree instance for each active VLAN configured on it. A bridge ID, consisting of the switch priority and the switch MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge ID becomes the root switch for that VLAN.

To configure a switch to become the root for the specified VLAN, use the spanning-tree vlan vlan-id root global configuration command to modify the switch priority from the default value (32768) to a significantly lower value. When you enter this command, the software checks the switch priority of the root switches for each VLAN. Because of the extended system ID support, the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN.

If any root switch for the specified VLAN has a switch priority lower than 24576, the switch sets its own priority for the specified VLAN to 4096 less than the lowest switch priority. (4096 is the value of the least-significant bit of a 4-bit switch priority value as shown in Table 15-1.)


Note The spanning-tree vlan vlan-id root global configuration command fails if the value necessary to be the root switch is less than 1.


If your network consists of switches that both do and do not support the extended system ID, it is unlikely that the switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software.


Note The root switch for each spanning-tree instance should be a backbone or distribution switch. Do not configure an access switch as the spanning-tree primary root.


Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of switch hops between any two end stations in the Layer 2 network). When you specify the network diameter, the switch automatically sets an optimal hello time, forward-delay time, and maximum-age time for a network of that diameter, which can significantly reduce the convergence time. You can use the hello keyword to override the automatically calculated hello time.


Note After configuring the switch as the root switch, we recommend that you avoid manually configuring the hello time, forward-delay time, and maximum-age time through the spanning-tree vlan vlan-id hello-time, spanning-tree vlan vlan-id forward-time, and the spanning-tree vlan vlan-id max-age global configuration commands.


Beginning in privileged EXEC mode, follow these steps to configure a switch to become the root for the specified VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree vlan vlan-id root primary [diameter net-diameter [hello-time seconds]]

Configure a switch to become the root for the specified VLAN.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

(Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations. The range is 2 to 7.

(Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default is 2.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree detail

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command.

Configuring a Secondary Root Switch

When you configure a switch as the secondary root, the switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root switch for the specified VLAN if the primary root switch fails. This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch.

You can execute this command on more than one switch to configure multiple backup root switches. Use the same network diameter and hello-time values that you used when you configured the primary root switch with the spanning-tree vlan vlan-id root primary global configuration command.

Beginning in privileged EXEC mode, follow these steps to configure a switch to become the secondary root for the specified VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree vlan vlan-id root secondary [diameter net-diameter [hello-time seconds]]

Configure a switch to become the secondary root for the specified VLAN.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

(Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations. The range is 2 to 7.

(Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default is 2.

Use the same network diameter and hello-time values that you used when configuring the primary root switch. See the "Configuring the Root Switch" section.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree detail

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command.

Configuring Port Priority

If a loop occurs, spanning tree uses the port priority when selecting a spanning-tree port to put into the forwarding state. You can assign higher priority values (lower numerical values) to ports that you want selected first and lower priority values (higher numerical values) to ones that you want selected last. If all spanning-tree ports have the same priority value, spanning tree puts the port with the lowest interface number in the forwarding state and blocks the other interfaces.

Beginning in privileged EXEC mode, follow these steps to configure the port priority of a spanning-tree port. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify an interface to configure, and enter interface configuration mode.

Note If a physical interface is a UNI, before attempting to configure it as a spanning-tree link, you must enter the port-type nni interface configuration command or configure the port as an ENI and enable spanning tree on the port. See "Enabling Spanning Tree on an ENI" section.
If the interface is a VLAN, only ports with spanning tree enabled in the VLAN will run spanning tree.
If the interface is a port channel, all members of the port channel must be NNIs or ENIs with spanning tree enabled.

Step 3 

spanning-tree port-priority priority

Configure the port priority for the spanning-tree port.

For priority, the range is 0 to 240, in increments of 16; the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority.

Step 4 

spanning-tree vlan vlan-id port-priority priority

Configure the port priority for a VLAN.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

For priority, the range is 0 to 240, in increments of 16; the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show spanning-tree interface interface-id

or

show spanning-tree vlan vlan-id

Verify your entries.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.


Note The show spanning-tree interface interface-id privileged EXEC command displays information only if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration.


To return to the default spanning-tree setting, use the no spanning-tree [vlan vlan-id] port-priority interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the "Configuring Trunk Ports for Load Sharing" section on page 12-19.

Configuring Path Cost

The spanning-tree path cost default value is derived from the media speed of an interface (port running spanning tree or port channel of multiple ports running spanning tree). If a loop occurs, spanning tree uses cost when selecting an interface to put in the forwarding state. You can assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last. If all NNIs (or port channels) have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.

Beginning in privileged EXEC mode, follow these steps to configure the cost of an interface. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical NNIs or ENIs with STP enabled and port-channel logical interfaces (port-channel port-channel-number) that contain only NNIs or STP-enabled ENIs.

Step 3 

spanning-tree cost cost

Configure the cost for an interface.

If a loop occurs, spanning tree uses the path cost when selecting an interface to place into the forwarding state. A lower path cost represents higher-speed transmission.

For cost, the range is 1 to 200000000; the default value is derived from the media speed of the interface.

Step 4 

spanning-tree vlan vlan-id cost cost

Configure the cost for a VLAN.

If a loop occurs, spanning tree uses the path cost when selecting a spanning-tree port to place into the forwarding state. A lower path cost represents higher-speed transmission.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

For cost, the range is 1 to 200000000; the default value is derived from the media speed of the interface.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show spanning-tree interface interface-id

or

show spanning-tree vlan vlan-id

Verify your entries.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.


Note The show spanning-tree interface interface-id privileged EXEC command displays information only for ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration.


To return to the default setting, use the no spanning-tree [vlan vlan-id] cost interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree path costs, see the "Configuring Trunk Ports for Load Sharing" section on page 12-19.

Configuring the Switch Priority of a VLAN

You can configure the switch priority and make it more likely that the switch will be chosen as the root switch.


Note Exercise care when using this command. For most situations, we recommend that you use the spanning-tree vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands to modify the switch priority.


Beginning in privileged EXEC mode, follow these steps to configure the switch priority of a VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree vlan vlan-id priority priority

Configure the switch priority of a VLAN.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

For priority, the range is 0 to 61440 in increments of 4096; the default is 32768. The lower the number, the more likely the switch will be chosen as the root switch.

Valid priority values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree vlan vlan-id

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command.

Configuring Spanning-Tree Timers

Table 15-4 describes the timers that affect the entire spanning-tree performance.

Table 15-4 Spanning-Tree Timers 

Variable
Description

Hello timer

Controls how often the switch broadcasts hello messages to other switches.

Forward-delay timer

Controls how long each of the listening and learning states last before the STP port begins forwarding.

Maximum-age timer

Controls the amount of time the switch stores protocol information received on an STP port.


The sections that follow provide the configuration steps.

Configuring the Hello Time

You can configure the interval between the generation of configuration messages by the root switch by changing the hello time.


Note Exercise care when using this command. For most situations, we recommend that you use the spanning-tree vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands to modify the hello time.


Beginning in privileged EXEC mode, follow these steps to configure the hello time of a VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree vlan vlan-id hello-time seconds

Configure the hello time of a VLAN. The hello time is the interval between the generation of configuration messages by the root switch. These messages mean that the switch is alive.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

For seconds, the range is 1 to 10; the default is 2.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree vlan vlan-id

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command.

Configuring the Forwarding-Delay Time for a VLAN

Beginning in privileged EXEC mode, follow these steps to configure the forwarding-delay time for a VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree vlan vlan-id forward-time seconds

Configure the forward time of a VLAN. The forward delay is the number of seconds a spanning-tree port waits before changing from its spanning-tree learning and listening states to the forwarding state.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

For seconds, the range is 4 to 30; the default is 15.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree vlan vlan-id

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree vlan vlan-id forward-time global configuration command.

Configuring the Maximum-Aging Time for a VLAN

Beginning in privileged EXEC mode, follow these steps to configure the maximum-aging time for a VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

spanning-tree vlan vlan-id max-age seconds

Configure the maximum-aging time of a VLAN. The maximum-aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

For seconds, the range is 6 to 40; the default is 20.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show spanning-tree vlan vlan-id

Verify your entries.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command.

Displaying the Spanning-Tree Status

To display the spanning-tree status, use one or more of the privileged EXEC commands in Table 15-5:

Table 15-5 Commands for Displaying Spanning-Tree Status 

Command
Purpose

show spanning-tree active

Displays spanning-tree information only on active spanning-tree interfaces.

show spanning-tree detail

Displays a detailed summary of interface information.

show spanning-tree interface interface-id

Displays spanning-tree information for the specified spanning-tree interface.

show spanning-tree summary [totals]

Displays a summary of interface states or displays the total lines of the STP state section.


You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command.

For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release.