Understanding Spanning Tree Protocol (STP): Keeping Your Network Loops in Check

If you're just getting into networking, you’ve probably heard of Spanning Tree Protocol, or STP for short. It might sound complicated at first, but at its core, STP is simply a way to keep networks with redundant paths from turning into a chaotic mess.

In this blog, I’ll walk you through what STP is, why we need it, and how it works from the basic concepts all the way to Rapid STP and Cisco’s version of things. I’m not a professional or a certified expert. I’m just someone learning and sharing along the way. If you’re also trying to wrap your head around this topic, I hope this helps you the same way it helped me while writing it.

Let’s get started with the problem STP is trying to solve: network redundancy and what happens when there’s too much of it.

---

Understanding Network Redundancy

Before we get into Spanning Tree Protocol itself, it’s important to understand why we need it. And that starts with something called network redundancy.

In simple terms, network redundancy means adding extra paths or connections between switches. This way, if one link goes down, there's another path the data can take. Think of it like having multiple roads between two cities. If one is blocked, traffic can still move using the others.

Redundancy is a good thing. It keeps the network running even when something fails. But here's the catch: in a switched network, having too many paths can actually cause a problem. Unlike roads, where cars follow traffic rules, switches don’t always know the best path right away. If they see multiple links, they might keep forwarding the same data again and again in circles. This is what we call a network loop and it can bring down the entire network.

That’s where Spanning Tree Protocol comes in. It’s designed to allow redundancy without causing loops.

---

What Happens Without Control: Broadcast Storms and MAC Address Flapping

So we know that redundant links can cause network loops but what exactly goes wrong when that happens?

One of the first problems you’ll run into is something called a broadcast storm. This happens when broadcast traffic (like ARP requests) starts looping endlessly between switches. Since switches flood broadcast frames out of all ports except the one they received it on, that broadcast keeps bouncing around. It doesn’t stop. Over time, more and more copies pile up, clogging the network and slowing everything down or worse, completely freezing it.

Another issue is MAC address flapping. Switches keep a table of which devices are reachable through which ports (called a MAC address table). But if a switch keeps receiving the same MAC address from different ports because the frame is looping, it gets confused. It constantly updates the table, thinking the device has moved to a different port. That’s called flapping, and it makes the switch unreliable when it comes to forwarding traffic.

These are just a few of the headaches that can happen when loops go unchecked. That’s why we need a way to keep redundancy but prevent loops. That’s exactly what Spanning Tree Protocol is built for.

---

Classic Spanning Tree Protocol (IEEE 802.1D)

Now that we’ve seen how loops can mess up a network, it’s time to look at how they’re actually prevented. That’s where Spanning Tree Protocol (STP) comes in.

The original version of STP is called Classic STP, and it follows a standard known as IEEE 802.1D. You’ll hear both terms used, but they refer to the same thing. This protocol was created to make sure there’s only one active path between switches at any time, even if there are multiple physical connections.

Here’s how it works in simple terms: STP looks at the network, figures out the best path for data to travel, and blocks any extra links that could cause a loop. These extra links aren’t removed, they’re just put into a backup state. If the main path ever goes down, STP can quickly reactivate one of those blocked links to keep things running.

Classic STP does a good job, but it has a few limitations. For example, it takes around 30 to 50 seconds to react when something changes in the network. That might not sound like a lot, but in modern networks, that delay can be a problem. Still, it laid the groundwork for the newer and faster versions we have today.

---

Why STP Still Uses the Term "Bridge"

As you go through Spanning Tree Protocol, you’ll notice something a bit old-fashioned. STP keeps referring to switches as bridges. This can be confusing at first, especially since we mostly work with switches today. But there's a reason for it.

STP was originally designed at a time when bridges were the devices used to connect different parts of a network. These bridges performed tasks like filtering traffic and preventing loops, which is exactly what STP was made to help with. Later on, switches took over. They’re faster, smarter, and can do everything bridges used to do but just better.

Even though bridges are mostly gone from modern networks, STP hasn’t updated its vocabulary. The protocol still talks in terms of bridges, because that’s what it was built around. That’s why you’ll still see terms like:

• Root Bridge – the central switch chosen by STP to control the path of traffic

• Bridge ID – a unique identifier that helps STP decide which switch becomes the Root Bridge

• BPDU (Bridge Protocol Data Unit) – the messages switches send to share information with each other

In today’s networks, these “bridges” are really just your regular Ethernet switches. So when you see STP talking about bridges, just remember that it’s speaking in the language of its time, but it’s still describing the switches we use now.

---

What you’re seeing in the image is how Spanning Tree Protocol works in action.

The green links show the active paths; these are the connections that STP has chosen for sending data. The orange links are not broken; they’re just in a blocking state. That means STP has temporarily disabled them to stop loops from happening.

The blocked links are still part of the network. They’re just on standby. If one of the active (green) links goes down, STP can quickly switch one of the orange links to active, keeping the network running without interruption.

This is a visual example of how STP balances two things: keeping backup paths ready and making sure traffic doesn’t go in circles.

---

BPDUs: The Messages That Help Switches Decide

Now that we’ve seen how STP blocks certain links to prevent loops, you might be wondering how do switches know which links to block and which ones to keep active? That’s where BPDUs come in.

BPDU stands for Bridge Protocol Data Unit. These are small messages that switches send to each other to share information about the network. Think of them like status updates. Every switch sends out BPDUs to say, “Hey, here’s who I am, and here’s what I know about the network.”

With these messages, switches can figure out:

• Which switch should be the Root Bridge (the one at the center of the network)

• How far away they are from the Root Bridge

• Which links are best to keep open, and which ones should be blocked

BPDUs are the foundation of how STP works. Without them, switches would have no way to agree on the best path or avoid loops.

---

Understanding the Bridge ID

When switches send BPDUs, they include something called the Bridge ID. This is how they identify themselves and how they decide which switch becomes the Root Bridge.

The Bridge ID is made up of:

• Bridge Priority – 16 bits

• MAC Address – 48 bits

Together, that’s a total of 64 bits.

Now let’s break it down a bit more:

Bridge Priority

The Bridge Priority takes up the first 16 bits of the Bridge ID. But it's not just a simple number. Here’s how it's split:

• The first 4 bits are reserved for the priority value

• The next 12 bits are used for the Extended System ID, which usually reflects the VLAN number

So when you set the Bridge Priority, you're actually adjusting the first part of the 16-bit field. The default value is 32,768, and you can change it in steps of 4,096 (since only the top 4 bits are used for actual priority). Lower values have higher priority.

MAC Address

The MAC address is used as a tie-breaker. If two switches have the same priority, the one with the lowest MAC address wins. That’s why even if all switches have the default priority, STP can still choose one Root Bridge based on their MACs.

Why This Matters

Bridge ID is what STP uses to figure out who’s in charge. The switch with the lowest Bridge ID (meaning lowest priority + lowest MAC address) becomes the Root Bridge. Once that’s done, the rest of the switches can start organizing their paths around it.

---

What About PVST?

So far, we’ve been talking about Classic STP or IEEE 802.1D, which treats the entire network as one big topology. But what if you’re using VLANs? That’s where PVST comes in.

PVST stands for Per-VLAN Spanning Tree. It’s a version of STP developed by Cisco that runs a separate instance of STP for each VLAN. This means each VLAN can have its own Root Bridge, its own path selection, and its own blocked links.

This gives you more flexibility. For example, you can make one switch the Root Bridge for VLAN 10 and a different switch the Root Bridge for VLAN 20. This helps balance traffic better and gives you more control over how data flows through the network.

PVST still uses the same basic rules as classic STP: it uses BPDUs, Bridge IDs, and chooses a Root Bridge based on the lowest ID. The big difference is that it does this individually for every VLAN, instead of treating the whole network as one big group.

There’s also a version called PVST+ that works better with both older STP and newer types like RSTP, which we’ll cover later.

---

How STP Builds a Loop-Free Path: Root Bridge, Root Ports, and Designated Ports

Now that we know how switches use BPDUs and Bridge IDs, let’s walk through how Spanning Tree Protocol builds the loop-free path in the network. STP follows a clear set of rules to decide which paths to use and which ones to block.

1. Electing the Root Bridge

The first step is picking the Root Bridge; the central switch in the network. STP chooses the switch with the lowest Bridge ID. As a quick reminder, Bridge ID is made up of the Bridge Priority and the MAC address.

Once the Root Bridge is elected:

• All of its ports become Designated Ports

• These ports are in a Forwarding state because the Root Bridge is the center of the network

2. Choosing the Root Port on Other Switches

Every other switch in the network (except the Root Bridge) must choose one port that it will use to reach the Root Bridge. This port is called the Root Port, and it’s also placed in the Forwarding state.

To pick the Root Port, the switch looks for the lowest path cost to the Root Bridge. If there’s a tie, STP uses the following tiebreakers in order:

Root Port Selection Criteria:

1. Lowest Root Path Cost – STP adds up the cost of each link to the Root Bridge. Lower cost wins.

2. Lowest Neighbor Bridge ID – If two paths have the same cost, STP picks the one that goes through the neighbor with the lower Bridge ID.

3. Lowest Neighbor Port ID – If the Bridge IDs are also the same, it picks the one that connects to the lower port number on the neighbor switch.

STP Cost Reference Table:

3. Choosing Designated and Non-Designated Ports

Each collision domain (which usually means each link between two switches) needs one Designated Port; this is the port that forwards traffic toward that segment.

STP picks the Designated Port using this order:

1. Port on the switch with the lowest Root Path Cost

2. If tied, port on the switch with the lower Bridge ID

The port that doesn’t get selected becomes the Non-Designated Port, and it goes into a Blocking state to prevent loops.

With the Root Bridge, Root Ports, and Designated Ports chosen, STP builds a clear, loop-free path. Any ports that aren’t selected for one of these roles are placed into Blocking, keeping the network safe from looping traffic while still allowing quick recovery if something fails.

---

What Happens to Each Port: STP Port States

Now that we know which ports are selected as Root Ports, Designated Ports, and Non-Designated (Blocking) Ports, the next question is what exactly happens to these ports?

That’s where Spanning Tree port states come in.

Each port in the STP topology goes through specific states, depending on its role and current network conditions. These states control whether the port can send or receive traffic, or if it’s just listening and learning quietly in the background.

STP uses five port states, but not all ports go through every single one. Some states are just part of the process a port goes through when the network is starting up or recovering from a change.

Let’s break them down:

1. Blocking

• The port doesn’t forward any traffic and doesn’t learn MAC addresses.

• It only listens to BPDUs.

• This is how STP prevents loops by stopping traffic on ports that aren’t needed for now.

2. Listening

• The port still doesn’t forward frames or learn MAC addresses.

• It listens to BPDUs to figure out the network layout.

• This state usually lasts 15 seconds during convergence.

3. Learning

• The port still doesn’t forward frames yet.

• But now it starts learning MAC addresses from incoming frames.

• Also lasts around 15 seconds before moving forward.

4. Forwarding

• The port is fully active.

• It forwards traffic and learns MAC addresses.

• Only Root Ports and Designated Ports enter this state.

5. Disabled

• The port is shut down manually or due to an admin setting.

• It doesn’t participate in STP at all.

• No BPDUs are sent or received in this state.

Port State Timeline (Convergence)

When a port is on its way to becoming a forwarding port, it usually goes through this timeline:

Blocking → Listening → Learning → Forwarding

Each of the Listening and Learning states typically lasts around 15 seconds, so a full convergence can take 30 to 50 seconds in Classic STP.

This delay is one of the reasons newer versions of STP like Rapid Spanning Tree Protocol (RSTP) were created. They keep the same idea but work much faster. We’ll get to that shortly.

---

Understanding Spanning Tree Timers

Spanning Tree doesn’t just rely on port states and roles, it also uses timers to control how fast the network reacts to changes. These timers help switches stay in sync and avoid making fast decisions that could cause loops or instability.

There are three main timers used in Classic STP:

These timers work together during convergence. For example, if a link fails, a switch won’t immediately change the topology. Instead, it waits for these timers to expire before taking action. This gives the network time to stabilize and avoid loops.

In Classic STP, this process can take up to 50 seconds, which is why faster versions like RSTP were introduced later on.

---

Classic STP (IEEE 802.1D) uses a special destination MAC address when sending BPDUs (Bridge Protocol Data Units):

MAC Address used by STP:

01:80:C2:00:00:00

This is a reserved multicast MAC address used by switches to send BPDUs. It ensures that:

• Only switches (not end devices like PCs or printers) process these messages.

• The BPDU stays within the local network segment (it’s not forwarded beyond the Layer 2 domain).

This helps keep the STP process efficient and prevents BPDUs from leaking into parts of the network that don’t need them.

---

Extra Tools You Might See: The STP Toolkit

So far, we’ve covered how classic STP works; from blocking loops to electing a Root Bridge and using timers to control the flow. But in real-world networks, especially in larger or more complex setups, you might come across some extra tools that work alongside STP.

These are known as the STP Toolkit; a group of features that help improve network stability, prevent misconfigurations, and make troubleshooting easier.

Some of the most common ones include:

• PortFast

• BPDU Guard

• BPDU Filter

• Root Guard

• Loop Guard

Each of these tools serves a different purpose, but they all help make STP more reliable and secure.

Let’s go through what each one does and why you might use it.

1. PortFast

What it does:
Lets access ports skip the usual STP delay so devices like PCs and printers can connect instantly.

Example:
You plug in your PC and get an IP address right away instead of waiting ~30 seconds.

When to use:
On ports connected to end devices, not to other switches.

How to configure on an interface:

Switch(config)# interface FastEthernet0/1
Switch(config-if)# spanning-tree portfast

Or enable it globally for all access ports:

Switch(config)# spanning-tree portfast default

2. BPDU Guard

What it does:
Shuts down a port if it receives a BPDU. This protects your network from loops caused by accidentally connecting a switch to an end-device port.

Example:
Someone plugs a switch into an access port, BPDU Guard shuts that port down to protect the network.

When to use:
Alongside PortFast on access ports.

How to configure on an interface:

Switch(config)# interface FastEthernet0/1
Switch(config-if)# spanning-tree bpduguard enable

Or enable it globally for all PortFast-enabled ports:

Switch(config)# spanning-tree portfast bpduguard default

3. BPDU Filter

What it does:
Blocks BPDUs from being sent or received. Use with caution; it can stop STP from doing its job.

Example:
Used in testing environments or special cases where a device shouldn’t participate in STP.

How to configure on an interface:

Switch(config)# interface FastEthernet0/1
Switch(config-if)# spanning-tree bpdufilter enable

Or globally (works only with PortFast ports):

Switch(config)# spanning-tree portfast bpdufilter default

4. Root Guard

What it does:
Stops other switches from trying to become the Root Bridge on protected ports.

Example:
You’ve set Switch A as your Root Bridge. Root Guard blocks any other switch that tries to take over.

When to use:
On ports facing downstream switches, not toward your Root Bridge.

How to configure on an interface:

Switch(config)# interface FastEthernet0/2
Switch(config-if)# spanning-tree guard root

5. Loop Guard

What it does:
Prevents a blocked port from moving to forwarding if it stops receiving BPDUs (which could cause a loop).

Example:
A link failure causes a port to stop receiving BPDUs. Without Loop Guard, it might wrongly start forwarding.

When to use:
On trunk links between switches, especially where STP loops might happen.

How to configure on an interface:

Switch(config)# interface FastEthernet0/3
Switch(config-if)# spanning-tree guard loop

These extra features aren't required to make STP work but they do make it safer, smarter, and more reliable, especially in real-world setups where human mistakes or hardware issues can easily cause problems.

---

Setting the Spanning Tree Mode

Now that we’ve looked at how STP works and the tools that help protect the network, it’s time to talk about something more hands-on: choosing and configuring the STP mode on a switch.

Cisco switches support different types of Spanning Tree Protocols, depending on what your network needs. The most common options include:

• PVST (Per-VLAN Spanning Tree) – the default on most Cisco switches

• PVST+ – adds support for extended VLANs and works with both old and new switches

• Rapid PVST (RPVST) – the faster version based on Rapid STP (IEEE 802.1w)

• MST (Multiple Spanning Tree) – allows multiple VLANs to share the same STP instance for better scalability

---

Configuring the Primary and Secondary Root Bridge

Instead of manually adjusting Bridge Priority values to influence the Root Bridge election, Cisco gives us a much simpler way: using the spanning-tree vlan command.

With just one line, you can set a switch as the Primary or Secondary Root Bridge for a specific VLAN. This is useful when you want full control over your STP topology without dealing with exact priority numbers.

To set a switch as the Primary Root Bridge for a VLAN:

Switch(config)# spanning-tree vlan 1 root primary

This command automatically lowers the switch’s Bridge Priority to a value low enough to make it the Root Bridge unless another switch already has a lower one.

To set a switch as the Secondary Root Bridge:

Switch(config)# spanning-tree vlan 1 root secondary

This sets a slightly higher priority than the primary, so the switch becomes the backup Root Bridge. If the primary goes offline, this one takes over.

This method keeps things simple and avoids manually tweaking Bridge Priority values. It’s also easier to maintain and less prone to errors, especially in larger networks with multiple VLANs.

Example: Setting Primary and Secondary Root Bridges for VLAN 1 and VLAN 2

Let’s say you have two core switches:

• Switch1

  • Primary Root Bridge for VLAN 1

  • Secondary Root Bridge for VLAN 2

• Switch2

  • Primary Root Bridge for VLAN 2

  • Secondary Root Bridge for VLAN 1

This setup balances the load between both switches. VLAN 1 traffic prefers Switch1, while VLAN 2 traffic prefers Switch2. If either switch goes down, the other takes over for both VLANs.

On Switch1:

Switch1(config)# spanning-tree vlan 1 root primary
Switch1(config)# spanning-tree vlan 2 root secondary

On Switch2:

Switch2(config)# spanning-tree vlan 2 root primary
Switch2(config)# spanning-tree vlan 1 root secondary

This configuration ensures that:

• VLAN 1 uses Switch1 as the main Root Bridge and Switch2 as backup.

• VLAN 2 uses Switch2 as the main Root Bridge and Switch1 as backup.

This is a common design in enterprise networks to distribute STP roles across core switches and avoid putting all the traffic on a single device.

---

Controlling Path Selection: Cost and Port Priority

So far, STP has been making decisions automatically by choosing the Root Bridge, selecting the Root Ports, and blocking any extra links. But what if you want more control over which path STP prefers?

That’s where these two commands come in:

• spanning-tree vlan <vlan> cost

• spanning-tree vlan <vlan> port-priority

Both commands influence how STP selects the Root Port or Designated Port on a switch, especially when there are multiple equal-cost paths.

spanning-tree vlan <vlan> cost

What it does:
This command lets you manually set the STP path cost of a specific port for a specific VLAN. The lower the cost, the more likely STP will choose that port as the Root Port on the switch.

Why use it?
You can influence which path STP picks when there are multiple ways to reach the Root Bridge. Lower cost = higher priority.

Example:
You have two links between switches; one fast (Gigabit), one slower (FastEthernet). By default, STP already assigns a lower cost to the faster link. But if you want to force the slower link to be preferred, you can manually assign it a lower cost.

Switch(config)# interface FastEthernet0/1
Switch(config-if)# spanning-tree vlan 1 cost 5

This sets the path cost for VLAN 1 to 5 on that interface. If the default Gigabit link has a cost of 4, this command makes the FastEthernet path more attractive to STP.

spanning-tree vlan <vlan> port-priority

What it does:
This command sets the port priority value that STP uses when there’s a tie during Root Port or Designated Port selection.

Lower values have higher priority.

Why use it?
It helps you break ties between ports that have the same path cost. This is useful when you want STP to prefer one port over another, even if both have equal cost.

Example:
You have two equal-cost links on a switch, and STP needs to choose which one becomes the Root Port.

Switch(config)# interface FastEthernet0/2
Switch(config-if)# spanning-tree vlan 1 port-priority 64

By default, the port priority is 128. Lowering it to 64 gives this port a better chance of being selected if there's a tie in cost.

---

Classic STP Is Reliable, But Not Fast… Meet Rapid STP

Everything we’ve covered so far is based on Classic STP (IEEE 802.1D). It does a good job preventing loops but there's one big drawback: it’s slow to react to changes. In a real network, waiting up to 50 seconds for STP to converge can feel like forever.

That’s why Rapid Spanning Tree Protocol (RSTP) was introduced.

RSTP (IEEE 802.1w) is an improved version of STP. It follows the same core idea; preventing loops but it’s much faster and smarter when it comes to handling network changes.

---

Different Versions of Spanning Tree Protocol (STP)

Spanning Tree has evolved over time. There are both IEEE-defined versions (which are open standards used by many vendors) and Cisco-specific versions (used only on Cisco devices). Here's a quick guide to help you tell them apart:

IEEE Versions (Open Standards)

Cisco-Specific Versions

• If you're using classic STP, you’re likely using IEEE 802.1D or PVST/PVST+ on Cisco gear.

• If you want faster convergence, RSTP (or Rapid PVST for Cisco) is the better choice.

• For larger networks with many VLANs, MST helps reduce the number of STP instances running.

Each version has its own use case, depending on network size, hardware support, and whether you're using only Cisco devices or a mix of vendors.

---

Key Similarities Between STP and RSTP

Although RSTP is faster and introduces new features, it still shares the same foundation as classic STP. Here’s what both versions have in common:

Loop Prevention

Both STP and RSTP are designed to prevent Layer 2 loops in a network with redundant links.

Root Bridge Election

Both use the Bridge ID to elect a Root Bridge; the central switch in the spanning tree.

Port Roles

They both use the same core port roles:

• Root Port (RP) – the best path to the Root Bridge

• Designated Port (DP) – forwards traffic for a segment

• Non-Designated (Blocking/Alternate) – used to prevent loops

BPDU Exchange

Both rely on BPDUs (Bridge Protocol Data Units) to share information between switches and maintain the network topology.

Timers (Though RSTP Uses Them Differently)

Both recognize Hello, Forward Delay, and Max Age timers. RSTP still supports these, especially when interacting with classic STP, but uses a faster method during normal operation.

Compatibility

RSTP is backward-compatible with classic STP. If one switch is running STP and the other is running RSTP, they can still work together but the whole segment will behave like classic STP.

---

Link Speed vs STP and RSTP Path Costs

Notes:

• The STP cost is based on the older IEEE 802.1D standard and is still used in many Cisco implementations like PVST.

• RSTP (and updated STP implementations) use the newer IEEE cost values, which are higher to account for faster speeds and more flexibility.

On Cisco switches, you can manually set the cost if needed using:

spanning-tree vlan <vlan-id> cost <value>

---

RSTP Speeds Things Up—Even with Port States

Now that we've seen how RSTP keeps many parts of classic STP, let’s look at one of the biggest improvements: how it handles port states.

In classic STP, ports had to go through several waiting phases before they could start forwarding traffic. That caused delays of up to 50 seconds. RSTP changes that by simplifying the port states and allowing ports to transition much faster.

Let’s break down the RSTP port states and see how they compare to the old ones.

RSTP Port States (Simplified and Faster)

Classic STP had five port states: Blocking, Listening, Learning, Forwarding, and Disabled. RSTP simplifies this into just three active states, making it much quicker and easier to manage.

1. Discarding

• This replaces both Blocking and Listening from classic STP.

• The port does not forward traffic and does not learn MAC addresses.

• It’s just sitting quietly, making sure no loops are forming.

• Used for ports that are either administratively down, in backup mode, or not yet ready to forward.

2. Learning

• The port does not forward traffic yet, but it starts learning MAC addresses from incoming frames.

• This helps the switch build its MAC address table before fully going active.

3. Forwarding

• The port is fully active.

• It forwards traffic and learns MAC addresses.

What Happened to Listening?

In RSTP, the Listening state from classic STP is gone. It’s no longer needed because RSTP makes faster decisions and responds to changes more intelligently using handshakes instead of relying solely on timers.

This change in port states is one of the main reasons why RSTP can converge in less than 10 seconds, compared to 30–50 seconds with classic STP.

---

RSTP Port Roles (Faster Decisions, Better Recovery)

Just like classic STP, RSTP assigns roles to switch ports based on their job in the topology. But RSTP introduces a couple of new roles that help it respond to changes more quickly.

Here’s a breakdown of the port roles used in RSTP:

1. Root Port (RP)

• The best path to the Root Bridge.

• Every non-root switch has one Root Port.

• This port forwards traffic toward the Root Bridge.

2. Designated Port (DP)

• The port that sends traffic away from the Root Bridge on a segment.

• Each network segment (collision domain) has one Designated Port.

• This port is also in the Forwarding state.

3. Alternate Port

• A backup to the Root Port.

• It provides an alternative path to the Root Bridge but stays in Discarding state until needed.

• If the Root Port fails, the Alternate Port quickly takes over.

4. Backup Port

• A backup to the Designated Port on the same switch and segment.

• Only appears in special cases, like when two ports on the same switch are connected to the same segment (loopback scenario).

• Also stays in Discarding state.

Why These Extra Roles Matter

These new port roles; Alternate and Backup are a big part of why RSTP is faster. They allow switches to pre-plan failover paths instead of waiting for timers to expire. So if a link goes down, RSTP can switch to the alternate path in just a few seconds.

---

BackboneFast and UplinkFast

Before Rapid Spanning Tree Protocol became the standard for faster convergence, Cisco introduced a couple of features to help classic STP recover more quickly from topology changes. These were:

• BackboneFast

• UplinkFast

They were designed to reduce the long delays caused by the traditional STP timers, especially during indirect failures or when the root path changes.

While RSTP now handles most of this automatically, it’s still helpful to understand what these two features did especially if you’re working in environments where classic STP or PVST is still used.

Let’s break down each one.

BackboneFast

What it does:
BackboneFast helps the network recover faster from indirect link failures. For example, when a switch detects that its Root Port is no longer valid but hasn't yet received updated BPDUs to confirm it.

Without BackboneFast, the switch would wait for the Max Age timer (20 seconds by default) to expire before reacting. BackboneFast speeds this up by letting the switch ask its neighbors if the root is still reachable.

Where it’s used:
On all switches in the network; not just the ones directly affected.

How to enable it globally:

Switch(config)# spanning-tree backbonefast

Example scenario:
If a link fails somewhere in the core, and your switch can no longer reach the Root Bridge through its current Root Port, BackboneFast allows it to respond faster by bypassing the long wait time.

UplinkFast

What it does:
UplinkFast allows a switch with blocked uplinks (like access switches) to immediately switch to a backup link if the active uplink goes down.

Instead of waiting for STP to go through the Listening and Learning states (which can take 30 seconds), UplinkFast quickly activates the alternate port.

Where it’s used:
Only on access-layer switches with redundant uplinks to the distribution or core layer.

How to enable it:

Switch(config)# spanning-tree uplinkfast

⚠️ When you enable UplinkFast, Cisco automatically:

• Increases the switch’s bridge priority (to make sure it doesn’t become the Root Bridge)

• Sets port cost for all ports to high values to avoid interfering with the core

Example scenario:
An access switch has two uplinks to the core. One is active; the other is blocked. If the active one fails, UplinkFast brings the backup port into forwarding immediately, with no downtime for end users.

Note on RSTP

If your network is already using Rapid PVST or RSTP, you don’t need to configure BackboneFast or UplinkFast. RSTP already includes this kind of fast recovery logic natively.

But if you're still using classic STP or PVST, these features can help speed things up without moving to a new protocol.

---

How Are Alternate and Backup Ports Selected?

In both STP and RSTP, when there are redundant paths to the Root Bridge, only one path is chosen as the best (the Root Port). All other paths must be placed in a non-forwarding role to avoid loops. That’s where Alternate and Backup ports come in.

Let’s break it down:

Alternate Port

• An Alternate Port is a backup path to the Root Bridge that is not currently used.

• It exists on a switch that is NOT the Root Bridge.

• STP or RSTP selects it when the switch has more than one path to the Root Bridge, but only one can be active (Root Port).

• The port with the lowest total path cost to the Root becomes the Root Port.

• The other path(s) with higher costs become Alternate Ports.

Example:
A switch has two uplinks to the Root Bridge:

• Port A: total path cost = 4 → becomes Root Port (active)

• Port B: total path cost = 19 → becomes Alternate Port (discarding)

Backup Port

• A Backup Port is also in a discarding state, but it’s a backup to a Designated Port on the same collision domain.

• This happens only when two ports on the same switch are connected to the same segment (like a loopback cable or a hub).

• One of those ports is selected as the Designated Port, and the other becomes the Backup.

Example:
If a switch has two ports plugged into the same switch or hub:

• One port wins the election to be Designated Port.

• The other port (on the same switch) becomes the Backup Port.

In Short:

---

Who Sends BPDUs in Classic STP vs RSTP?

In Classic STP (IEEE 802.1D)

Only the Root Bridge originates BPDUs.

• The Root Bridge sends BPDUs (Bridge Protocol Data Units) every 2 seconds.

• Other switches do not create their own BPDUs. They just forward the BPDUs they receive from the Root.

• So, if a switch stops receiving BPDUs, it assumes the path to the root is down—but it can’t respond immediately. It has to wait for the Max Age timer (default 20 seconds) to expire before reacting.

This is one reason classic STP is slow to converge.

In RSTP (IEEE 802.1w)

Every switch generates its own BPDUs, even non-root switches.

• Switches don’t just forward BPDUs—they create and send their own to their neighbors.

• This allows for a faster handshake process, so switches can detect link changes and respond almost instantly.

• Because of this, RSTP can converge in just a few seconds.

Summary

---

RSTP Looks at Link Types Too

One of the ways Rapid STP speeds up convergence is by paying attention to the type of link between switches. Classic STP didn’t care much about this; it just waited for timers.

But RSTP is smarter. It uses different rules depending on whether the connection is between two switches or between a switch and an end device. This helps it decide how fast a port can transition to forwarding.

Let’s go over the link types RSTP uses and how each one affects port behavior.

RSTP Link Types

RSTP classifies each port into one of three link types. These types help the switch decide whether it can move a port to the forwarding state immediately or if it should use a handshake process.

1. Edge Port

• This is a port connected directly to an end device (like a PC, printer, or server).

• It’s similar to enabling PortFast in classic STP.

• Edge ports can immediately transition to forwarding, skipping all STP delays.

• RSTP automatically treats a port as edge if you configure it manually.

⚠️ If an edge port ever receives a BPDU, RSTP removes its edge status to prevent loops.

2. Point-to-Point Link

• A full-duplex link between two switches.

• RSTP assumes these links are stable and fast.

• They support RSTP’s handshake mechanism, allowing ports to transition to forwarding without waiting for timers.

RSTP uses these links for quick agreement between switches about who forwards and who blocks.

3. Shared Link

• A port connected to a shared network segment, like a hub or half-duplex connection.

• RSTP treats these as less reliable and does not allow fast transitions.

• Ports on shared links still follow traditional STP behavior and rely on timers to move between states.

How to Configure RSTP Link Types

Edge Port (to end devices)

Manually enable PortFast:

Switch(config)# interface FastEthernet0/1
Switch(config-if)# spanning-tree portfast

Point-to-Point Link (full-duplex switch-to-switch)

RSTP automatically considers full-duplex links as point-to-point. But you can also manually set the link type like this:

Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# spanning-tree link-type point-to-point

✅ Used for switch-to-switch links with full-duplex.

Shared Link (half-duplex or connected to a hub)

If you’re using a hub (rare today) or a half-duplex port, you can manually set it:

Switch(config)# interface FastEthernet0/2
Switch(config-if)# spanning-tree link-type shared

⚠️ RSTP will treat this port more conservatively and rely on timers, not fast transitions.

Why Link Types Matter

By knowing what’s on the other end of a port, RSTP can speed things up safely. Edge ports and point-to-point links help the network converge quickly. Shared links are treated more cautiously to avoid accidental loops.

---

Wrapping It Up

Alright, that’s a lot of Spanning Tree talk but I hope it all made a bit more sense after going through it step by step.

We started with why network redundancy is important, and how too much of it without control can cause issues like broadcast storms and MAC address flapping. Then we looked at how Classic STP helps fix that (even if it’s kind of slow), and how Rapid STP came in to make things faster and more efficient.

We also covered things like:

• How switches decide who’s the boss (Root Bridge)

• What each port’s role is in the STP process

• How to tweak things using priority, cost, and link types

• And those older Cisco features like UplinkFast and BackboneFast that were used before RSTP became the go-to

To be honest, I’m not a networking pro. I’m just someone learning and sharing as I go. Writing this helped me understand things better, and I hope it helped you too.

If something didn’t click right away, that’s okay. STP can be a bit much at first, but the more you work with it (especially in labs or Packet Tracer), the more it starts to feel natural.

Thanks for reading this far!