Spanning Tree Protocol uses five distinct port states to manage network traffic and prevent loops. The two stable states are Blocking (for non-designated ports) and Forwarding (for root and designated ports). Between these stable states, ports must transition through two intermediate states: Listening and Learning. A fifth state, Disabled, refers to administratively shut down interfaces.
When a network topology change occurs, such as adding a new device or experiencing a hardware failure, ports may need to transition between states. This transition process is deliberately slow to prevent accidental loop formation.
Three timers govern STP operation:
Hello Timer (2 seconds): Controls how frequently the root bridge sends BPDUs
Forward Delay Timer (15 seconds): Determines the duration of both Listening and Learning states
Max Age Timer (20 seconds): Specifies how long a switch waits after not receiving BPDUs before recalculating the topology
PortFast allows ports connected to end hosts to bypass the Listening and Learning states, entering Forwarding immediately. This eliminates the 30-second delay but should only be used on ports connected to end devices.
BPDU Guard provides protection by shutting down any PortFast-enabled interface that receives a BPDU, preventing potential loops from unauthorized switch connections.
Port State
Sends/Receives BPDUs
Sends/Receives Traffic
Learns MAC Addresses
Duration
Blocking
Receives only
No
Stable
Listening
Yes
15 sec
Learning
Forwarding
Disabled
N/A
Critical Timing:
Blocking → Forwarding transition: 50 seconds total (20 sec Max Age + 15 sec Listening + 15 sec Learning)
Forwarding → Blocking: Immediate (no loop risk)
Term
Definition
PortFast
Feature allowing immediate transition to Forwarding state, bypassing Listening/Learning
BPDU Guard
Security feature that disables a port upon receiving a BPDU
Root Guard
Prevents a port from accepting a superior BPDU that would change the root bridge
Loop Guard
Prevents a port from forwarding if it stops receiving BPDUs
Forward Delay
Timer controlling duration of transitional states
Max Age
Timer for topology recalculation after BPDU loss
PVST+
Per-VLAN Spanning Tree Plus - Cisco's enhanced STP supporting 802.1Q
Item
Value
Hello Timer
2 seconds
15 seconds
20 seconds
Total transition time (Blocking→Forwarding)
50 seconds
Listening + Learning time
30 seconds
PVST+ BPDU Destination MAC
0100.0ccc.cccd
Standard STP BPDU Destination MAC
0180.c200.0000
Default Port Priority
128
Primary Root Priority
24576
Secondary Root Priority
28672
Priority Increment
4096
Port Priority Increment
32
Confusing Listening and Learning states - Learning is the only transitional state that learns MAC addresses
Forgetting the 50-second total - Max Age (20) + Listening (15) + Learning (15) = 50 seconds
PortFast on trunk ports - PortFast configured on trunk ports won't take effect
BPDU Guard command syntax - Interface level: bpduguard enable vs Global: portfast bpduguard default
bpduguard enable
portfast bpduguard default
Non-designated ports never enter Listening/Learning - They remain in Blocking
BPDUs are only forwarded out designated ports - Not root ports or non-designated ports
🔢 "2-15-15-20" = Hello-Forward Delay-Forward Delay-Max Age
🚦 "BLock → Listen → Learn → Forward" = States spell out "BLLF" (think "Be Late, Learn Fast")
⏱️ "Fifty to Forward" = 50 seconds from blocking to forwarding
🔄 "Only Designated ports forward BPDUs" = D for Designated, D for Distribute
📍 MAC Addresses: PVST+ uses "cccc" (Cisco), Standard uses "c200" (Classic 2000)
🌳 Root Primary = 24576 (think "24/7" minus 6 = 24576)
SW1(config)# spanning-tree vlan 10 root primary
SW1(config)# spanning-tree vlan 20 root secondary
! Interface level SW1(config-if)# spanning-tree portfast ! Global (all access ports)
SW1(config)# spanning-tree portfast default
! Interface level SW1(config-if)# spanning-tree bpduguard enable
! Global (all PortFast ports)
SW1(config)# spanning-tree portfast bpduguard default
SW1(config-if)# shutdown
SW1(config-if)# no shutdown
SW1(config-if)# spanning-tree vlan 10 cost 10
SW1(config-if)# spanning-tree vlan 10 port-priority 64
Configure different root bridges for different VLANs to utilize all links:
VLAN 10: SW1 = Primary Root, SW2 = Secondary Root
VLAN 20: SW2 = Primary Root, SW1 = Secondary Root
This ensures different VLANs use different paths, maximizing bandwidth utilization.
What are the five STP port states?
Blocking, Listening, Learning, Forwarding, and Disabled
What is the default Hello timer value?
What is the default Forward Delay timer value?
What is the default Max Age timer value?
How long does it take for a blocking port to transition to forwarding?
50 seconds (20 sec Max Age + 15 sec Listening + 15 sec Learning)
Which STP states learn MAC addresses?
Learning and Forwarding states only
Which STP state receives BPDUs but does NOT forward them?
Blocking state
What is the destination MAC address for PVST+ BPDUs?
What is the destination MAC address for standard STP BPDUs?
What does PortFast do?
Allows a port to move immediately to Forwarding state, bypassing Listening and Learning states
On what type of ports should PortFast be enabled?
Only on ports connected to end hosts (not switches)
What does BPDU Guard do?
Shuts down (disables) an interface if it receives a BPDU
Command to enable PortFast on an interface?
spanning-tree portfast
Command to enable PortFast on all access ports globally?
spanning-tree portfast default
Command to enable BPDU Guard on an interface?
spanning-tree bpduguard enable
Command to enable BPDU Guard globally on all PortFast ports?
spanning-tree portfast bpduguard default
How do you recover a port disabled by BPDU Guard?
shutdown then no shutdown on the interface
shutdown
no shutdown
What priority is set by the spanning-tree vlan X root primary command?
spanning-tree vlan X root primary
24576 (or 4096 less than current lowest if another switch is lower)
What priority is set by the spanning-tree vlan X root secondary command?
spanning-tree vlan X root secondary
What is the default STP port priority?
In what increments must bridge priority be configured?
In what increments must port priority be configured?
Which ports forward BPDUs in a converged STP network?
Only designated ports
What is Root Guard?
Feature that disables an interface if it receives a superior BPDU, preventing topology changes
What is Loop Guard?
Feature that disables an interface if it stops receiving BPDUs, preventing unidirectional link failures
What three spanning-tree modes are available on Cisco switches?
PVST, Rapid-PVST, and MST
What is the default spanning-tree mode on modern Cisco switches?
Rapid-PVST
Command to configure spanning-tree mode?
spanning-tree mode {pvst | rapid-pvst | mst}
What is the difference between PVST and PVST+?
PVST only supports ISL trunking; PVST+ supports 802.1Q
Why does a Forwarding port transition immediately to Blocking, but Blocking takes 50 seconds to reach Forwarding?
There's no risk of creating a loop by blocking an interface, but moving to forwarding too quickly could cause a loop
Which port types remain stable in Blocking state?
Non-designated ports
Which port types remain stable in Forwarding state?
Root ports and Designated
What happens when a port's Max Age timer reaches 0?
The switch reevaluates its STP topology (root bridge, port roles)
What is STP load balancing?
Configuring different root bridges for different VLANs so different paths are used, maximizing bandwidth utilization
If port ID is 0x8002, what is the port priority?
128 (0x80 in hexadecimal = 128 in decimal)
Does PortFast take effect on trunk ports?
No, PortFast only takes effect on access ports (non-trunking mode)
Command to set STP port cost on VLAN 10 to 25?
spanning-tree vlan 10 cost 25
Command to set STP port priority on VLAN 10 to 64?
spanning-tree vlan 10 port-priority 64
What is the valid range for STP port priority?
0 to 224 (in increments of 32)
In what state does an interface only receive BPDUs but not send them?
Zuletzt geändertvor 15 Tagen