Configuring Spanning Tree Protocol

• Finding Feature Information, page 1

• Restrictions for STP, page 1
• Information About Spanning Tree Protocol, page 2
• How to Configure Spanning-Tree Features, page 14
• Monitoring Spanning-Tree Status, page 28
• Additional References for Spanning-Tree Protocol, page 29
• Feature Information for STP, page 30

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Restrictions for STP

• An attempt to configure a device as the root device fails if the value necessary to be the root device is
less than 1.
• If your network consists of devices that support and do not support the extended system ID, it is unlikely
that the device with the extended system ID support will become the root device. The extended system
ID increases the device priority value every time the VLAN number is greater than the priority of the
connected devices running older software.
• The root device for each spanning-tree instance should be a backbone or distribution device. Do not
configure an access device as the spanning-tree primary root.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
1
 Configuring Spanning Tree Protocol
Information About Spanning Tree Protocol

• You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

Related Topics
Configuring the Root Device (CLI), on page 17
Bridge ID, Device Priority, and Extended System ID, on page 5
Spanning-Tree Topology and BPDUs, on page 3
Accelerated Aging to Retain Connectivity, on page 10

Information About Spanning Tree Protocol

Spanning Tree Protocol
Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while
preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path
can exist between any two stations. Multiple active paths among end stations cause loops in the network. If
a loop exists in the network, end stations might receive duplicate messages. Devices might also learn end-station
MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network. Spanning-tree
operation is transparent to end stations, which cannot detect whether they are connected to a single LAN
segment or a switched LAN of multiple segments.
The STP uses a spanning-tree algorithm to select one device of a redundantly connected network as the root
of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by
assigning a role to each port based on the role of the port in the active topology:
• Root—A forwarding port elected for the spanning-tree topology
• Designated—A forwarding port elected for every switched LAN segment
• Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree
• Backup—A blocked port in a loopback configuration

The device that has all of its ports as the designated role or as the backup role is the root device. The device
that has at least one of its ports in the designated role is called the designated device.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning
tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and
activates the standby path. Devices send and receive spanning-tree frames, called bridge protocol data units
(BPDUs), at regular intervals. The devices do not forward these frames but use them to construct a loop-free
path. BPDUs contain information about the sending device and its ports, including device and MAC addresses,
device priority, port priority, and path cost. Spanning tree uses this information to elect the root device and
root port for the switched network and the root port and designated port for each switched segment.
When two ports on a device are part of a loop, the spanning-tree and path cost settings control which port is
put in the forwarding state and which is put in the blocking state. The spanning-tree port priority value
represents the location of a port in the network topology and how well it is located to pass traffic. The path
cost value represents the media speed.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
2
Configuring Spanning Tree Protocol
Spanning Tree Protocol

Note By default, the device sends keepalive messages (to ensure the connection is up) only on interfaces that
do not have small form-factor pluggable (SFP) modules. You can change the default for an interface by
entering the [no] keepalive interface configuration command with no keywords.

Spanning-Tree Topology and BPDUs

The stable, active spanning-tree topology of a switched network is controlled by these elements:
• The unique bridge ID (device priority and MAC address) associated with each VLAN on each device.
In a device stack, all devices use the same bridge ID for a given spanning-tree instance.
• The spanning-tree path cost to the root device.
• The port identifier (port priority and MAC address) associated with each Layer 2 interface.

When the devices in a network are powered up, each functions as the root device. Each device sends a
configuration BPDU through all of its ports. The BPDUs communicate and compute the spanning-tree topology.
Each configuration BPDU contains this information:
• The unique bridge ID of the device that the sending device identifies as the root device
• The spanning-tree path cost to the root
• The bridge ID of the sending device
• Message age
• The identifier of the sending interface
• Values for the hello, forward delay, and max-age protocol timers

When a device receives a configuration BPDU that contains superior information (lower bridge ID, lower
path cost, and so forth), it stores the information for that port. If this BPDU is received on the root port of the
device, the device also forwards it with an updated message to all attached LANs for which it is the designated
device.
If a device receives a configuration BPDU that contains inferior information to that currently stored for that
port, it discards the BPDU. If the device is a designated device for the LAN from which the inferior BPDU
was received, it sends that LAN a BPDU containing the up-to-date information stored for that port. In this
way, inferior information is discarded, and superior information is propagated on the network.
A BPDU exchange results in these actions:
• One device in the network is elected as the root device (the logical center of the spanning-tree topology
in a switched network). See the figure following the bullets.
For each VLAN, the device with the highest device priority (the lowest numerical priority value) is
elected as the root device. If all devices are configured with the default priority (32768), the device with
the lowest MAC address in the VLAN becomes the root device. The device priority value occupies the
most significant bits of the bridge ID, as shown in the following figure.
• A root port is selected for each device (except the root device). This port provides the best path (lowest
cost) when the device forwards packets to the root device.
When selecting the root port on a device stack, spanning tree follows this sequence:

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
3
 Configuring Spanning Tree Protocol
Spanning Tree Protocol

◦Selects the lowest root bridge ID

◦Selects the lowest path cost to the root device
◦Selects the lowest designated bridge ID
◦Selects the lowest designated path cost
◦Selects the lowest port ID

• Only one outgoing port on the stack root device is selected as the root port. The remaining devices in
the stack become its designated devices (Device 2 and Device 3) as shown in the following figure.
• The shortest distance to the root device is calculated for each device based on the path cost.
• A designated device for each LAN segment is selected. The designated device incurs the lowest path
cost when forwarding packets from that LAN to the root device. The port through which the designated
device is attached to the LAN is called the designated port.

One stack member is elected as the stack root device. The stack root device contains the outgoing root port
(Device 1).
Figure 1: Spanning-Tree Port States in a Device Stack

All paths that are not needed to reach the root device from anywhere in the switched network are placed in
the spanning-tree blocking mode.

Related Topics
Configuring the Root Device (CLI), on page 17

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
4
Configuring Spanning Tree Protocol
Spanning Tree Protocol

Restrictions for STP, on page 1

Bridge ID, Device Priority, and Extended System ID

The IEEE 802.1D standard requires that each device has an unique bridge identifier (bridge ID), which controls
the selection of the root device. Because each VLAN is considered as a different logical bridge with PVST+
and Rapid PVST+, the same device must have a different bridge ID for each configured VLAN. Each VLAN
on the device has a unique 8-byte bridge ID. The 2 most-significant bytes are used for the device priority, and
the remaining 6 bytes are derived from the device MAC address.
The device supports the IEEE 802.1t spanning-tree extensions, and some of the bits previously used for the
device priority are now used as the VLAN identifier. The result is that fewer MAC addresses are reserved for
the device, and a larger range of VLAN IDs can be supported, all while maintaining the uniqueness of the
bridge ID.
The 2 bytes previously used for the device priority are reallocated into a 4-bit priority value and a 12-bit
extended system ID value equal to the VLAN ID.

Table 1: Device Priority Value and Extended System ID

Priority Value Extended System ID (Set Equal to the VLAN ID)

Bit 16 Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit Bit Bit Bit Bit Bit Bit Bit Bit
9 8 7 6 5 4 3 2 1
32768 16384 8192 4096 2048 1024 512 256 128 64 32 16 8 4 2 1

Spanning tree uses the extended system ID, the device priority, and the allocated spanning-tree MAC address
to make the bridge ID unique for each VLAN. Because the device stack appears as a single device to the rest
of the network, all devices in the stack use the same bridge ID for a given spanning tree. If the stack master
fails, the stack members recalculate their bridge IDs of all running spanning trees based on the new MAC
address of the new stack master.
Support for the extended system ID affects how you manually configure the root device, the secondary root
device, and the device priority of a VLAN. For example, when you change the device priority value, you
change the probability that the device will be elected as the root device. Configuring a higher value decreases
the probability; a lower value increases the probability.
If any root device for the specified VLAN has a device priority lower than 24576, the device sets its own
priority for the specified VLAN to 4096 less than the lowest device priority. 4096 is the value of the
least-significant bit of a 4-bit device priority value as shown in the table.

Related Topics
Configuring the Root Device (CLI), on page 17
Restrictions for STP, on page 1
Configuring the Root Device (CLI)
Root Switch
Specifying the MST Region Configuration and Enabling MSTP (CLI)

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
5
 Configuring Spanning Tree Protocol
Spanning Tree Protocol

Port Priority Versus Path Cost

If a loop occurs, spanning tree uses port priority when selecting an interface to put into the forwarding state.
You can assign higher priority values (lower numerical values) to interfaces that you want selected first and
lower priority values (higher numerical values) that you want selected last. If all interfaces have the same
priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and
blocks the other interfaces.
The spanning-tree path cost default value is derived from the media speed of an interface. If a loop occurs,
spanning tree uses cost when selecting an interface to put in the forwarding state. You can assign lower cost
values to interfaces that you want selected first and higher cost values that you want selected last. If all
interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the
forwarding state and blocks the other interfaces.
If your device is a member of a device stack, you must assign lower cost values to interfaces that you want
selected first and higher cost values that you want selected last instead of adjusting its port priority. For details,
see Related Topics.

Related Topics
Configuring Port Priority (CLI), on page 20
Configuring Path Cost (CLI), on page 21

Spanning-Tree Interface States

Propagation delays can occur when protocol information passes through a switched LAN. As a result, topology
changes can take place at different times and at different places in a switched network. When an interface
transitions directly from nonparticipation in the spanning-tree topology to the forwarding state, it can create
temporary data loops. Interfaces must wait for new topology information to propagate through the switched
LAN before starting to forward frames. They must allow the frame lifetime to expire for forwarded frames
that have used the old topology.
Each Layer 2 interface on a device using spanning tree exists in one of these states:
• Blocking—The interface does not participate in frame forwarding.
• Listening—The first transitional state after the blocking state when the spanning tree decides that the
interface should participate in frame forwarding.
• Learning—The interface prepares to participate in frame forwarding.
• Forwarding—The interface forwards frames.
• Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on the
port, or no spanning-tree instance running on the port.

An interface moves through these states:

• From initialization to blocking
• From blocking to listening or to disabled
• From listening to learning or to disabled
• From learning to forwarding or to disabled
• From forwarding to disabled

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
6
Configuring Spanning Tree Protocol
Spanning Tree Protocol

An interface moves through the states.

Figure 2: Spanning-Tree Interface States

When you power up the device, spanning tree is enabled by default, and every interface in the device, VLAN,
or network goes through the blocking state and the transitory states of listening and learning. Spanning tree
stabilizes each interface at the forwarding or blocking state.
When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this process occurs:
1 The interface is in the listening state while spanning tree waits for protocol information to move the
interface to the blocking state.
2 While spanning tree waits for the forward-delay timer to expire, it moves the interface to the learning state
and resets the forward-delay timer.
3 In the learning state, the interface continues to block frame forwarding as the device learns end-station
location information for the forwarding database.
4 When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where
both learning and frame forwarding are enabled.

Blocking State
A Layer 2 interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU
is sent to each device interface. A device initially functions as the root until it exchanges BPDUs with other
devices. This exchange establishes which device in the network is the root or root device. If there is only one
device in the network, no exchange occurs, the forward-delay timer expires, and the interface moves to the
listening state. An interface always enters the blocking state after device initialization.
An interface in the blocking state performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Does not learn addresses
• Receives BPDUs

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
7
 Configuring Spanning Tree Protocol
Spanning Tree Protocol

Listening State
The listening state is the first state a Layer 2 interface enters after the blocking state. The interface enters this
state when the spanning tree decides that the interface should participate in frame forwarding.
An interface in the listening state performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Does not learn addresses
• Receives BPDUs

Learning State
A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the
learning state from the listening state.
An interface in the learning state performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Learns addresses
• Receives BPDUs

Forwarding State
A Layer 2 interface in the forwarding state forwards frames. The interface enters the forwarding state from
the learning state.
An interface in the forwarding state performs these functions:
• Receives and forwards frames received on the interface
• Forwards frames switched from another interface
• Learns addresses
• Receives BPDUs

Disabled State
A Layer 2 interface in the disabled state does not participate in frame forwarding or in the spanning tree. An
interface in the disabled state is nonoperational.
A disabled interface performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Does not learn addresses

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
8
Configuring Spanning Tree Protocol
Spanning Tree Protocol

• Does not receive BPDUs

How a Device or Port Becomes the Root Device or Root Port

If all devices in a network are enabled with default spanning-tree settings, the device with the lowest MAC
address becomes the root device.

Device A is elected as the root device because the device priority of all the devices is set to the default (32768)
and Device A has the lowest MAC address. However, because of traffic patterns, number of forwarding
interfaces, or link types, Device A might not be the ideal root device. By increasing the priority (lowering the
numerical value) of the ideal device so that it becomes the root device, you force a spanning-tree recalculation
to form a new topology with the ideal device as the root.
Figure 3: Spanning-Tree Topology

When the spanning-tree topology is calculated based on default parameters, the path between source and
destination end stations in a switched network might not be ideal. For instance, connecting higher-speed links
to an interface that has a higher number than the root port can cause a root-port change. The goal is to make
the fastest link the root port.
For example, assume that one port on Device B is a Gigabit Ethernet link and that another port on Device B
(a 10/100 link) is the root port. Network traffic might be more efficient over the Gigabit Ethernet link. By
changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical
value) than the root port, the Gigabit Ethernet port becomes the new root port.

Related Topics
Configuring Port Priority (CLI), on page 20

Spanning Tree and Redundant Connectivity

You can create a redundant backbone with spanning tree by connecting two device interfaces to another device
or to two different devices. Spanning tree automatically disables one interface but enables it if the other one
fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
9
 Configuring Spanning Tree Protocol
Spanning Tree Protocol

are the same, the port priority and port ID are added together, and spanning tree disables the link with the
highest value.
Figure 4: Spanning Tree and Redundant Connectivity

You can also create redundant links between devices by using EtherChannel groups.

Spanning-Tree Address Management

IEEE 802.1D specifies 17 multicast addresses, ranging from 0x00180C2000000 to 0x0180C2000010, to be
used by different bridge protocols. These addresses are static addresses that cannot be removed.
Regardless of the spanning-tree state, each device in the stack receives but does not forward packets destined
for addresses between 0x0180C2000000 and 0x0180C200000F.
If spanning tree is enabled, the CPU on the device or on each device in the stack receives packets destined
for 0x0180C2000000 and 0x0180C2000010. If spanning tree is disabled, the device or each device in the
stack forwards those packets as unknown multicast addresses.

Accelerated Aging to Retain Connectivity

The default for aging dynamic addresses is 5 minutes, the default setting of the mac address-table aging-time
global configuration command. However, a spanning-tree reconfiguration can cause many station locations
to change. Because these stations could be unreachable for 5 minutes or more during a reconfiguration, the
address-aging time is accelerated so that station addresses can be dropped from the address table and then
relearned. The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id
forward-time seconds global configuration command) when the spanning tree reconfigures.
Because each VLAN is a separate spanning-tree instance, the device accelerates aging on a per-VLAN basis.
A spanning-tree reconfiguration on one VLAN can cause the dynamic addresses learned on that VLAN to be
subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to
the aging interval entered for the device.

Related Topics
Configuring the Root Device (CLI), on page 17
Restrictions for STP, on page 1

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
10
Configuring Spanning Tree Protocol
Spanning Tree Protocol

Spanning-Tree Modes and Protocols

The device supports these spanning-tree modes and protocols:
• PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions.
The PVST+ runs on each VLAN on the device up to the maximum supported, ensuring that each has a
loop-free path through the network.
The PVST+ provides Layer 2 load-balancing for the VLAN on which it runs. You can create different
logical topologies by using the VLANs on your network to ensure that all of your links are used but that
no one link is oversubscribed. Each instance of PVST+ on a VLAN has a single root device. This root
device propagates the spanning-tree information associated with that VLAN to all other devices in the
network. Because each device has the same information about the network, this process ensures that the
network topology is maintained.
• Rapid PVST+—Rapid PVST+ is the default STP mode on your device.This spanning-tree mode is the
same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. . To provide
rapid convergence, the Rapid PVST+ immediately deletes dynamically learned MAC address entries
on a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for
dynamically learned MAC address entries.
Rapid PVST+ uses the same configuration as PVST+ (except where noted), and the device needs only
minimal extra configuration. The benefit of Rapid PVST+ is that you can migrate a large PVST+ install
base to Rapid PVST+ without having to learn the complexities of the Multiple Spanning Tree Protocol
(MSTP) configuration and without having to reprovision your network. In Rapid PVST+ mode, each
VLAN runs its own spanning-tree instance up to the maximum supported.
• MSTP—This spanning-tree mode is based on the IEEE 802.1s standard. You can map multiple VLANs
to the same spanning-tree instance, which reduces the number of spanning-tree instances required to
support a large number of VLANs. The MSTP runs on top of the RSTP (based on IEEE 802.1w), which
provides for rapid convergence of the spanning tree by eliminating the forward delay and by quickly
transitioning root ports and designated ports to the forwarding state. In a device stack, the cross-stack
rapid transition (CSRT) feature performs the same function as RSTP. You cannot run MSTP without
RSTP or CSRT.

Related Topics
Changing the Spanning-Tree Mode (CLI), on page 14

Supported Spanning-Tree Instances

In PVST+ or Rapid PVST+ mode, the device or device stack supports up to 128 spanning-tree instances.
In MSTP mode, the device or device stack supports up to 65 MST instances. The number of VLANs that can
be mapped to a particular MST instance is unlimited.

Related Topics
Disabling Spanning Tree (CLI), on page 16
Default Spanning-Tree Configuration, on page 13
Default MSTP Configuration

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
11
 Configuring Spanning Tree Protocol
Spanning Tree Protocol

Spanning-Tree Interoperability and Backward Compatibility

In a mixed MSTP and PVST+ network, the common spanning-tree (CST) root must be inside the MST
backbone, and a PVST+ device cannot connect to multiple MST regions.
When a network contains devices running Rapid PVST+ and devices running PVST+, we recommend that
the Rapid PVST+ devices and PVST+ devices be configured for different spanning-tree instances. In the
Rapid PVST+ spanning-tree instances, the root device must be a Rapid PVST+ device. In the PVST+ instances,
the root device must be a PVST+ device. The PVST+ devices should be at the edge of the network.
All stack members run the same version of spanning tree (all PVST+, all Rapid PVST+, or all MSTP).

Table 2: PVST+, MSTP, and Rapid-PVST+ Interoperability and Compatibility

PVST+ MSTP Rapid PVST+

PVST+ Yes Yes (with restrictions) Yes (reverts to PVST+)

MSTP Yes (with restrictions) Yes Yes (reverts to PVST+)

Rapid PVST+ Yes (reverts to PVST+) Yes (reverts to PVST+) Yes

Related Topics
Specifying the MST Region Configuration and Enabling MSTP (CLI)
MSTP Configuration Guidelines
Multiple Spanning-Tree Regions

STP and IEEE 802.1Q Trunks

The IEEE 802.1Q standard for VLAN trunks imposes some limitations on the spanning-tree strategy for a
network. The standard requires only one spanning-tree instance for all VLANs allowed on the trunks. However,
in a network of Cisco devices connected through IEEE 802.1Q trunks, the devices maintain one spanning-tree
instance for each VLAN allowed on the trunks.
When you connect a Cisco device to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco device
uses PVST+ to provide spanning-tree interoperability. If Rapid PVST+ is enabled, the device uses it instead
of PVST+. The device combines the spanning-tree instance of the IEEE 802.1Q VLAN of the trunk with the
spanning-tree instance of the non-Cisco IEEE 802.1Q device.
However, all PVST+ or Rapid PVST+ information is maintained by Cisco devices separated by a cloud of
non-Cisco IEEE 802.1Q devices. The non-Cisco IEEE 802.1Q cloud separating the Cisco devices is treated
as a single trunk link between the devices.
Rapid PVST+ is automatically enabled on IEEE 802.1Q trunks, and no user configuration is required. The
external spanning-tree behavior on access ports and Inter-Switch Link (ISL) trunk ports is not affected by
PVST+.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
12
 Configuring Spanning Tree Protocol
Default Spanning-Tree Configuration

VLAN-Bridge Spanning Tree

Cisco VLAN-bridge spanning tree is used with the fallback bridging feature (bridge groups), which forwards
non-IP protocols such as DECnet between two or more VLAN bridge domains or routed ports. The
VLAN-bridge spanning tree allows the bridge groups to form a spanning tree on top of the individual VLAN
spanning trees to prevent loops from forming if there are multiple connections among VLANs. It also prevents
the individual spanning trees from the VLANs being bridged from collapsing into a single spanning tree.
To support VLAN-bridge spanning tree, some of the spanning-tree timers are increased. To use the fallback
bridging feature, you must have the IP services feature set enabled on your device.

Spanning Tree and Device Stacks

When the device stack is operating in PVST+ or Rapid PVST+ mode:
• A device stack appears as a single spanning-tree node to the rest of the network, and all stack members
use the same bridge ID for a given spanning tree. The bridge ID is derived from the MAC address of
the active switch.
• When a new device joins the stack, it sets its bridge ID to the active switch bridge ID. If the newly added
device has the lowest ID and if the root path cost is the same among all stack members, the newly added
device becomes the stack root.
• When a stack member leaves the stack, spanning-tree reconvergence occurs within the stack (and possibly
outside the stack). The remaining stack member with the lowest stack port ID becomes the stack root.
• If the device stack is the spanning-tree root and the active switch fails or leaves the stack, the standby
switch becomes the new active switch, bridge IDs remain the same, and a spanning-tree reconvergence
might occur.
• If a neighboring device external to the device stack fails or is powered down, normal spanning-tree
processing occurs. Spanning-tree reconvergence might occur as a result of losing a device in the active
topology.
• If a new device external to the device stack is added to the network, normal spanning-tree processing
occurs. Spanning-tree reconvergence might occur as a result of adding a device in the network.

Default Spanning-Tree Configuration

Table 3: Default Spanning-Tree Configuration

Feature Default Setting

Enable state Enabled on VLAN 1.

Spanning-tree mode Rapid PVST+ ( PVST+ and MSTP

are disabled.)

Device priority 32768

Spanning-tree port priority (configurable on a per-interface basis) 128

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
13
 Configuring Spanning Tree Protocol
How to Configure Spanning-Tree Features

Feature Default Setting

Spanning-tree port cost (configurable on a per-interface basis) 1000 Mb/s: 4
100 Mb/s: 19
10 Mb/s: 100

Spanning-tree VLAN port priority (configurable on a per-VLAN 128

basis)

Spanning-tree VLAN port cost (configurable on a per-VLAN basis) 1000 Mb/s: 4

100 Mb/s: 19
10 Mb/s: 100

Spanning-tree timers Hello time: 2 seconds

Forward-delay time: 15 seconds
Maximum-aging time: 20 seconds
Transmit hold count: 6 BPDUs

Note Beginning in Cisco IOS Release 15.2(4)E, the default STP mode is Rapid PVST+.

Related Topics
Disabling Spanning Tree (CLI), on page 16
Supported Spanning-Tree Instances, on page 11

How to Configure Spanning-Tree Features

Changing the Spanning-Tree Mode (CLI)
The switch supports three spanning-tree modes: per-VLAN spanning tree plus (PVST+), Rapid PVST+, or
multiple spanning tree protocol (MSTP). By default, the device runs the Rapid PVST+ protocol.
If you want to enable a mode that is different from the default mode, this procedure is required.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
14
 Configuring Spanning Tree Protocol
Changing the Spanning-Tree Mode (CLI)

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree mode {pvst | mst | rapid-pvst}
4. interface interface-id
5. spanning-tree link-type point-to-point
6. end
7. clear spanning-tree detected-protocols

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree mode {pvst | mst | rapid-pvst} Configures a spanning-tree mode.

All stack members run the same version of spanning tree.
Example:
• Select pvst to enable PVST+.
Device(config)# spanning-tree mode pvst
• Select mst to enable MSTP.
• Select rapid-pvst to enable rapid PVST+.

Step 4 interface interface-id Specifies an interface to configure, and enters interface configuration
mode. Valid interfaces include physical ports, VLANs, and port
Example: channels. The VLAN ID range is 1 to 4094. The port-channel range is
1 to 48.
Device(config)# interface
GigabitEthernet1/0/1

Step 5 spanning-tree link-type point-to-point Specifies that the link type for this port is point-to-point.
If you connect this port (local port) to a remote port through a
Example: point-to-point link and the local port becomes a designated port, the
Device(config-if)# spanning-tree device negotiates with the remote port and rapidly changes the local
link-type point-to-point port to the forwarding state.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
15
 Configuring Spanning Tree Protocol
Disabling Spanning Tree (CLI)

Command or Action Purpose

Step 6 end Returns to privileged EXEC mode.

Example:
Device(config-if)# end

Step 7 clear spanning-tree detected-protocols If any port on the device is connected to a port on a legacy IEEE 802.1D
device, this command restarts the protocol migration process on the
Example: entire device.

Device# clear spanning-tree This step is optional if the designated device detects that this device is
detected-protocols running rapid PVST+.

Related Topics
Spanning-Tree Modes and Protocols, on page 11

Disabling Spanning Tree (CLI)

Spanning tree is enabled by default on VLAN 1 and on all newly created VLANs up to the spanning-tree
limit. Disable spanning tree only if you are sure there are no loops in the network topology.

Caution When spanning tree is disabled and loops are present in the topology, excessive traffic and indefinite
packet duplication can drastically reduce network performance.

This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. no spanning-tree vlan vlan-id
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password
if prompted.
Example:
Device> enable

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
16
 Configuring Spanning Tree Protocol
Configuring the Root Device (CLI)

Command or Action Purpose

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 no spanning-tree vlan vlan-id For vlan-id, the range is 1 to 4094.

Example:
Device(config)# no spanning-tree vlan 300

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config)# end

Related Topics
Supported Spanning-Tree Instances, on page 11
Default Spanning-Tree Configuration, on page 13

Configuring the Root Device (CLI)

To configure a device as the root for the specified VLAN, use the spanning-tree vlan vlan-id root global
configuration command to modify the device priority from the default value (32768) to a significantly lower
value. When you enter this command, the software checks the device priority of the root devices for each
VLAN. Because of the extended system ID support, the device sets its own priority for the specified VLAN
to 24576 if this value will cause this device to become the root for the specified VLAN.
Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of device
hops between any two end stations in the Layer 2 network). When you specify the network diameter, the
device automatically sets an optimal hello time, forward-delay time, and maximum-age time for a network
of that diameter, which can significantly reduce the convergence time. You can use the hello keyword to
override the automatically calculated hello time.
This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree vlan vlan-id root primary [diameter net-diameter
4. end

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
17
 Configuring Spanning Tree Protocol
Configuring the Root Device (CLI)

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree vlan vlan-id root primary Configures a device to become the root for the specified VLAN.
[diameter net-diameter
• For vlan-id, you can specify a single VLAN identified by VLAN
ID number, a range of VLANs separated by a hyphen, or a
Example: series of VLANs separated by a comma. The range is 1 to 4094.
Device(config)# spanning-tree vlan 20-24
root primary diameter 4 • (Optional) For diameter net-diameter, specify the maximum
number of devices between any two end stations. The range
is 2 to 7.

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config)# end

What to Do Next
After configuring the device as the root device, we recommend that you avoid manually configuring the hello
time, forward-delay time, and maximum-age time through the spanning-tree vlan vlan-id hello-time,
spanning-tree vlan vlan-id forward-time, and the spanning-tree vlan vlan-id max-age global configuration
commands.

Related Topics
Bridge ID, Device Priority, and Extended System ID, on page 5
Spanning-Tree Topology and BPDUs, on page 3
Accelerated Aging to Retain Connectivity, on page 10
Restrictions for STP, on page 1

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
18
 Configuring Spanning Tree Protocol
Configuring a Secondary Root Device (CLI)

Configuring a Secondary Root Device (CLI)

When you configure a device as the secondary root, the device priority is modified from the default value
(32768) to 28672. With this priority, the device is likely to become the root device for the specified VLAN
if the primary root device fails. This is assuming that the other network devices use the default device priority
of 32768, and therefore, are unlikely to become the root device.
You can execute this command on more than one device to configure multiple backup root devices. Use the
same network diameter and hello-time values that you used when you configured the primary root device
with the spanning-tree vlan vlan-id root primary global configuration command.
This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree vlan vlan-id root secondary [diameter net-diameter
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree vlan vlan-id root secondary Configures a device to become the secondary root for the specified
[diameter net-diameter VLAN.
• For vlan-id, you can specify a single VLAN identified by VLAN
Example: ID number, a range of VLANs separated by a hyphen, or a series
Device(config)# spanning-tree vlan of VLANs separated by a comma. The range is 1 to 4094.
20-24 root secondary diameter 4
• (Optional) For diameter net-diameter, specify the maximum
number of devices between any two end stations. The range is 2
to 7.

Use the same network diameter value that you used when configuring
the primary root device.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
19
 Configuring Spanning Tree Protocol
Configuring Port Priority (CLI)

Command or Action Purpose

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config)# end

Configuring Port Priority (CLI)

Note If your device is a member of a device stack, you must use the spanning-tree [vlan vlan-id] cost cost
interface configuration command instead of the spanning-tree [vlan vlan-id] port-priority priority
interface configuration command to select an interface to put in the forwarding state. Assign lower cost
values to interfaces that you want selected first and higher cost values that you want selected last.

This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree port-priority priority
5. spanning-tree vlan vlan-id port-priority priority
6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
20
 Configuring Spanning Tree Protocol
Configuring Path Cost (CLI)

Command or Action Purpose

Step 3 interface interface-id Specifies an interface to configure, and enters interface configuration
mode.
Example: Valid interfaces include physical ports and port-channel logical interfaces
Device(config)# interface (port-channel port-channel-number).
gigabitethernet1/0/2

Step 4 spanning-tree port-priority priority Configures the port priority for an interface.
For priority, the range is 0 to 240, in increments of 16; the default is 128.
Example: Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192,
Device(config-if)# spanning-tree 208, 224, and 240. All other values are rejected. The lower the number,
port-priority 0 the higher the priority.

Step 5 spanning-tree vlan vlan-id port-priority Configures the port priority for a VLAN.
priority
• For vlan-id, you can specify a single VLAN identified by VLAN
ID number, a range of VLANs separated by a hyphen, or a series of
Example: VLANs separated by a comma. The range is 1 to 4094.
Device(config-if)# spanning-tree vlan
20-25 port-priority 0 • For priority, the range is 0 to 240, in increments of 16; the default
is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160,
176, 192, 208, 224, and 240. All other values are rejected. The lower
the number, the higher the priority.

Step 6 end Returns to privileged EXEC mode.

Example:
Device(config-if)# end

Related Topics
Port Priority Versus Path Cost, on page 6
How a Device or Port Becomes the Root Device or Root Port, on page 9

Configuring Path Cost (CLI)

This procedure is optional.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
21
 Configuring Spanning Tree Protocol
Configuring Path Cost (CLI)

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree cost cost
5. spanning-tree vlan vlan-id cost cost
6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 interface interface-id Specifies an interface to configure, and enters interface configuration mode.
Valid interfaces include physical ports and port-channel logical interfaces
Example: (port-channel port-channel-number).

Device(config)# interface
gigabitethernet1/0/1

Step 4 spanning-tree cost cost Configures the cost for an interface.

If a loop occurs, spanning tree uses the path cost when selecting an interface
Example: to place into the forwarding state. A lower path cost represents higher-speed
Device(config-if)# spanning-tree transmission.
cost 250
For cost, the range is 1 to 200000000; the default value is derived from the
media speed of the interface.

Step 5 spanning-tree vlan vlan-id cost cost Configures the cost for a VLAN.
If a loop occurs, spanning tree uses the path cost when selecting an interface
Example: to place into the forwarding state. A lower path cost represents higher-speed
Device(config-if)# spanning-tree transmission.
vlan 10,12-15,20 cost 300
• For vlan-id, you can specify a single VLAN identified by VLAN ID
number, a range of VLANs separated by a hyphen, or a series of
VLANs separated by a comma. The range is 1 to 4094.
• For cost, the range is 1 to 200000000; the default value is derived
from the media speed of the interface.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
22
 Configuring Spanning Tree Protocol
Configuring the Device Priority of a VLAN (CLI)

Command or Action Purpose

Step 6 end Returns to privileged EXEC mode.

Example:
Device(config-if)# end

The show spanning-tree interface interface-id privileged EXEC command displays information only for
ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC
command to confirm the configuration.

Related Topics
Port Priority Versus Path Cost, on page 6

Configuring the Device Priority of a VLAN (CLI)

You can configure the device priority and make it more likely that a standalone device or a device in the stack
will be chosen as the root device.

Note Exercise care when using this command. For most situations, we recommend that you use the spanning-tree
vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration
commands to modify the device priority.

This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree vlan vlan-id priority priority
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
23
 Configuring Spanning Tree Protocol
Configuring the Hello Time (CLI)

Command or Action Purpose

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree vlan vlan-id priority Configures the device priority of a VLAN.
priority
• For vlan-id, you can specify a single VLAN identified by VLAN ID
number, a range of VLANs separated by a hyphen, or a series of
Example: VLANs separated by a comma. The range is 1 to 4094.
Device(config)# spanning-tree vlan
20 priority 8192 • For priority, the range is 0 to 61440 in increments of 4096; the default
is 32768. The lower the number, the more likely the device will be
chosen as the root device.
Valid priority values are 4096, 8192, 12288, 16384, 20480, 24576,
28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
All other values are rejected.

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config-if)# end

Configuring the Hello Time (CLI)

The hello time is the time interval between configuration messages generated and sent by the root device.
This procedure is optional.

SUMMARY STEPS

1. enable
2. spanning-tree vlan vlan-id hello-time seconds
3. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
24
 Configuring Spanning Tree Protocol
Configuring the Forwarding-Delay Time for a VLAN (CLI)

Command or Action Purpose

Example:
Device> enable

Step 2 spanning-tree vlan vlan-id hello-time Configures the hello time of a VLAN. The hello time is the time interval
seconds between configuration messages generated and sent by the root device.
These messages mean that the device is alive.
Example: • For vlan-id, you can specify a single VLAN identified by VLAN ID
Device(config)# spanning-tree vlan number, a range of VLANs separated by a hyphen, or a series of
20-24 hello-time 3 VLANs separated by a comma. The range is 1 to 4094.
• For seconds, the range is 1 to 10; the default is 2.

Step 3 end Returns to privileged EXEC mode.

Example:
Device(config-if)# end

Configuring the Forwarding-Delay Time for a VLAN (CLI)

This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree vlan vlan-id forward-time seconds
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
25
 Configuring Spanning Tree Protocol
Configuring the Maximum-Aging Time for a VLAN (CLI)

Command or Action Purpose

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree vlan vlan-id forward-time Configures the forward time of a VLAN. The forwarding delay is the
seconds number of seconds an interface waits before changing from its
spanning-tree learning and listening states to the forwarding state.
Example: • For vlan-id, you can specify a single VLAN identified by VLAN
Device(config)# spanning-tree vlan ID number, a range of VLANs separated by a hyphen, or a series
20,25 forward-time 18 of VLANs separated by a comma. The range is 1 to 4094.
• For seconds, the range is 4 to 30; the default is 15.

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config)# end

Configuring the Maximum-Aging Time for a VLAN (CLI)

This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree vlan vlan-id max-age seconds
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Device> enable

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
26
 Configuring Spanning Tree Protocol
Configuring the Transmit Hold-Count (CLI)

Command or Action Purpose

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree vlan vlan-id max-age Configures the maximum-aging time of a VLAN. The maximum-aging
seconds time is the number of seconds a device waits without receiving
spanning-tree configuration messages before attempting a reconfiguration.
Example: • For vlan-id, you can specify a single VLAN identified by VLAN
Device(config)# spanning-tree vlan 20 ID number, a range of VLANs separated by a hyphen, or a series
max-age 30 of VLANs separated by a comma. The range is 1 to 4094.
• For seconds, the range is 6 to 40; the default is 20.

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config-if)# end

Configuring the Transmit Hold-Count (CLI)

You can configure the BPDU burst size by changing the transmit hold count value.

Note Changing this parameter to a higher value can have a significant impact on CPU utilization, especially in
Rapid PVST+ mode. Lowering this value can slow down convergence in certain scenarios. We recommend
that you maintain the default setting.

This procedure is optional.

SUMMARY STEPS

1. enable
2. configure terminal
3. spanning-tree transmit hold-count value
4. end

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
27
 Configuring Spanning Tree Protocol
Monitoring Spanning-Tree Status

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Device> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Device# configure terminal

Step 3 spanning-tree transmit hold-count value Configures the number of BPDUs that can be sent before
pausing for 1 second.
Example: For value, the range is 1 to 20; the default is 6.
Device(config)# spanning-tree transmit
hold-count 6

Step 4 end Returns to privileged EXEC mode.

Example:
Device(config)# end

Monitoring Spanning-Tree Status

Table 4: Commands for Displaying Spanning-Tree Status

show spanning-tree active Displays spanning-tree information on active interfaces only.

show spanning-tree detail Displays a detailed summary of interface information.

show spanning-tree vlan vlan-id Displays spanning-tree information for the specified VLAN.

show spanning-tree interface Displays spanning-tree information for the specified interface.
interface-id

show spanning-tree interface Displays spanning-tree portfast information for the specified
interface-id portfast interface.

show spanning-tree summary [totals] Displays a summary of interface states or displays the total lines
of the STP state section.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
28
 Configuring Spanning Tree Protocol
Additional References for Spanning-Tree Protocol

To clear spanning-tree counters, use the clear spanning-tree [interface interface-id] privileged EXEC
command.

Additional References for Spanning-Tree Protocol

Related Documents

Related Topic Document Title

Spanning tree protocol commands LAN Switching Command
Reference, Cisco IOS XE Release
3SE (Catalyst 3850 Switches)

Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

Standards and RFCs

Standard/RFC Title
None —

MIBs

MIB MIBs Link

All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
29
 Configuring Spanning Tree Protocol
Feature Information for STP

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for STP

Release Modification
Cisco IOS XE 3.2SE This feature was introduced.

Software Configuration Guide, Cisco IOS XE Everest 16.4.1 (Catalyst 3850 Switches)
30