Why STP Exists — The Broadcast Storm Problem
Redundant switch links are a good idea for availability — if one link fails, traffic can still flow through the backup link. But Ethernet has a fundamental problem with redundant paths: broadcast storms. When a switch receives a broadcast frame (destined for FF:FF:FF:FF:FF:FF), it floods the frame out every port except the one it came in on. With two switches connected by two links, a broadcast frame received by Switch A gets flooded out both links to Switch B, which floods it back to Switch A on both links, which floods it back again — infinitely. Within seconds, the network is saturated with broadcast frames and all legitimate traffic stops. Ethernet frames have no TTL field (unlike IP packets), so there's no mechanism to kill a looping frame.
STP solves this by logically blocking one of the redundant links. The blocked link carries no traffic normally — but if the active link fails, STP detects the failure and unblocks the redundant link, restoring connectivity. This gives the network both redundancy (the backup path exists) and loop prevention (only one active path at a time).
STP Election Process
Step 1 — Root Bridge Election: All switches begin believing they are the Root Bridge and send BPDU (Bridge Protocol Data Unit) frames advertising their Bridge ID. Bridge ID = Priority (default 32768) + MAC address. Switches compare Bridge IDs and the switch with the lowest Bridge ID wins the Root Bridge election. If priorities are equal (which they are by default), the switch with the lowest MAC address becomes Root. Administrators can manually set the priority to 0 or 4096 to guarantee a specific switch becomes root — you always want your most central, highest-capacity switch to be Root, not whichever one happened to have the lowest MAC.
Step 2 — Root Port Selection: Every non-root switch selects one Root Port — the port with the lowest-cost path to the Root Bridge. STP path cost is based on link speed: 10 Mbps = cost 100, 100 Mbps = cost 19, 1 Gbps = cost 4, 10 Gbps = cost 2. If two paths have equal cost, the switch prefers the path through the neighbour with the lower Bridge ID. Each non-root switch has exactly one Root Port, which is always in forwarding state.
Step 3 — Designated Port Selection: For every network segment, one port is elected the Designated Port — the port on that segment with the lowest-cost path to the Root Bridge. The Designated Port forwards traffic toward the root and receives traffic from devices on that segment. On links between two switches, one switch's port is Designated (forwarding) and the other's is Blocked (non-designated).
Step 4 — Blocking Non-Designated Ports: Any port that is neither a Root Port nor a Designated Port is placed in Blocked state. It receives BPDUs (to monitor for topology changes) but does not forward data frames. This breaks the loop while preserving the physical redundant link.
STP Port States
| State | Forwards Data? | Learns MACs? | Duration |
|---|---|---|---|
| Blocking | No | No | Up to 20 sec (Max Age timer) |
| Listening | No | No | 15 sec (Forward Delay) |
| Learning | No | Yes | 15 sec (Forward Delay) |
| Forwarding | Yes | Yes | Indefinite (normal operation) |
| Disabled | No | No | Admin shutdown |
When a link failure is detected or a new link is connected, STP must reconverge — ports transition through these states before forwarding. In classic 802.1D STP, convergence takes 30–50 seconds (20 second Max Age + two 15-second Forward Delay timers). During this period, no traffic flows on the recovering path. For modern networks, this is unacceptable — which is why RSTP was developed.
RSTP — Rapid Spanning Tree Protocol (802.1w)
RSTP (IEEE 802.1w) reduces convergence time from 30–50 seconds to 1–3 seconds by replacing the timer-based state machine with an active negotiation mechanism. Instead of waiting for timers to expire, switches actively negotiate with their neighbours to confirm it's safe to begin forwarding. RSTP also pre-selects an Alternate Port (backup to the Root Port) and a Backup Port (backup to the Designated Port) — these can transition to forwarding almost immediately when the active port fails, without full reconvergence. RSTP is backward compatible with STP and is now the default on virtually all modern switches. When you configure spanning tree on a Cisco switch, you're using RSTP (or PVST+/Rapid-PVST+) — classic 802.1D STP is rarely used in new deployments.
PortFast and BPDU Guard
PortFast is a Cisco feature (also available as Edge Port in RSTP) that allows an access port connected to an end device (workstation, printer, IP phone) to skip the Listening and Learning states and go directly to Forwarding when the link comes up. This eliminates the 30-second delay that users experience when plugging in their computer. PortFast should only be enabled on ports connected to end devices — never on ports connecting to other switches, as a looping switch connection on a PortFast port would create a broadcast storm before STP could detect and block it.
BPDU Guard protects PortFast-enabled ports from rogue switch connections. If a BPDU is received on a BPDU Guard-protected port (indicating a switch has been connected), the port is immediately placed in error-disabled state (shut down). This prevents an unauthorised switch from being plugged into an access port and potentially disrupting the STP topology. PortFast + BPDU Guard is the standard configuration for all switch access ports in enterprise environments.
Per-VLAN Spanning Tree (PVST+) and Multiple Spanning Tree (MST)
Standard 802.1D STP runs one instance for the entire network — one Root Bridge is elected and all VLANs use the same topology. This creates an inefficiency: all traffic must flow through the single Root Bridge path, leaving redundant links idle. PVST+ (Per-VLAN Spanning Tree Plus) is Cisco's proprietary enhancement that runs a separate STP instance for each VLAN. This allows different VLANs to have different Root Bridges and use different links — effectively load-balancing traffic across redundant links by having VLAN 10 prefer one uplink and VLAN 20 prefer another. Rapid-PVST+ combines PVST+ with RSTP's faster convergence.
MST (Multiple Spanning Tree — IEEE 802.1s) is the standards-based alternative to PVST+. Rather than one instance per VLAN (which becomes unmanageable with hundreds of VLANs), MST maps multiple VLANs to a smaller number of STP instances. VLANs with similar topology requirements share an MST instance. MST is more scalable than PVST+ for large networks but requires careful planning. On the exam, PVST+ is Cisco-specific and per-VLAN; MST is standards-based and groups VLANs into instances.
Common STP Exam Keywords
The exam uses specific terms to signal STP scenarios. "Broadcast storm" — STP is not functioning or a loop exists; BPDUs are not being exchanged. "Intermittent connectivity" — STP reconvergence is disrupting traffic; a link is flapping, causing repeated STP state changes. "30-second delay when connecting" — STP is running on an access port without PortFast; enable PortFast on end-device ports. "Unauthorised switch connected to access port" — enable BPDU Guard to shut down the port when a BPDU is received. "Which switch is the Root Bridge?" — lowest priority wins, then lowest MAC as tiebreaker; configure the priority explicitly to control Root Bridge placement rather than relying on MAC address luck.