Catalyst 4000 Family Software Configuration Guide, 7.1
Configuring Spanning Tree
Download this chapter
Configuring Spanning TreeConfiguring Spanning Tree
give_us_feedback

Table Of Contents

Configuring Spanning Tree

How Spanning Tree Protocols Work

How a Topology Is Created

How a Switch or Port Becomes the Root Switch or Root Port

How Bridge Protocol Data Units Work

Calculating and Assigning Port Costs

Calculating the Port Cost Using the Short Method

Calculating the Port Cost Using the Long Method

Calculating the Port Cost for Aggregate Links

Spanning Tree Port States

Blocking State

Listening State

Learning State

Forwarding State

Disabled State

Understanding PVST+ and MISTP Modes

PVST+ Mode

MISTP Mode

MISTP-PVST+ Mode

Bridge Identifiers

MAC Address Allocation

MAC Address Reduction

Understanding How Multiple Spanning Trees Work

Rapid Spanning Tree Protocol

RSTP Port Roles

RSTP Port States

MST-to-SST Interoperability

Common Spanning Tree

MST Instances

MST Configuration

MST Region

Boundary Ports

IST Master

Edge Ports

Link Type

Message Age and Hop Count

MST-to-PVST+ Interoperability

Using PVST+

Default PVST+ Configuration

Configuring PVST+ Bridge ID Priority

Configuring PVST+ Port Cost

Configuring PVST+ Port Priority

Configuring PVST+ Default Port Cost Mode

Configuring PVST+ Port VLAN Cost

Configuring PVST+ Port VLAN Priority

Disabling the PVST+ Mode on a VLAN

Using MISTP-PVST+ or MISTP

Default MISTP Configuration

Enabling MISTP-PVST+ or MISTP

Configuring a MISTP Instance

Configuring MISTP Bridge ID Priority

Configuring MISTP Port Cost

Configuring MISTP Port Priority

Configuring MISTP Port Instance Cost

Configuring MISTP Port Instance Priority

Enabling a MISTP Instance

Mapping VLANs to a MISTP Instance

Determining MISTP Instance—VLAN Mapping Conflicts

Unmapping VLANs from a MISTP Instance

Disabling MISTP-PVST+ or MISTP

Configuring a Root Switch

Configuring a Primary Root Switch

Configuring a Secondary Root Switch

Configuring a Root Switch to Improve Convergence

Using Root Guard—Preventing Switches from Becoming Root

Configuring Spanning Tree Timers

Configuring Hello Time

Configuring Forward Delay Time

Configuring Maximum Aging Time

Understanding How BPDU Skewing Works

Configuring Spanning Tree BPDU Skewing

Configuring Multiple Spanning Tree

Enabling Multiple Spanning Tree

Configuring the MST Bridge ID Priority

Configuring the MST Port Cost

Configuring the MST Port Priority

Configuring the MST Port Instance Cost

Configuring the MST Port Instance Priority

Mapping and Unmapping VLANs to an MST Instance


Configuring Spanning Tree

This chapter provides a brief overview of the IEEE 802.1D bridge Spanning Tree Protocol (STP) and describes how to use and configure Cisco's proprietary Spanning Tree Protocols, Per VLAN Spanning Tree + (PVST+), and Multi-Instance Spanning Tree Protocol (MISTP) on the Catalyst enterprise LAN switches.

Note For information on configuring the spanning tree PortFast, UplinkFast, and BackboneFast features, see "Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard."

This chapter consists of these sections:

How Spanning Tree Protocols Work

Understanding PVST+ and MISTP Modes

Bridge Identifiers

Understanding How Multiple Spanning Trees Work

Using PVST+

Using MISTP-PVST+ or MISTP

Configuring a Root Switch

Configuring Spanning Tree Timers

Understanding How BPDU Skewing Works

Configuring Spanning Tree BPDU Skewing

Configuring Multiple Spanning Tree

Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.

How Spanning Tree Protocols Work

This section describes the specific functions that are common to all spanning tree protocols. Cisco's proprietary spanning tree protocols, PVST+ and MISTP, are based on the IEEE 802.1D STP. (See the "Understanding PVST+ and MISTP Modes" section for information about PVST+ and MISTP.) The 802.1D STP is a Layer 2 management protocol that provides path redundancy in a network while preventing undesirable loops. All spanning tree protocols use an algorithm that calculates the best loop-free path through the network.

STP uses a distributed algorithm that selects one bridge of a redundantly connected network as the root of a spanning tree connected active topology. STP assigns roles to each port depending on what the port's function is in the active topology. Port roles are as follows:

Root—A forwarding port elected for the spanning tree topology

Designated—A forwarding port elected for every switched LAN segment

Alternate—A blocked port providing an alternate path to the root port in the spanning tree

Backup—A blocked port in a loopback configuration

Switches that have ports with these assigned roles are called root or designated switches. See the next section, How a Topology Is Created.

In Ethernet networks, only one active path may exist between any two stations. Multiple active paths between stations can cause loops in the network. When loops occur, some switches recognize stations on both sides of the switch. This situation causes the forwarding algorithm to malfunction allowing duplicate frames to be forwarded.

Spanning tree algorithms provide path redundancy by defining a tree that spans all of the switches in an extended network and then forces certain redundant data paths into a standby (blocked) state. At regular intervals the switches in the network send and receive spanning tree packets which they use to identify the active path. If one network segment becomes unreachable, or if spanning tree costs change, the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link by activating a standby path.

Spanning tree operation is transparent to end stations, which do not detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

How a Topology Is Created

All switches in an extended LAN participating in a spanning tree gather information about other switches in the network through an exchange of data messages known as bridge protocol data units (BPDUs). This exchange of messages results in the following actions:

A unique root switch is elected for the spanning tree network topology.

A designated switch is elected for every switched LAN segment.

Any loops in the switched network are eliminated by placing redundant switch ports in a backup state; all paths that are not needed to reach the root switch from anywhere in the switched network are placed in STP-blocked mode.

The topology of an active switched network is determined by the following:

The unique switch identifier (MAC address of the switch) associated with each switch

The path cost to the root associated with each switch port

The port identifier (MAC address of the port) associated with each switch port

In a switched network, the root switch is the logical center of the spanning tree topology. A spanning tree protocol uses BPDUs to elect the root switch and root port for the switched network, as well as the root port and designated port for each switched segment.

How a Switch or Port Becomes the Root Switch or Root Port

If all switches in a network are enabled with default settings, the switch with the lowest MAC address becomes the root switch. In the network shown in Figure 7-1, Switch A, with the lowest MAC address, is the root switch. However, due to traffic patterns, number of forwarding ports, or line types, Switch A might not be the ideal root switch. A switch can be forced to become the root switch by increasing the priority (that is, lowering the priority number) on the preferred switch. This causes the spanning tree to recalculate the topology and make the selected switch the root switch.

Figure 7-1 Configuring a Loop-Free Topology

You can also change the priority of a port in order to make it the root port. When the spanning tree topology is based on default parameters, the path between source and destination stations in a switched network might not be ideal. The goal is to make the fastest link the root port, connecting higher-speed links to a port that has a higher number than the current root port can cause a root-port change.

For example, assume that a port on Switch B is a fiber-optic link. Also, another port on Switch B (an unshielded twisted-pair [UTP] link) is the root port. Network traffic might be more efficient over the high-speed fiber-optic link. By changing the Port Priority parameter for the UTP port to a higher priority (lower numerical value) than the fiber-optic port, the UTP port becomes the root port. You could also accomplish this scenario by changing the Port Cost parameter for the UTP port to a lower value than that of the fiber-optic port.

How Bridge Protocol Data Units Work

BPDUs contain configuration information about the transmitting switch and its ports, including switch and port MAC addresses, switch priority, port priority, and port cost. Each configuration BPDU contains this information:

The unique identifier of the switch that the transmitting switch believes to be the root switch

The cost of the path to the root from the transmitting port

The identifier of the transmitting port

The switch sends configuration BPDUs to communicate with and compute the spanning tree topology. A MAC frame conveying a BPDU sends the switch group address to the destination address field. All switches connected to the LAN on which the frame is transmitted receive the BPDU. BPDUs are not directly forwarded by the switch, but the receiving switch uses the information in the frame to calculate a BPDU and, if the topology changes, initiates a BPDU transmission.

A BPDU exchange results in the following:

One switch is elected as the root switch.

The shortest distance to the root switch is calculated for each switch.

A designated switch is selected: the switch that is closest to the root switch through which frames will be forwarded to the root.

A port for each switch is selected. This is the port that provides the best path from the switch to the root switch.

Ports included in the STP are selected.

Calculating and Assigning Port Costs

By calculating and assigning the port cost of the switch ports, you can ensure that the shortest (lowest cost) distance to the root switch is used to transmit data. You can calculate and assign lower path cost values (port costs) to higher bandwidth ports by using either the short method (which is the default) or the long method. The short method uses a 16-bit format that yields values from 1 to 65535. The long method uses a 32-bit format that yields values in the range of 1 to 200,000,000. For more information on setting the default cost mode, see the "Configuring PVST+ Default Port Cost Mode" section.

Note You should configure all switches in your network to use the same method for calculating port cost. The short method is used to calculate the port cost unless you specify that the long method be used. You can specify the calculation method using the CLI.

Calculating the Port Cost Using the Short Method

The IEEE 802.1D specification assigns 16-bit (short) default port cost values to each port that is based on bandwidth. You can also manually assign port costs between 1-65535. The 16-bit values are only used for ports that have not been specifically configured for port cost. Table 7-1 shows the default port cost values that are assigned by the switch for each type of port when you use the short method to calculate the port cost.

Table 7-1 Default Port Cost Values Using the Short Method

Port Speed
Default Cost Value
Default Range

10 Mbps

100

1 to 65535

100 Mbps

19

1 to 65535

1 Gbps

4

1 to 65535


Calculating the Port Cost Using the Long Method

802.1t assigns 32-bit (long) default port cost values to each port using a formula that is based on the bandwidth of the port. You can also manually assign port costs between 1-200,000,000. The formula for obtaining default 32-bit port costs is to divide the bandwidth of the port by 200,000,000. Table 7-2 shows the default port cost values that are assigned by the switch and the recommended cost values and ranges for each type of port when you use the long method to calculate port cost.

Table 7-2 Default Port Cost Values Using the Long Method

Port Speed
Recommended Value
Recommended Range
Available Range

£ 100 kbps

200000000

20000000 to 200000000

1 to 200000000

1 Mbps

20000000

2000000 to 200000000

1 to 200000000

10 Mbps

2000000

200000 to 20000000

1 to 200000000

100 Mbps

200000

20000 to 2000000

1 to 200000000

1 Gbps

20000

2000 to 200000

1 to 200000000

10 Gbps

2000

200 to 20000

1 to 200000000


Calculating the Port Cost for Aggregate Links

As individual links are added or removed from an aggregate link (port bundle), the bandwidth of the aggregate link increases or decreases. These changes in bandwidth lead to recalculation of the default port cost for the aggregated port. Changes to the default port cost or changes resulting from links that autonegotiate their bandwidth could lead to recalculation of the spanning tree topology which may not be desirable, especially if the added or removed link is of little consequence to the bandwidth of the aggregate link (for example, if a 10-Mbps link is removed from a 10-Gbps aggregate link). Because of the limitations that are presented by automatically recalculating the topology, 802.1t states that changes in bandwidth will not result in changes to the cost of the port. Therefore, the aggregated port will use the same port cost parameters as a standalone port.

Spanning Tree Port States

Topology changes can take place in a switched network due to a link coming up or going down (failing). When a switch port transitions directly from nonparticipation in the topology to the forwarding state, it can create temporary data loops. Ports must wait for new topology information to propagate through the switches in the LAN before they can start forwarding frames. They must also allow the frame lifetime to expire for frames that have been forwarded using the old topology.

Note With IOS Release 12.1.(1)E or later, the Address Resolution Protocol (ARP) on STP Topology Change Notification feature ensures that excessive flooding does not occur when the MSFC receives a topology change notification (TCN) from the supervisor engine. The feature causes the MSFC to send ARP requests for all the ARP entries belonging to the VLAN interface where the TCN is received. When the ARP replies come back, the PFC learns the MAC entries which were lost as a result of the topology change. Learning the entries immediately following a topology change prevents excessive flooding later. There is no configuration required on the MSFC. This feature works with supervisor engine software release 5.4(2) or later.

At any given time each port on a switch using STP is in one of these states:

Blocking

Listening

Learning

Forwarding

Disabled

A port moves through these states:

From initialization to blocking

From blocking to either listening or disabled

From listening to either listening or disabled

From learning to either forwarding or disabled

From forwarding to disabled

Figure 7-2 illustrates how a port moves through the states.

Figure 7-2 STP Port States

You can modify each port state by using management software, such as VLAN Trunk Protocol (VTP). When you enable spanning tree, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each port stabilizes into the forwarding or blocking state.

When the spanning tree algorithm places a port in the forwarding state, the following occurs:

The port is put into the listening state while it waits for protocol information that suggests it should go to the blocking state.

The port waits for the expiration of a protocol timer that moves the port to the learning state.

In the learning state, the port continues to block frame forwarding as it learns station location information for the forwarding database.

The expiration of a protocol timer moves the port to the forwarding state, where both learning and forwarding are enabled.

Blocking State

A port in the blocking state, such as port 2 in Figure 7-3, does not participate in frame forwarding. After initialization a BPDU is sent to each port in the switch. A switch initially assumes it is the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is really the root. If only one switch resides in the network, no exchange occurs, the forward delay timer expires, and the ports move to the listening state. A switch always enters the blocking state following switch initialization.

Figure 7-3 Port 2 in Blocking State

A port in the blocking state performs as follows:

Discards frames received from the attached segment.

Discards frames switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning on a blocking port, so there is no address database update.)

Receives BPDUs and directs them to the system module.

Does not transmit BPDUs received from the system module.

Receives and responds to network management messages.

Listening State

The listening state is the first transitional state a port enters after the blocking state. The port enters this state when the spanning tree determines that the port should participate in frame forwarding. Learning is disabled in the listening state. Figure 7-4 shows a port in the listening state.

Figure 7-4 Port 2 in Listening State

A port in the listening state performs as follows:

Discards frames received from the attached segment.

Discards frames switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning at this point, so there is no address database update.)

Receives BPDUs and directs them to the system module.

Processes BPDUs received from the system module.

Receives and responds to network management messages.

Learning State

A port in the learning state prepares to participate in frame forwarding. The port enters the learning state from the listening state. Figure 7-5 shows a port in the learning state.

Figure 7-5 Port 2 in Learning State

A port in the learning state performs as follows:

Discards frames received from the attached segment.

Discards frames switched from another port for forwarding.

Incorporates station location into its address database.

Receives BPDUs and directs them to the system module.

Receives, processes, and transmits BPDUs received from the system module.

Receives and responds to network management messages.

Forwarding State

A port in the forwarding state forwards frames, as shown in Figure 7-6. The port enters the forwarding state from the learning state.

Figure 7-6 Port 2 in Forwarding State

A port in the forwarding state performs as follows:

Forwards frames received from the attached segment.

Forwards frames switched from another port for forwarding.

Incorporates station location information into its address database.

Receives BPDUs and directs them to the system module.

Processes BPDUs received from the system module.

Receives and responds to network management messages.

Caution Use spanning tree PortFast mode only on ports directly connected to individual workstations to allow these ports to come up and go directly to the forwarding state, instead of having to go through the entire spanning tree initialization process. To prevent illegal topologies, enable spanning tree on ports connected to switches or other devices that forward messages. For more information on PortFast, see "Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard."

Disabled State

A port in the disabled state does not participate in frame forwarding or STP, as shown in Figure 7-7. A port in the disabled state is virtually nonoperational.

Figure 7-7 Port 2 in Disabled State

A disabled port performs as follows:

Discards frames received from the attached segment.

Discards frames switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning, so there is no address database update.)

Receives BPDUs but does not direct them to the system module.

Does not receive BPDUs for transmission from the system module.

Receives and responds to network management messages.

Understanding PVST+ and MISTP Modes

Catalyst 4000 family switches provide two proprietary spanning tree modes based on the IEEE 802.1D standard and one mode that is a combination of the two modes:

Per VLAN Spanning Tree (PVST+)

Multi-Instance Spanning Tree Protocol (MISTP)

MISTP-PVST+ (combination mode)

An overview of each mode is provided in this section. Each mode is described in detail in these sections:

Using PVST+

Using MISTP-PVST+ or MISTP

Caution If your network currently uses PVST+ and you plan to use MISTP on any switch, you must first enable MISTP-PVST+ on the switch and configure a MISTP instance to avoid causing loops in the network.

PVST+ Mode

PVST+ is the default Spanning Tree Protocol used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 4000 family switches. PVST+ runs on each VLAN on the switch, ensuring that each has a loop-free path through the network.

PVST+ provides Layer 2 load balancing for the VLAN on which it runs; you can create different logical topologies using the VLANs on your network to ensure that all of your links will be used but no one link will be oversubscribed.

Each instance of PVST+ on a VLAN has a single root switch. This root switch propagates the spanning tree information associated with that VLAN to all other switches in the network. Because each switch has the same knowledge about the network, this process ensures that the network topology is maintained.

MISTP Mode

MISTP is an optional spanning tree protocol that runs on Catalyst 4000 family switches. MISTP allows you to group multiple VLANs under a single instance of spanning tree (a MISTP instance). MISTP combines the Layer 2 load-balancing benefits of PVST+ with the lower CPU load of IEEE 802.1Q.

A MISTP instance is a virtual logical topology defined by a set of bridge and port parameters; a MISTP instance becomes a real topology when VLANs are mapped to it. Each MISTP instance has its own root switch and a different set of forwarding links (that is different bridge and port parameters).

Each instance of MISTP has a single root switch. This root switch propagates the information associated with that instance of MISTP to all other switches in the network. This process ensures that the network topology is maintained because each switch has the same knowledge about the network.

MISTP builds MISTP instances by exchanging MISTP BPDUs with peer entities in the network. There is only one BPDU for each MISTP instance, rather than for each VLAN as in PVST+. There are fewer BPDUs in a MISTP network; therefore, there is less overhead in the network. MISTP discards any PVST+ BPDUs that it sees.

A MISTP instance can have any number of VLANs mapped to it, but a VLAN can only be mapped to a single MISTP instance. You can easily move a VLAN (or VLANs) in a MISTP topology to another MISTP instance if it has converged. (However, if ports are added at the same time the VLAN is moved, convergence time is required.)

MISTP-PVST+ Mode

MISTP-PVST+ is a transition spanning tree mode that allows you to use the MISTP functionality on Catalyst 4000 family switches while continuing to communicate with the older Catalyst 5000 and 6000 switches in your network that use PVST+. A switch using PVST+ mode and a switch using MISTP mode connected together cannot see the BPDUs of the other switch, a condition that can cause loops in the network. MISTP-PVST+ allows interoperability between PVST+ and pure MISTP, because it detects the BPDUs of both modes. If you wish to convert your network to MISTP, you can use MISTP-PVST+ to transition the network from PVST+ to MISTP in order to avoid problems.

MISTP-PVST+ conforms to the limits of PVST+; for example, you can only configure the amount of VLAN ports on your MISTP-PVST+ switches that you configure on your PVST+ switches.

Bridge Identifiers

The follwoing section explains how MAC addresses are used in PVST+ and MISTP as unique bridge identifiers:

MAC Address Allocation

MAC Address Reduction

MAC Address Allocation

Catalyst 4000 family switches have a pool of 1024 MAC addresses that can be used as bridge identifiers for VLANs running under PVST+ or for MISTP instances. You can use the show module command to view the MAC address range.

MAC addresses are allocated sequentially, with the first MAC address in the range assigned to VLAN 1, the second in the range assigned to VLAN 2, and so forth. The last MAC address in the range is assigned to the supervisor engine in-band (sc0) management interface.

For example, if the MAC address range for the supervisor engine is 00-e0-1e-9b-2e-00 to 00-e0-1e-9b-31-ff, the VLAN 1 bridge ID is 00-e0-1e-9b-2e-00, the VLAN 2 bridge ID is 00-e0-1e-9b-2e-01, the VLAN 3 bridge ID is 00-e0-1e-9b-2e-02, and so forth. The in-band (sc0) interface MAC address is 00-e0-1e-9b-31-ff.

MAC Address Reduction

The MAC address reduction feature is used on Catalyst 6000 family switches to enable extended-range VLAN identification. If you have a Catalyst 6000 switch in your network and you have MAC address reduction enabled on it, you should also enable MAC address reduction on all your Catalyst 4000 family switches to avoid problems in the spanning tree topology. When MAC address reduction is enabled on Catalyst 4000 family switches, it disables the pool of MAC addresses used for the VLAN spanning tree, leaving a single MAC address that identifies the switch. For detailed information on the MAC address reduction feature, refer to the Catalyst 6000 Software Configuration Guide.

Understanding How Multiple Spanning Trees Work

The Multiple Spanning Tree (MST) feature is an upcoming (as of this software release) IEEE standard. 802.1s for MST is an amendment to 802.1Q. MST extends the 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees. This extension provides for both rapid convergence and load balancing in a VLAN environment. The MST protocol is currently being further developed and the MST feature for this release is based on a draft version of the IEEE standard. The protocol as implemented in this release is backward compatible with 802.1D STP, 802.1w the Rapid Spanning Tree Protocol (RSTP), and the Cisco PVST+ architecture.

MST allows you to build multiple spanning trees over VLAN trunks. You can group and associate VLANs to spanning tree instances. Each instance can have a topology independent of other spanning tree instances. This new architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

In large networks, having different VLAN-spanning tree instance assignments located in different parts of the network makes it easier to administrate and optimally utilize redundant paths. However, a spanning tree instance can exist only on bridges that have compatible VLAN-instance assignments. Therefore, MST requires that you configure a set of bridges with the same MST configuration information, allowing them to participate in a given set of spanning tree instances. Interconnected bridges that have the same MST configuration are referred to as an MST region.

MST uses the modified RSTP version called the Multiple Spanning Tree Protocol (MSTP). The MST feature has these characteristics:

MST runs a variant of spanning tree called Internal Spanning Tree (IST). IST augments the Common Spanning Tree (CST) information with internal information about the MST region. The MST region appears as a single bridge to adjacent Single Spanning Tree (SST) and MST regions.

A bridge running MST provides interoperability with single spanning tree bridges as follows:

MST bridges run a variant of STP (IST) that augments the Common Spanning Tree (CST) information with internal information about the MST region.

IST connects all the MST bridges in the region and appears as a subtree in the CST that encompasses the whole bridged domain. The MST region appears as a virtual bridge to adjacent (SST bridges and MST regions.

The collection of ISTs in each MST region, the CST that interconnects the MST regions, and the SST bridges define Common and Internal Spanning Tree (CIST). CIST is the same as an IST inside an MST region and the same as CST outside an MST region. The STP, RSTP, and MSTP together elect a single bridge as the root of CIST.

MST establishes and maintains additional spanning trees within each MST region. These spanning trees are referred to as MST instances (MSTIs). The IST is numbered 0, and the MSTIs are numbered 1,2,3,... and so on. Any given MSTI is local to the MST region that is independent of MSTIs in another region, even if the MST regions are interconnected. MST instances combine with the IST at the boundary of MST regions to become the CST as follows:

Spanning tree information for an MSTI is contained in an MSTP record (M-record).

M-records are always encapsulated within MST BPDUs (MST BPDUs). The original spanning trees computed by MSTP are called M-trees. M-trees are active only within the MST region. M-trees merge with the IST at the boundary of the MST region and form the CST.

MST provides interoperability with PVST+ by generating PVST+ BPDUs for the non-CST VLANs.

MST supports some of the PVST+ extensions in MSTP as follows:

UplinkFast and BackboneFast are not available in MST mode; they are part of RSTP.

PortFast is supported.

BPDU filter and BPDU guard are supported in MST mode.

Loop guard and root guard are supported in MST. MST preserves the VLAN 1 disabled functionality except that BPDUs are still transmitted in VLAN 1.

MST switches behave as if MAC reduction is enabled.

For (private VLANs) PVLAN, secondary VLANs are mapped to the same instance as the primary.

For MST to operate correctly, the following apply:

Spanning tree should not be disabled on any VLAN in any of the PVST bridges for them to work with MST bridges.

All PVST spanning tree root bridges should have lower (numerically higher) priority than the CST root bridge.

PVST bridges used as the root of CST is not recommended.

Trunks should carry all of the VLANs mapped to an instance or none at all.

Connecting switches with access links not recommended may partition a VLAN in some cases.

These sections describe the MST feature:

Rapid Spanning Tree Protocol

MST-to-SST Interoperability

Common Spanning Tree

Common Spanning Tree

MST Region

Message Age and Hop Count

MST-to-PVST+ Interoperability

Rapid Spanning Tree Protocol

RSTP significantly reduces the time it takes to reconfigure the active topology of the network when changes to the physical topology or its configurations parameters occur. RSTP selects one switch as the root of a spanning-tree-connected active topology and assigns port roles to individual ports of the switch, depending on whether that port is part of the active topology.

RSTP provides rapid connectivity following the failure of a switch, switch port, or a LAN. A new root port and the designated port on the other side of the bridge transition to forwarding through an explicit handshake between them. RSTP allows switch port configuration so the ports can transition to forwarding directly when the switch reinitializes.

RSTP, specified in 802.1w, supersedes STP specified in 802.1D, while retaining compatibility with STP. RSTP provides the structure on which the MST operates. You configure RSTP when you configure the MST feature. For more information, see the "Configuring Multiple Spanning Tree" section.

RSTP provides backward compatibility with 802.1D bridges, as follows:

RSTP selectively sends 802.1D-configured BPDUs and Topology Change Notification (TCN) BPDUs on a per-port basis.

When a port initializes, the Migration Delay timer starts and RSTP BPDUs are transmitted. While the Migration Delay timer is active, the bridge processes all BPDUs received on that port. RSTP BPDUs are not visible on the port. Only version 3 BPDUs are visible on the port.

If the bridge receives an 802.1D BPDU after a port's Migration Delay timer expires, the bridge assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.

When RSTP uses 802.1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires, RSTP restarts the Migration Delay timer and begins using RSTP BPDUs on that port.

RSTP Port Roles

RSTP uses the following definitions for port roles:

Root—A forwarding port elected for the spanning tree topology.

Designated—A forwarding port elected for every switched LAN segment.

Alternate—An alternate path to the root bridge to that provided by the current root port.

Backup—A backup for the path provided by a designated port toward the leaves of the spanning tree. Backup ports can exist only where two ports are connected together in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment.

Disabled—A port that has no role within the operation of spanning tree.

Port roles are assigned as follows:

A root port or designated port role includes the port in the active topology.

An alternate port or backup port role excludes the port from the active topology.

RSTP Port States

The port state controls the forwarding and learning processes and provides the values of discarding, learning, and forwarding. Table 7-3 provides a comparison between STP port states and RSTP port states.

Table 7-3 Comparison Between STP and RSTP Port States

Operational Status
STP Port State
RSTP Port State
Port Included in Active Topology

Enabled

Blocking1

Discarding2

No

Enabled

Listening

Discarding

No

Enabled

Learning

Learning

Yes

Enabled

Forwarding

Forwarding

Yes

Disabled

Disabled

Discarding

No

1 IEEE 802.1D port state designation.

2 IEEE 802.1w port state designation.Discarding is analogous with, and the same as blocking in MST in this document.


In a stable topology, RSTP ensures that every root port and designated port transition to forwarding while all alternate ports and backup ports are always in the discarding state.

MST-to-SST Interoperability

A virtual bridged LAN may contain interconnected regions of SST and MST bridges. Figure 7-8 shows this relationship.

Figure 7-8 Network with Interconnected SST and MST Regions

To the spanning tree protocol running in the SST region, an MST region appears as a single SST or pseudobridge. Pseudobridges operate as follows:

The same values for root identifiers and root path costs are sent in all BPDUs of all the pseudobridge ports. Pseudobridges differ from a single SST bridge as follows:

The pseudobridge BPDUs have different bridge identifiers. This difference does not affect STP operation in the neighboring SST regions because the root identifier and root cost are the same.

BPDUs sent from the pseudobridge ports may have significantly different message ages. Because the message age increases by 1 second for each hop, the difference in the message age is in the order of seconds.

Data traffic from one port of a pseudobridge (a port at the edge of a region) to another port follows a path entirely contained within the pseudobridge or MST region.

Data traffic belonging to different VLANs may follow different paths within the MST regions established by MST.

Loop prevention is achieved by either of the following:

Blocking the appropriate pseudobridge ports by allowing one forwarding port on the boundary and blocking all other ports.

Setting the CST partitions to block the ports of the SST regions.

A pseudo bridge differs from a single SST bridge because the BPDUs sent from the pseudobridge's ports have different bridge identifiers. The root identifier and root cost are the same for both bridges.

Common Spanning Tree

802.1Q specifies a single spanning tree for all the VLANs called CST. In a Catalyst 4000 family switch running PVST+ the VLAN 1 spanning tree corresponds to CST, in a Catalyst 4000 family switch running MST, IST (instance 0) corresponds to CST.

MST Instances

This release supports up to 16 instances; each spanning tree instance is identified by an instance ID that ranges from 0 to 15. Instance 0 is mandatory and is always present. Instances 1 through 15 are optional.

MST Configuration

MST configuration has three parts as follows:

Name—A 32-character string (null padded and null terminated) identifying the MST region.

Revision number—An unsigned 16-bit number that increments each time a change is made to the configuration.

Note You must set and update the revision number manually as it does not auto increment each time you commit the MST configuration.

MST configuration table—An array of 4096 bytes. Each byte, interpreted as an unsigned integer, corresponds to a VLAN. The value is the instance number to which the VLAN is mapped. The first byte that corresponds to VLAN 0 and the 4096th byte that corresponds to VLAN 4095 are unused and always set to zero.

You must configure each byte manually. You can use SNMP or the CLI to perform the configuration.

MST BPDUs contain the MST configuration ID and the checksum. An MST bridge accepts an MST BPDU only if the MST BPDU configuration ID and the checksum match its own MST region configuration ID and checksum. If one value is different, the MST BPDU is treated as an SST BPDU.

When you modify an MST configuration through either a console or Telnet connection, the session exits without committing those changes and the edit buffer locks. Further configuration is impossible until you discard the existing edit buffer and acquire a new edit buffer by entering the set spantree mst config rollback force command.

MST Region

Interconnected bridges that have the same MST configuration are referred to as an MST region. There is no limit on the number of MST regions in the network.

To form an MST region, bridges can be either of the following:

An MST bridge that is the only member of the MST region.

An MST bridge interconnected by a LAN. A LAN's designated bridge has the same MST configuration as an MST bridge. All the bridges on the LAN can process MST BPDUs.

If you connect two MST regions with different MST configurations, the MST regions do the following:

Load balance across redundant paths in the network. If two MST regions are redundantly connected, all traffic flows on a single connection with the MST regions in a network.

Provide an RSTP handshake to enable rapid connectivity between regions. However, the handshaking is not as fast as between two bridges. To prevent loops, all the bridges inside the region must agree upon the connections to other regions. This situation introduces a certain delay. We do not recommend partitioning the network into a large number of regions.

Boundary Ports

A port that connects an MST region to an SST region running RSTP (802.1w), an SST region running STP (802.1D), or another MST region is a boundary port. A boundary port is a port that connects to a LAN, the designated bridge of which, is either an SST bridge or a bridge with a different MST configuration. A designated port knows that it is on the boundary if it detects an STP bridge, or receives an agreement message from an RST or MST bridge with a different configuration.

At the boundary, the role of MST ports do not matter; their state is forced to be the same as the IST port state. If the boundary flag is set for the port, the MSTP Port Role selection mechanism assigns a port role to the boundary and the same state as that of the IST port. The IST port at the boundary can take up any port role except a backup port role.

IST Master

The IST master of an MST region is the bridge with the lowest bridge identifier and the least path cost to the CST root. If an MST bridge is the root bridge for CST, then it is the IST master of that MST region. If the CST root is out side the MST region, then one of the MST bridges at the boundary is selected as the IST master. Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root.

If two or more bridges at the boundary of the region have an identical path to the root, you can set a slightly lower bridge priority to make a specific bridge IST master.

The root path cost and message age inside a region stays constant, but the IST path cost is incremented and the IST remaining hops is decremented at each hop. Enter the show spantree mst command to display the information about the IST master, path cos, and remaining hops for the bridge.

Edge Ports

A port that is connected to a nonbridging device (for example a host or a router) is an edge port. A port that connects to a hub is also an edge port, provided that the hub or any LAN that is connected by it does not have a bridge. These ports start forwarding as soon as the link is up.

MST requires that all ports are configured for each host or router. To establish rapid connectivity after a failure you need to block nonedge designated ports of an intermediate bridge. If the port connects to another bridge that can send back an agreement, then the port starts forwarding immediately. Otherwise, twice the forward delay time is needed for that port to start forwarding again. Explicitly configuring the ports that are connected to the hosts and routers as edge ports is essential while using MST.

Note To configure a port as an edge port you enable PortFast on that port. See "Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard". When you run the show spantree portfast mod/port command, if the designation for a port is displayed as edge, that port is also a portfast port.

To prevent a misconfiguration PortFast is turned off operationally if the port receives a BPDU. You can display the configured and operational status of Portfast by using the show spantree mst mod/port command.

Link Type

Rapid connectivity is established only on point-to-point links. For correct operation of the protocol, ports must be explicitly configured to a host or router. However, cabling in most networks meets this requirement, and explicit configuration is avoided by treating all full-duplex links as point-to-point links. Enter the set spantree mst link-type command to configure point-to-point links.

Message Age and Hop Count

IST and MST instances do not use the Message Age and Maximum Age timer settings in the BPDU. IST and MST use a separate hop count mechanism that is very similar to the IP TTL mechanism. You can configure each MST bridge with a maximum hop count. The root bridge of the instance sends a BPDU (or M-record) with the remaining hop count that is equal to the maximum hop count. When a bridge receives a BPDU (or M-record), it decrements the received remaining hop count by one. The bridge discards the BPDU (M-record) and ages out the information held for the port if the count reaches zero after decrementing. The nonroot bridges propagate the decremented count as the remaining hop count in the BPDUs (M-records) they generate.

The Message Age and Maximum Age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region's designated ports at the boundary.

MST-to-PVST+ Interoperability

These guidelines apply in a topology where you configure MST switches (all in the same region) to interact with PVST+ switches that have VLANs 1—100 set up to span throughout the network:

Configure the root for all VLANs inside the MST region. The ports that belong to the MST switch at the boundary simulate PVST+ and send PVST+ BPDUs for all the VLANs. This example shows the ports simulating PVST: 

Console> (enable) show spantree mst 3

Spanning tree mode          MST

Instance                    3

VLANs Mapped:              31-40


Designated Root             00-10-7b-bb-2f-00

Designated Root Priority    8195  (root priority:8192, sys ID ext:3)

Designated Root Cost        0          Remaining Hops 20

Designated Root Port        1/0


Bridge ID MAC ADDR          00-10-7b-bb-2f-00

Bridge ID Priority          8195  (bridge priority:8192, sys ID ext:3)


Port                     State         Role Cost     Prio Type

------------------------ ------------- ---- -------- ------------------------

 6/1                     forwarding    BDRY    10000   30 P2P,

Boundary(PVST)

 6/2                     blocking      BDRY    20000   32 P2P,

Boundary(PVST)

If you enable loop guard on the PVST+ switches, the ports might change to a loop-inconsistent state when the MST switches change their configuration. To correct the loop-inconsistent state, you must disable and reenable loop guard on that PVST+ switch.

Do not locate the root for some or all of the VLANs inside the PVST+ side of the MST switch because when the MST switch at the boundary receives PVST+ BPDUs for all or some of the VLANs on its designated ports, root guard sets the port to the blocking state. Do not designate switches with a slower CPU running PVST+ as a switch running MST.

When you connect a PVST+ switch to two different MST regions, the topology change from the PVST+ switch does not pass beyond the first MST region. In this case, the topology changes are only propagated in the instance to which the VLAN is mapped. The topology change stays local to the first MST region and the CAM entries in the other region are not flushed To make the topology change visible throughout other MST regions, you can map that VLAN to IST or connect the PVST+ switch to the two regions through access links.

Using PVST+

PVST+ is the default spanning tree mode for Catalyst 4000 family switches. These sections describe how to configure PVST+ on Ethernet VLANs:

Default PVST+ Configuration

Configuring PVST+ Bridge ID Priority

Configuring PVST+ Port Cost

Configuring PVST+ Port Priority

Configuring PVST+ Default Port Cost Mode

Configuring PVST+ Port VLAN Cost

Configuring PVST+ Port VLAN Priority

Disabling the PVST+ Mode on a VLAN

Default PVST+ Configuration

Table 7-4 shows the default PVST+ configuration.

Table 7-4 PVST+ Default Configuration 

Feature
Default Value

VLAN 1

All ports assigned to VLAN 1

Enable state

PVST+ enabled for all VLANs

MAC address reduction

Disabled

Bridge priority

32768

Bridge ID priority

32769 (bridge priority plus system ID extension of VLAN 1)

Port priority

32

Port cost

Gigabit Ethernet: 4

Fast Ethernet: 10

FDDI/CDDI: 10

Ethernet: 100

Default spantree port cost mode

Short (802.1D)

Port VLAN priority

Same as port priority but configurable on a per-VLAN basis in PVST+

Port VLAN cost

Same as port cost but configurable on a per-VLAN basis in PVST+

Maximum aging time

20 seconds

Hello time

2 seconds

Forward delay time

15 seconds


Configuring PVST+ Bridge ID Priority

The bridge ID priority is the priority of a VLAN when the switch is in PVST+ mode.

When the switch is in PVST+ mode without MAC address reduction enabled, you can enter a bridge priority value between 0 and 65535. The VLAN bridge ID priority becomes that value.

When the switch is in PVST+ mode with MAC address reduction enabled, you can enter one of 16 bridge priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, or 61440.

The bridge priority is combined with the system ID extension (that is, the ID of the VLAN) to create the bridge ID priority for the VLAN.

To configure the spanning tree bridge priority for a VLAN, perform this task in privileged mode:

 
Task
Command

Step 1 

Set the bridge ID priority for a VLAN.

set spantree priority bridge_ID_priority [vlan]

Step 2 

Verify the bridge ID priority.

show spantree [vlan] [active]

This example shows the bridge ID when MAC address reduction is not enabled (default): 

Console> (enable) set spantree priority 30000 1

Spantree 1 bridge priority set to 30000.

Console> (enable) show spantree 1 

VLAN 1

Spanning tree mode          PVST+

Spanning tree type          ieee

Spanning tree enabled


Designated Root             00-60-70-4c-70-00

Designated Root Priority    16384

Designated Root Cost        19

Designated Root Port        2/3

Root Max Age   14 sec   Hello Time 2  sec   Forward Delay 10 sec


Bridge ID MAC ADDR          00-d0-00-4c-18-00

Bridge ID Priority          30000

Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec


Port                     Vlan Port-State    Cost      Prio Portfast Channel_id

------------------------ ---- ------------- --------- ---- -------- ----------

 1/1                     1    not-connected         4   32 disabled 0

 1/2                     1    not-connected         4   32 disabled 0

 2/1                     1    not-connected       100   32 disabled 0

 2/2                     1    not-connected       100   32 disabled 0

This example shows the bridge ID priority when MAC reduction is enabled: 

Console> (enable) set spantree priority 32768 1

Spantree 1 bridge ID priority set to 32769

(bridge priority: 32768 + sys ID extension: 1)

Console> (enable) show spantree 1/1 1

VLAN 1

Spanning tree mode          PVST+

Spanning tree type          ieee

Spanning tree enabled


Designated Root             00-60-70-4c-70-00

Designated Root Priority    16384

Designated Root Cost        19

Designated Root Port        2/3

Root Max Age   14 sec   Hello Time 2  sec   Forward Delay 10 sec


Bridge ID MAC ADDR          00-d0-00-4c-18-00

Bridge ID Priority          32769  (bridge priority: 32768, sys ID ext: 1)

Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec


Port                     Vlan Port-State    Cost      Prio Portfast Channel_id

------------------------ ---- ------------- --------- ---- -------- ----------

 1/1                     1    not-connected         4   32 disabled 0

 1/2                     1    not-connected         4   32 disabled 0

 2/1                     1    not-connected       100   32 disabled 0

 2/2                     1    not-connected       100   32 disabled 0

Configuring PVST+ Port Cost

You can configure the port cost of switch ports. Ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media.The possible range of cost is 1 to 65535. The default differs for different media. Path cost is typically 1000 ÷ LAN speed in megabits per second.

To configure the port cost for a port, perform this task in privileged mode:

 
Task
Command

Step 1 

Configure the port cost for a switch port.

set spantree portcost {mod/port} cost

Step 2 

Verify the port cost setting.

show spantree mod/port

This example shows how to configure the port VLAN priority on a port and verify the configuration: 

Console> (enable) set spantree portcost 2/3 12

Spantree port 2/3 path cost set to 12.

Console> (enable) show spantree 2/3