Spanning Tree Protocols (RSTP and MST)

Comprehensive Guide to Spanning Tree Protocols (RSTP and MST) for CCNP ENCOR

Introduction to Spanning Tree Protocols

Spanning Tree Protocols are critical components of modern network infrastructure. They prevent layer 2 loops, ensure network stability, and provide redundancy in switched environments. Understanding RSTP (Rapid Spanning Tree Protocol) and MST (Multiple Spanning Tree) is essential for CCNP ENCOR certification and professional network design.

Why Spanning Tree Protocols Are Important

Network Stability: In switched networks with redundant paths, layer 2 loops can cause catastrophic failures. Frames circulate infinitely, consuming all available bandwidth and causing MAC table instability. Spanning Tree Protocols eliminate these loops by blocking specific ports while maintaining redundancy.

Redundancy Without Risk: Modern networks require high availability. Spanning Tree allows you to design networks with multiple physical paths while ensuring only one active path exists at any given time. When the active path fails, the protocol automatically unblocks a backup path.

Convergence Speed: RSTP dramatically improved convergence time compared to legacy STP (Spanning Tree Protocol). While traditional STP could take 30-50 seconds to reconverge, RSTP achieves convergence in seconds. MST extends this capability across multiple VLANs efficiently.

VLAN Scalability: MST allows multiple VLANs to share a single spanning tree instance, reducing CPU overhead and simplifying management compared to running PVST+ (Per VLAN Spanning Tree) for each VLAN.

What Are RSTP and MST?

Spanning Tree Protocol (STP) - The Foundation

STP is the original protocol (802.1D) that prevents loops in layer 2 networks. It uses a distributed algorithm to elect a root bridge and then blocks certain ports to create a loop-free tree topology. However, STP has significant limitations:

• Slow convergence time (30-50 seconds)
• Inefficient use of bandwidth (only one active path)
• Complex topology decisions

Rapid Spanning Tree Protocol (RSTP)

RSTP (802.1w) is the modern replacement for traditional STP. Key improvements include:

Faster Convergence: RSTP can converge in 1-3 seconds through active link testing and explicit handshaking between switches rather than waiting for timers to expire.

Port States: RSTP uses three port states instead of STP's four: Discarding (replaces Disabled and Blocking), Learning, and Forwarding.

Port Roles: RSTP defines four port roles:
Root Port: The port on each non-root bridge that provides the best path to the root bridge.
Designated Port: The port on each segment responsible for forwarding frames toward the root bridge.
Alternate Port: A backup port offering an alternative path to the root bridge.
Backup Port: A backup for a designated port on the same segment.

Active Link Testing: RSTP sends Hello BPDUs (Bridge Protocol Data Units) every 2 seconds by default. If a port doesn't receive BPDUs for 3 consecutive periods, it assumes the upstream link has failed and can immediately activate a backup path.

Multiple Spanning Tree (MST)

MST (802.1s) extends RSTP concepts to multiple instances, allowing different VLANs to be mapped to different spanning tree instances. This provides optimal load balancing across the network.

Key Concepts of MST:

MSTI (Multiple Spanning Tree Instance): Each instance operates independently with its own root bridge and port roles.

VLAN Mapping: Multiple VLANs can be mapped to the same instance, reducing the number of spanning tree calculations needed.

Region: A group of switches configured with the same MST configuration parameters form an MST region. Switches outside the region see the entire region as a single virtual bridge.

Common Internal Spanning Tree (CIST): A special instance that connects different MST regions and manages communication between them.

How Spanning Tree Protocols Work

The Core Algorithm

Root Bridge Election: The bridge with the lowest Bridge ID (priority + MAC address) becomes the root bridge. By default, priority is 32768 on all switches, so the MAC address becomes the tiebreaker. You should manually set priorities to control the root bridge election.

Path Cost Calculation: Each port has a path cost based on link speed. The cost is subtracted from the total cost as frames traverse toward the root bridge. Lower costs represent faster paths.

Best Path Selection: Each non-root bridge selects the port with the lowest cost to reach the root bridge as its root port. Ports on each segment that provide the best path toward the root are designated ports. All other ports are blocked.

RSTP-Specific Operation

Port State Transitions: Instead of slowly moving through Disabled → Blocking → Listening → Learning → Forwarding (which takes 30-50 seconds in STP), RSTP can transition ports to forwarding much faster through two mechanisms:

Edge Ports: Ports connected to end devices (not other switches) immediately move to forwarding state. Configure these with the spanning-tree portfast command. Edge ports that receive BPDUs revert to normal spanning tree processing.

Link Type: RSTP classifies ports as point-to-point (typically full-duplex) or shared (half-duplex). Point-to-point ports can rapidly transition through negotiation with neighbors.

Proposal/Agreement Handshake: When a port wants to transition to forwarding, it sends a proposal BPDU. The receiving switch can immediately agree if it has made all its other ports designated or blocked, allowing rapid transition without waiting for timers.

MST-Specific Operation

Instance Configuration: You define how many instances exist and which VLANs map to each instance. All switches in a region must have identical configuration name, revision number, and VLAN-to-instance mappings.

Regional Operation: Within a region, each instance operates independently using RSTP. Different instances can have different root bridges and topologies, allowing load balancing across multiple links.

Inter-Region Communication: The CIST acts as a backbone connecting different MST regions. It ensures loop prevention across regions and is managed by the switch with the lowest bridge ID across all regions (the CIST root).

Virtual Bridge for Legacy STP: When an MST region connects to a legacy STP switch, the entire region appears as a single bridge with an internal topology that is hidden from the external switch.

Key Differences Between RSTP and MST

Fundamental Concepts You Must Understand

Bridge ID and Priority

The Bridge ID consists of a 16-bit priority field and a 48-bit MAC address. Priority values range from 0-65535 in increments of 4096 (0, 4096, 8192... 65535). Lower Bridge IDs win. You should configure the root bridge by setting its priority to 0 or a low value like 4096.

Path Costs

Modern path costs follow this scale:

• 10 Gbps: 2
• 1 Gbps: 4
• 100 Mbps: 19
• 10 Mbps: 100

You can manually override path costs on specific ports to influence which paths are preferred.

Timers

Hello Time: Interval between BPDUs (default 2 seconds). The root bridge sends these every hello time.

Forward Delay: Time a port spends in Listening and Learning states in traditional STP (default 15 seconds each). RSTP makes this less important due to rapid transitions.

Max Age: Time a switch waits without receiving BPDUs before acting on topology change (default 20 seconds). If 3 hello intervals pass without a BPDU, the port is assumed dead.

BPDU Format

BPDUs contain the sender's bridge ID, path cost to root, root bridge ID, and other information. All switches in a spanning tree region communicate via BPDUs to build and maintain the topology.

Configuration Examples

Basic RSTP Configuration

Enable RSTP on a Catalyst Switch:
Most modern Cisco switches run RSTP (spanning-tree mode rapid-pvst) by default. To explicitly set RSTP:
Switch(config)# spanning-tree mode rapid-pvst

Set Root Bridge Priority:
Switch(config)# spanning-tree vlan 1 priority 0

Configure Edge Ports:
Switch(config-if)# spanning-tree portfast
Switch(config-if)# spanning-tree bpdu-guard enable

Verify Configuration:
Switch# show spanning-tree
Switch# show spanning-tree vlan 1
Switch# show spanning-tree interface gi0/1 detail

Basic MST Configuration

Enable MST Mode:
Switch(config)# spanning-tree mode mst

Enter MST Configuration Region:
Switch(config)# spanning-tree mst configuration
Switch(config-mst)# name MyRegion
Switch(config-mst)# revision 1
Switch(config-mst)# instance 1 vlan 1-100
Switch(config-mst)# instance 2 vlan 101-200
Switch(config-mst)# exit

Set MST Root Bridge:
Switch(config)# spanning-tree mst 1 priority 0

Verify MST Configuration:
Switch# show spanning-tree mst
Switch# show spanning-tree mst 1
Switch# show spanning-tree mst configuration

Common Network Scenarios

Scenario 1: Three-Layer Network with Redundancy

In a typical enterprise network, you have a core layer (two switches for redundancy), distribution layer (switches connecting to core), and access layer (switches connecting to devices).

RSTP Configuration Strategy:
1. Configure both core switches with priority 0 (one becomes root, the other backup root)
2. Set distribution switches with priority 8192
3. Set access switches with priority 16384
4. Enable PortFast on all access ports connected to devices
5. Enable BPDU Guard on PortFast ports to prevent accidental loop creation
6. Use Root Guard on distribution/core switches to prevent access switches from becoming root

Scenario 2: Load Balancing with MST

Your network has two core switches and 100 VLANs. Using Rapid PVST+ would create 100 spanning tree instances. Using MST with 2 instances:

Instance 1: VLANs 1-50, Root on Switch A
Instance 2: VLANs 51-100, Root on Switch B

Now half the traffic uses each core switch as root, balancing the load. This reduces CPU overhead and improves convergence.

Scenario 3: Connecting MST to Legacy STP

If you have a legacy switch running traditional STP connecting to your MST network, the MST region appears as a single virtual bridge. The MST region will elect an internal root and present a consistent external topology to the legacy switch.

Exam Tips: Answering Questions on Spanning Tree Protocols (RSTP and MST)

Tip 1: Understand the Purpose First

Before diving into protocol details, ensure you understand the core problem: loops in layer 2 networks cause frame circulation and MAC table instability. The entire point of spanning tree is to create a loop-free topology while maintaining redundancy. If a question asks why spanning tree is needed, this is the answer.

Tip 2: Master the Bridge ID Concept

Many exam questions involve determining which switch becomes root or which port becomes designated. Remember: Lower Bridge IDs win all comparisons. Bridge ID = Priority (16-bit) + MAC Address (48-bit). If priorities are equal, the switch with the lowest MAC address wins. This is fundamental to every spanning tree calculation.

Tip 3: Know the Differences Between Versions

Exam questions often ask you to identify advantages of RSTP over STP or when to use MST instead of RSTP. Key points:

RSTP vs STP: Faster convergence (seconds vs minutes), active link testing via BPDUs, port roles instead of just states, P/A handshake for rapid transitions, edge ports for PortFast.

RSTP vs MST: MST supports multiple instances for load balancing, reduces overhead compared to PVST+, requires proper configuration synchronization across regions.

Tip 4: Pay Attention to Port Roles

RSTP questions frequently involve identifying port roles. Remember:

Root Port: Selected on non-root bridges, provides best path to root (only one per bridge)
Designated Port: Selected on each segment, forwards toward root (one per segment)
Alternate Port: Backup to root port, blocked
Backup Port: Backup to designated port, blocked

If a question shows a topology and asks which port becomes what role, use this logic: Start from the root bridge and work outward. On the root bridge, all ports are designated. On each non-root bridge, select the port with lowest cost to root as the root port. All other ports on the root bridge segment are designated. On other segments, the port with lowest cost to root is designated; the other is alternate/backup.

Tip 5: Understand Timers and Convergence

Exam questions often ask about convergence times and what timers do what:

Hello Time (2 sec default): How often BPDUs are sent
Forward Delay (15 sec default): Time spent in each of Listening/Learning states (STP only, less relevant for RSTP)
Max Age (20 sec default): Time to wait before assuming a link has failed

Convergence Speed: RSTP converges in seconds (proposal/agreement handshake). Edge ports converge immediately. Traditional STP takes 30-50 seconds because ports must go through Blocking → Listening → Learning → Forwarding, with Forward Delay between states.

Tip 6: MST Configuration Synchronization is Critical

MST questions often test whether you understand that all switches in a region must have identical configuration:

Must match: Region name, revision number, VLAN-to-instance mappings
Can differ: Priority values (to elect different roots), port costs

If a question shows two switches with different VLAN mappings, they are in different regions and will exchange CST (Common Spanning Tree) traffic, not CIST.

Tip 7: Recognize PortFast and BPDU Guard Scenarios

PortFast (edge ports) is only for ports connected to end devices, not switch-to-switch connections. BPDU Guard should be enabled on PortFast ports. If a switch accidentally receives a BPDU on a PortFast port, it can either disable the port (with BPDU Guard) or revert to normal spanning tree processing. Exam questions test whether you understand this. The answer is usually: enable BPDU Guard to prevent loops from accidental switch-to-switch connections on access ports.

Tip 8: Path Cost Comparisons

When determining which path is preferred, compare costs. If costs are equal, compare Bridge IDs of the switches offering those costs. Common exam scenario:

Two paths to the root with equal cost → The path through the switch with the lower Bridge ID is chosen.

Same switch, two ports with equal cost → The port with the lower port priority (or lower port number if priorities are equal) is chosen.

Tip 9: Root Guard and Loop Guard

Root Guard: Prevents a port from becoming a root port. Used on ports where a root bridge should never appear (e.g., access layer ports). If a better BPDU arrives on a Root Guard port, it's put into root-inconsistent state.

Loop Guard: Prevents alternate ports from becoming root ports due to unidirectional link failure. If a port that should receive BPDUs stops receiving them, Loop Guard blocks it instead of transitioning it to forwarding.

Exam tip: Root Guard and Loop Guard are protective measures for specific scenarios. Know when to use each.

Tip 10: Topology Change Notification

When a new switch joins the network or a link fails, a topology change occurs. The switch detecting the change sends TCN (Topology Change Notification) toward the root. The root floods a TC flag in BPDUs. Switches receiving the TC clear their MAC tables (since topology has changed) and relearn through flooding.

This is less critical for RSTP due to rapid convergence, but legacy STP implementations rely heavily on TCN. Exam questions might ask what happens when a topology change occurs.

Tip 11: Analyzing Complex Topologies

Step-by-step approach for topology questions:

1. Identify the root bridge (lowest Bridge ID)
2. Identify each bridge's root port (lowest cost to root)
3. Identify designated ports (lowest cost toward segment)
4. Identify blocked ports (neither root nor designated)
5. Verify no loops exist in the result

Use this methodology consistently. Most topology questions follow this pattern.

Tip 12: RSTP vs MST Instance Comparison

If asked whether to use RSTP or MST for a specific scenario:

Use RSTP when: One spanning tree instance is sufficient, network is small to medium-sized, simplicity is preferred

Use MST when: Multiple VLANs need different topologies for load balancing, large networks with many VLANs, you need to reduce spanning tree instance overhead

Exam answer: MST is more scalable and efficient in large, multi-VLAN networks.

Tip 13: Common Misconceptions to Avoid

Misconception 1: RSTP makes traditional STP obsolete → Actually, RSTP is backward compatible with STP. A network with both will operate in STP mode for compatibility.

Misconception 2: All ports transition to forwarding at the same time → No. Root ports transition first, then designated ports. Blocked ports remain blocked.

Misconception 3: Lower port cost always means the port will forward → No. The port must be on the best path (lowest cost to root). Even a port with cost 1 can be blocked if it's not on the best path.

Misconception 4: MST requires all VLANs to have the same topology → No. Different instances can have different roots, allowing per-VLAN topology optimization.

Tip 14: Configuration Verification Commands

Exam questions often ask what command shows specific information. Know these:

show spanning-tree → Overview of all instances and port states
show spanning-tree vlan X → Details for specific VLAN
show spanning-tree interface Y detail → Detailed port information including cost and role
show spanning-tree mst configuration → MST region configuration
show spanning-tree mst X → Details for MST instance X

Tip 15: Practice Troubleshooting Scenarios

Exam questions may present a problem and ask you to solve it:

Scenario: Unexpected port blocking → Check if port should be root or designated. Verify priority and cost settings. Ensure BPDU Guard isn't blocking the port. Check for Root Guard inconsistency.

Scenario: Slow convergence despite using RSTP → Verify PortFast is enabled on appropriate ports. Check that edge ports aren't receiving BPDUs from accidental connections. Verify timers aren't manually altered.

Scenario: Load not balanced on MST → Check that instances are properly configured with different roots. Verify VLAN-to-instance mapping. Ensure all switches in region have identical configuration.

Practice Questions

Question 1: In a network with three switches, all with default priority, which switch becomes the root bridge?
Answer: The switch with the lowest MAC address becomes root, since priorities are equal at 32768.

Question 2: How quickly does RSTP typically converge compared to traditional STP?
Answer: RSTP converges in 1-3 seconds, while STP takes 30-50 seconds due to timer-based transitions.

Question 3: What is the main advantage of MST over Rapid PVST+?
Answer: MST allows multiple VLANs to share a single spanning tree instance, reducing CPU overhead and enabling load balancing across different instances.

Question 4: Should PortFast be enabled on a port connecting two switches?
Answer: No. PortFast should only be enabled on ports connected to end devices. Switch-to-switch connections should use normal spanning tree processing.

Question 5: What happens if an MST switch with different VLAN mappings connects to an existing region?
Answer: The switch becomes part of a different region. The two regions exchange CST traffic at the boundary.

Final Review Checklist

Before your exam, verify you can:

• ☐ Explain why spanning tree is essential (loop prevention + redundancy)
• ☐ Calculate Bridge IDs and predict root bridge election
• ☐ Identify port roles in a topology (root, designated, alternate, backup)
• ☐ Explain RSTP's convergence advantages over STP
• ☐ Configure RSTP on Catalyst switches
• ☐ Design and configure MST regions with multiple instances
• ☐ Apply PortFast and BPDU Guard appropriately
• ☐ Understand Root Guard and Loop Guard purposes
• ☐ Interpret show spanning-tree output
• ☐ Troubleshoot spanning tree issues
• ☐ Choose between RSTP and MST for network scenarios
• ☐ Explain MST region concepts (name, revision, VLAN mapping)
• ☐ Describe the CIST and inter-region communication
• ☐ Understand timer functions (Hello, Forward Delay, Max Age)
• ☐ Recognize and avoid common spanning tree misconceptions

Conclusion

Spanning Tree Protocols (RSTP and MST) are fundamental to enterprise network design and are heavily tested on the CCNP ENCOR exam. Success requires understanding both the underlying concepts (Bridge IDs, path costs, port roles) and the practical configuration details. RSTP offers rapid convergence suitable for most modern networks, while MST provides scalability and load balancing for complex, multi-VLAN environments.

Focus on mastering the core algorithm, understanding the differences between protocol versions, and practicing topology analysis. Use the provided verification commands in a lab environment to reinforce your understanding. With solid knowledge of these protocols and careful attention to exam questions, you'll be well-prepared to answer any spanning tree question that appears on your CCNP ENCOR exam.