(4 votes, average: 4.50 out of 5)
Loading ...
Print This PostConfiguring spanning tree correctly is very important on any local area network. The most important element to spanning tree is the root bridge placement. By default, spanning-tree which is running on all switches in the network, will elect a root bridge automatically. In most all cases, automatic root bridge election is not a good idea. If no other element of spanning tree is manually configured on your network, the root bridge should definitely be set.
Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most powerful switch, but choose the most centralized switch on the network. All data flow across the network is from the perspective of this switch. Switches in the distribution layer often serve as the spanning tree root because these switches typically do not connect to end stations. Also, moves and changes within the network are less likely to affect these switches.
Let’s consider the following network diagram:
Vlan3 is defined on the network with SW1configured as the root bridge.
SW1#show spanning-tree root
VLAN3
Root ID Priority 8192
Address cc00.0cf4.0002
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
The output of the previous show command reflects that it is the root bridge for Vlan3. The mac-address shown is the address of the switch serving as the root bridge. Using the mac address shown in the show spanning-tree root output, we can go searching for the root bridge of any vlan.
The priority was configured on SW1 in order for it to assume root bridge status for vlan 3. The configuration command executed on SW1:
SW1(config)#spanning-tree vlan 3 priority 8192
SW2 is configured to assume the root bridge in the event SW1fails:
SW2(config)#spanning-tree vlan 3 priority 16384
Let’s say on SW3 we configure the following:
SW3(config)#spanning-tree vlan 3 priority 4096
Run the show spanning-tree root command again on SW1:
SW1#show spanning-tree root
VLAN3
Root ID Priority 4096
Address cc02.0cf4.0002
Cost 12
Port 321 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
The mac-address cc02.0cf4.0002 belongs to SW3, which has now become the root bridge for vlan3. How do you prevent this from happening?
Using best practice configuration techniques, make sure SW3 and SW4 does not become the root bridge for any vlan.
SW3(config)#spanning-tree vlan 1-4094 priority 65535 SW4(config)#spanning-tree vlan 1-4094 priority 65535
Configure SW1 and SW2 as the primary and secondary root bridges for vlan 3
SW1(config)#spanning-tree vlan 3 priority 1 SW2(config)#spanning-tree vlan 3 priority 2
Remember to do this configuration for each vlan on the network, because in per vlan spanning-tree, there is a root bridge for each spanning-tree instance.
Author Info:
Scott's profession is a Senior Network Engineer at a Healthcare related company in Nashville, TN. When he is not trying to secure a network or come up with a design for a new project, he enjoys spending time with his family. You can find out more at: http://www.scottp.net
September 17th, 2008 at 4:43 am
Hello Scott!
Very usefull article and good explanation.
The best thing are the examples.
I have a doubt. I have searched the MAC address displayed in Address field of the Root ID information, but I don’t find it in my network. Is it the physical MAC address? It is not the management switch address. Is it a virtual MAC address? If so, how is it calculated?
Thank you very much in advance!!
September 17th, 2008 at 3:59 pm
All Cisco Catalyst switches are assigned a set of MAC addresses that can be used for spanning tree and other purposes. On a Cisco 6500 switch, you can issue the command:
cat6500#show catalyst6000 all
chassis MAC addresses: 1024 addresses from 00d0.634c.cc00 to 00d0.634c.cfff
00:d0:63 is of course registered to Cisco in the OUI assignments.
So let’s say I have one access switch and one core switch for a simple example on tracking down a root bridge:
On the access switch:
switch#show spanning-tree vlan 1
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0005.dd45.1c00
Configured hello time 2, max age 20, forward delay 15
Current root has priority 8193, address 00d0.634c.cc00
Root port is 67, cost of root path is 4
Topology change flag not set, detected flag not set, changes 14312
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Gi0/1 (port 67) in Spanning tree 1 is FORWARDING
Port path cost 4, Port priority 128
Designated root has priority 8193, address 00d0.634c.cc00
Designated bridge has priority 8193, address 00d0.634c.cc00
Designated port is 129, path cost 0
Timers: message age 2, forward delay 0, hold 0
BPDU: sent 819, received 35042479
I should then look to see what switch is connected to the port in FORWARDING state (in this example it is the only port connected). So connected to interface Gi0/1 is a switch named rootswitch.
When I access rootswitch and issue the same command we issued on the access switch:
rootswitch#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 8193
Address 00d0.634c.cc00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8193 (priority 8192 sys-id-ext 1)
Address 00d0.634c.cc00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
I can tell this is the root bridge because the bridge ID matches and then notice a couple of lines below the bridge IP the line:
This bridge is the root
Bingo!