Configuring spanning tree correctly is very important on any local area network.  The most important element to spanning tree is the root bridge placement.  By default, spanning-tree which is running on all switches in the network, will elect a root bridge automatically.  In most all cases, automatic root bridge election is not a good idea.  If no other element of spanning tree is manually configured on your network, the root bridge should definitely be set.

Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most powerful switch, but choose the most centralized switch on the network. All data flow across the network is from the perspective of this switch. Switches in the distribution layer often serve as the spanning tree root because these switches typically do not connect to end stations. Also, moves and changes within the network are less likely to affect these switches.

Let’s consider the following network diagram:

Vlan3 is defined on the network with SW1configured as the root bridge.

SW1#show spanning-tree root
VLAN3
  Root ID    Priority    8192
             Address     cc00.0cf4.0002
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

The output of the previous show command reflects that it is the root bridge for Vlan3.  The mac-address shown is the address of the switch serving as the root bridge.  Using the mac address shown in the show spanning-tree root output, we can go searching for the root bridge of any vlan.

The priority was configured on SW1 in order for it to assume root bridge status for vlan 3.  The configuration command executed on SW1:

SW1(config)#spanning-tree vlan 3 priority 8192

SW2 is configured to assume the root bridge in the event SW1fails:

SW2(config)#spanning-tree vlan 3 priority 16384

Let’s say on SW3 we configure the following:

SW3(config)#spanning-tree vlan 3 priority 4096

Run the show spanning-tree root command again on SW1:

SW1#show spanning-tree root
VLAN3
  Root ID    Priority    4096
             Address     cc02.0cf4.0002
             Cost        12
             Port        321 (Port-channel1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

The mac-address cc02.0cf4.0002 belongs to SW3, which has now become the root bridge for vlan3.  How do you prevent this from happening?

Using best practice configuration techniques, make sure SW3 and SW4 does not become the root bridge for any vlan.

SW3(config)#spanning-tree vlan 1-4094 priority 65535
SW4(config)#spanning-tree vlan 1-4094 priority 65535

Configure SW1 and SW2 as the primary and secondary root bridges for vlan 3

SW1(config)#spanning-tree vlan 3 priority 1
SW2(config)#spanning-tree vlan 3 priority 2

Remember to do this configuration for each vlan on the network, because in per vlan spanning-tree, there is a root bridge for each spanning-tree instance.