Spanning Tree Protocol (STP) — Root Bridge Election

When you connect multiple switches together for redundancy, you create physical loops in the network. Without a mechanism to break those loops, a single broadcast frame would circulate indefinitely — consuming all bandwidth and crashing the network in seconds. Spanning Tree Protocol (STP) automatically detects and blocks redundant paths, keeping exactly one active loop-free path between any two switches while holding backup paths ready to activate if the primary fails.

At the heart of STP is the root bridge — the switch elected as the central reference point for the entire spanning tree topology. Every other switch calculates its best path back to the root bridge, and ports that would create loops are placed into a blocking state. This lab covers how STP elects the root bridge, how to control which switch wins the election, and how to verify the result. For a conceptual overview first, see STP Overview.

This lab builds on VLAN Creation and Management and Trunk Port Configuration — STP runs per VLAN in Cisco's PVST+ implementation.

1. How STP Works — The Three-Step Process

STP builds a loop-free topology through three sequential decisions. Every switch in the network participates in all three:

Step	Decision	Criteria
1	Elect one root bridge for the entire topology	Lowest Bridge ID (Bridge Priority + MAC address)
2	Elect one root port per non-root switch	Port with the lowest cost path back to the root bridge
3	Elect one designated port per network segment	Port with the lowest cost path to reach the root bridge on that segment

Any port that is not a root port or designated port becomes an alternate port and is placed in the blocking state — it receives BPDUs but does not forward frames. This is what breaks the loop.

Bridge ID Structure

The Bridge ID is what switches use to identify themselves in STP. It has two components:

Component	Size	Default Value	Configurable?
Bridge Priority	16 bits (2 bytes)	32768	✅ Yes — in increments of 4096
Extended System ID	12 bits (part of priority field)	VLAN ID (added automatically)	❌ No — set by IOS automatically
MAC Address	48 bits (6 bytes)	Switch's base MAC address	❌ No

Extended System ID: Cisco's PVST+ adds the VLAN ID to the priority field automatically. So for VLAN 10, the default Bridge ID priority is 32768 + 10 = 32778. This is why you see values like 32778 or 32788 in show spanning-tree output — not just 32768.

Root Bridge Election Rule

The switch with the lowest Bridge ID wins the root bridge election. Since the Bridge ID is compared numerically, a lower priority number always wins. If two switches have the same priority, the switch with the lower MAC address wins — which is why relying on default priorities is unpredictable in production.

Never leave root bridge election to chance. In a production network, always manually set the priority on the switch you want as root bridge. An uncontrolled election may result in a low-priority access switch becoming the root — forcing all traffic to flow through it inefficiently.

2. STP Port Roles and States

Port Roles

Port Role	Which Switch	Description	Forwards Frames?
Root Port (RP)	Non-root switches only	The port with the lowest-cost path back to the root bridge. One per non-root switch.	✅ Yes — forwarding
Designated Port (DP)	All switches (including root)	The port on each segment with the best path to the root bridge. One per segment.	✅ Yes — forwarding
Alternate Port (AP)	Non-root switches	A port that receives BPDUs from another switch — would create a loop if active. Blocked.	❌ No — blocking
Backup Port	Non-root switches	A redundant port on the same segment as another port on the same switch. Rare in practice.	❌ No — blocking

Port States (802.1D STP)

State	Forwards Frames?	Learns MACs?	Receives BPDUs?	Duration
Blocking	❌ No	❌ No	✅ Yes	Up to 20 seconds (Max Age)
Listening	❌ No	❌ No	✅ Yes	15 seconds (Forward Delay)
Learning	❌ No	✅ Yes	✅ Yes	15 seconds (Forward Delay)
Forwarding	✅ Yes	✅ Yes	✅ Yes	Indefinite — normal operation
Disabled	❌ No	❌ No	❌ No	Port is administratively shut down

STP convergence time: In 802.1D classic STP, a port transitioning from blocking to forwarding takes up to 50 seconds (20s Max Age + 15s Listening + 15s Learning). This is why Cisco introduced PortFast for access ports and Rapid STP (RSTP / 802.1w) for faster convergence.

STP Path Cost — Default Values

Link Speed	STP Cost (802.1D Short)	STP Cost (802.1t Long)
10 Mbps	100	2,000,000
100 Mbps (FastEthernet)	19	200,000
1 Gbps (GigabitEthernet)	4	20,000
10 Gbps	2	2,000

3. Lab Scenario & Topology

Three switches connected in a triangle — the classic STP lab topology. Without STP configuration, the election outcome depends entirely on MAC addresses and is unpredictable. In this lab we take full control.

                    ┌──────────────────┐
                    │   NetsTuts_SW1   │  ← ROOT BRIDGE (Priority 4096)
                    │  MAC: 0001.0001  │
                    └────────┬─────────┘
                    Gi0/1    │      Gi0/2
                  (DP)       │            (DP)
                    ┌────────┘              └────────┐
                    │                               │
                Gi0/1 (RP)                       Gi0/1 (RP)
          ┌─────────────────┐           ┌─────────────────┐
          │  NetsTuts_SW2   │           │  NetsTuts_SW3   │
          │  MAC: 0001.0002 │           │  MAC: 0001.0003 │
          │  Priority 32768 │           │  Priority 32768 │
          └─────────────────┘           └─────────────────┘
                   Gi0/2 (AP/BLK) ═════ Gi0/2 (DP)
                       └────── Blocked ──────┘

  Legend:  DP = Designated Port (forwarding)
           RP = Root Port (forwarding)
           AP = Alternate Port (blocking)

Switch	Role	Priority (VLAN 1)	Bridge ID Priority
NetsTuts_SW1	Root Bridge	4096	4096 + 1 (VLAN) = 4097
NetsTuts_SW2	Non-root	32768 (default)	32768 + 1 = 32769
NetsTuts_SW3	Non-root	32768 (default)	32768 + 1 = 32769 (tie — MAC decides)

4. Step 1 — Verify the Default STP State

Before making any changes, check the current STP state on all switches to see which switch IOS has elected as root bridge by default:

NetsTuts_SW1#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0001.0001.0001
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0001.0001.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ----
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p

SW1 happens to be root by default because it has the lowest MAC address. Both ports are Designated (Desg) and Forwarding (FWD) — all ports on the root bridge are always designated ports.

5. Step 2 — Manually Set the Root Bridge

There are two methods to control root bridge election. Method 1 uses the spanning-tree vlan [id] priority [value] command to set an explicit priority. Method 2 uses the spanning-tree vlan [id] root primary macro which automatically sets a priority low enough to win the election.

Method 1: Explicit Priority (Recommended)

NetsTuts_SW1>en
NetsTuts_SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NetsTuts_SW1(config)#spanning-tree vlan 1 priority 4096
NetsTuts_SW1(config)#end
NetsTuts_SW1#wr
Building configuration...
[OK]
NetsTuts_SW1#

Priority 4096 — significantly lower than the default 32768 on all other switches. SW1 will win the election for VLAN 1. Priority must be a multiple of 4096.

Method 2: root primary Macro

NetsTuts_SW1(config)#spanning-tree vlan 1 root primary

IOS automatically sets the priority to 24576 (or lower if another switch already has a priority below 24576). Convenient but less precise than setting explicitly. Not recommended for production where predictability matters.

Also Set a Secondary Root Bridge

Best practice is to also designate a secondary root bridge — the switch that takes over if the primary fails:

NetsTuts_SW2>en
NetsTuts_SW2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NetsTuts_SW2(config)#spanning-tree vlan 1 priority 8192
NetsTuts_SW2(config)#end
NetsTuts_SW2#wr
Building configuration...
[OK]
NetsTuts_SW2#

SW2 priority set to 8192 — lower than SW3's default 32768 but higher than SW1's 4096. SW2 becomes secondary root bridge automatically if SW1 fails.

Valid Priority Values

Priority Value	Multiple of 4096?	Notes
0	✅	Lowest possible — guaranteed root bridge win
4096	✅	Common choice for primary root bridge
8192	✅	Common choice for secondary root bridge
32768	✅	Default — all switches start here
61440	✅	Maximum value
5000	❌	Invalid — IOS rejects non-multiples of 4096

6. Verification

show spanning-tree vlan 1 — Root Bridge

NetsTuts_SW1#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     0001.0001.0001
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)
             Address     0001.0001.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ----
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p

"This bridge is the root" confirms SW1 has won the election. Priority is now 4097 (4096 + VLAN 1). All ports on the root bridge are Designated/Forwarding — this is always the case.

show spanning-tree vlan 1 — Non-Root Switch (SW2)

NetsTuts_SW2#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     0001.0001.0001
             Cost        4
             Port        1 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8193   (priority 8192 sys-id-ext 1)
             Address     0001.0001.0002
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ----
Gi0/1               Root FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p

SW2 shows the root bridge address (SW1's MAC) and the cost to reach it (4). Gi0/1 is the Root Port (RP) — the path to the root bridge. Gi0/2 is Designated — the link to SW3 where SW2 has the better path to root.

show spanning-tree vlan 1 — Non-Root Switch (SW3)

NetsTuts_SW3#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     0001.0001.0001
             Cost        4
             Port        1 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0001.0001.0003
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ----
Gi0/1               Root FWD 4         128.1    P2p
Gi0/2               Altn BLK 4         128.2    P2p

SW3's Gi0/2 is the Alternate Port (Altn) in Blocking (BLK) state — this port is what breaks the loop in the triangle topology. It receives BPDUs from SW2 but does not forward any frames.

show spanning-tree vlan 1 brief

NetsTuts_SW1#show spanning-tree vlan 1 brief

VLAN0001
                                                   IEEE STP
Spanning tree enabled protocol ieee
Root ID    Priority    4097
           Address     0001.0001.0001
           This bridge is the root

                                         Cost  Port ID        Interface
Port           Role  Sts   Cost  Prio   Nbr    Type
-------------- ----- ---   ----- ------ ------ -------- ------
Gi0/1          Desg  FWD   4     128    1      P2p
Gi0/2          Desg  FWD   4     128    2      P2p

show spanning-tree summary

NetsTuts_SW1#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001 VLAN0010 VLAN0020 VLAN0030
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
EtherChannel misconfig guard is enabled
UplinkFast                   is disabled
BackboneFast                 is disabled

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                     0         0        0          2          2
VLAN0010                     0         0        0          2          2
VLAN0020                     0         0        0          2          2
VLAN0030                     0         0        0          2          2

show spanning-tree summary shows all VLANs for which this switch is root bridge. All four VLANs show 0 blocking ports — confirming SW1 is root for all of them and no ports are blocked on the root bridge.

Verification Command Summary

Command	What It Shows	Key Field to Check
`show spanning-tree vlan [id]`	Full STP details for one VLAN — root ID, bridge ID, all port roles and states	"This bridge is the root" — confirms root bridge identity
`show spanning-tree vlan [id] brief`	Condensed port role and state table for one VLAN	Role column: Desg/Root/Altn; State column: FWD/BLK
`show spanning-tree summary`	All VLANs and their blocking/forwarding port counts	"Root bridge for:" — lists all VLANs this switch is root for
`show spanning-tree vlan [id] root`	Root bridge ID, cost, and root port for this switch	Confirms which switch is root and this switch's path cost to it
`show spanning-tree active`	Only VLANs with active ports — cleaner output on switches with many VLANs	Port roles and states for all active VLANs simultaneously

7. PVST+ — Per-VLAN Spanning Tree

Cisco switches run PVST+ (Per-VLAN Spanning Tree Plus) by default. This means a separate STP instance runs for every VLAN — each VLAN has its own root bridge election, its own port roles, and its own blocked ports. PVST+ depends on 802.1Q VLAN tagging on trunk links to carry per-VLAN BPDU information between switches.

This enables a powerful technique called STP load balancing — you can configure SW1 as root for VLANs 10 and 20, while SW2 is root for VLANs 30 and 40. Traffic is distributed across both uplinks rather than concentrating everything on one active path:

! ── SW1: root for VLAN 10 and 20 ─────────────────────────
NetsTuts_SW1(config)#spanning-tree vlan 10 priority 4096
NetsTuts_SW1(config)#spanning-tree vlan 20 priority 4096

! ── SW2: root for VLAN 30 and 40 ─────────────────────────
NetsTuts_SW2(config)#spanning-tree vlan 30 priority 4096
NetsTuts_SW2(config)#spanning-tree vlan 40 priority 4096

With PVST+ load balancing, SW1 handles VLAN 10 and 20 traffic via one uplink, while SW2 handles VLAN 30 and 40 traffic via the other — both trunk links carry traffic simultaneously. Note that STP topology changes flush the MAC address table, so minimising unnecessary topology changes is important for network stability.

STP Versions Supported by Cisco IOS

Version	Standard	Convergence	Notes
STP	IEEE 802.1D	~50 seconds	Original — single instance for all VLANs
PVST+	Cisco proprietary	~50 seconds	Per-VLAN instances — Cisco default on older IOS
RSTP	IEEE 802.1w	~1–2 seconds	Rapid convergence — single instance
Rapid PVST+	Cisco proprietary	~1–2 seconds	Per-VLAN RSTP — Cisco default on modern IOS. Set with `spanning-tree mode rapid-pvst`
MSTP	IEEE 802.1s	~1–2 seconds	Multiple STP — maps multiple VLANs to fewer STP instances

8. Troubleshooting STP Issues

Problem	Symptom	Cause	Fix
Wrong switch is root bridge	`show spanning-tree` shows an access switch as root	Default priorities left unchanged — low MAC address switch won election	Set lower priority on the correct switch: `spanning-tree vlan [id] priority 4096`
Unexpected port blocking	A port that should forward is in blocking state — connectivity lost	STP has chosen a suboptimal path — root bridge in wrong location affecting port role decisions	Correct root bridge placement first — then verify port costs with `show spanning-tree vlan [id]`
Network loop — broadcast storm	Excessive CPU, all interfaces maxed out, network unreachable	STP disabled on a switch, or BPDU Guard triggered and a port should have been blocked	Check `show spanning-tree` on all switches — verify STP is running. See PortFast & BPDU Guard
Priority not accepted	IOS rejects `spanning-tree vlan 1 priority 5000`	Priority value is not a multiple of 4096	Use valid values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768...
STP topology change flood	MAC address table flushed repeatedly — intermittent connectivity	A topology change notification (TCN) is being sent — port flapping or misconfig	Check `show spanning-tree detail` for "topology changes" counter — identify the port generating TCNs. Enable PortFast on access ports

Key Points & Exam Tips

STP prevents Layer 2 loops by electing a root bridge and blocking redundant ports — without it, a single broadcast frame would loop forever (broadcast storm).
The root bridge is elected based on the lowest Bridge ID = Bridge Priority + Extended System ID (VLAN ID) + MAC address. Lower value always wins.
Default bridge priority is 32768. With Extended System ID, VLAN 1 priority is 32768 + 1 = 32769. Always account for the VLAN ID.
Priority must be set in multiples of 4096. IOS rejects any other value. Valid range: 0 to 61440.
All ports on the root bridge are Designated/Forwarding — the root bridge never has a root port or blocking port.
Every non-root switch has exactly one Root Port — the port with the lowest-cost path to the root bridge.
The Alternate Port is the blocked port — it breaks the loop. It is always on the non-root switch with the worst path to the root bridge.
Cisco's PVST+ runs a separate STP instance per VLAN — use this for load balancing by making different switches root for different VLANs.
spanning-tree vlan [id] root primary is a macro that sets priority automatically — but explicit priority values are more predictable and recommended in production.
Classic 802.1D STP takes up to 50 seconds to converge. Use Rapid PVST+ (spanning-tree mode rapid-pvst) in modern networks for ~1–2 second convergence. See RSTP — Rapid Spanning Tree for the full Rapid PVST+ lab.

Next Steps: With STP root bridge under control, protect access ports from accidental loops with PortFast & BPDU Guard Configuration. For link aggregation to increase bandwidth between switches without STP blocking, see EtherChannel (LACP) Configuration. For additional Layer 2 security on the access ports STP protects, see Port Security & Sticky MAC and DHCP Snooping & Dynamic ARP Inspection.

TEST WHAT YOU LEARNED

1. Three switches with default STP configuration are connected in a triangle. SW1 has MAC 0001.A, SW2 has MAC 0001.B, SW3 has MAC 0001.C. Which switch becomes root bridge and why?

A. SW3 — it has the highest MAC address B. All three have equal priority — no root bridge is elected C. SW1 — all priorities are equal at 32768 so the tiebreaker is the lowest MAC address, and SW1's MAC (0001.A) is lowest D. SW2 — it has the middle MAC address which STP prefers

Correct answer is C. When all switches have the same bridge priority (32768 by default), STP uses the MAC address as a tiebreaker — the switch with the lowest MAC address wins. SW1's MAC (0001.A) is numerically lower than SW2's (0001.B) and SW3's (0001.C), so SW1 is elected root bridge. This is why leaving priorities at default is unpredictable — the switch with the oldest (lowest) MAC wins.

2. An engineer enters `spanning-tree vlan 10 priority 5000`. What happens?

A. The priority is set to 5000 successfully B. IOS rejects the command — STP priority must be a multiple of 4096 C. IOS rounds 5000 up to 8192 automatically D. The command is accepted but has no effect on the election

Correct answer is B. Cisco IOS enforces that STP bridge priority values must be exact multiples of 4096 due to the Extended System ID design (the lower 12 bits of the priority field are used for the VLAN ID). Valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440. Any other value is rejected.

3. On SW2 (non-root), `show spanning-tree vlan 1` shows Gi0/1 as Root port and Gi0/2 as Alternate port in Blocking state. What does the Alternate port indicate?

A. Gi0/2 is unused — no cable is connected B. Gi0/2 has a higher speed than Gi0/1 C. Gi0/2 is connected to the root bridge directly D. Gi0/2 provides a redundant path to the root bridge — STP blocked it to prevent a loop. If Gi0/1 fails, Gi0/2 will transition to forwarding

Correct answer is D. An Alternate port is a blocked port that provides a backup path to the root bridge. STP blocks it to eliminate the loop but monitors it via BPDUs. If the Root Port (Gi0/1) fails, STP will unblock the Alternate Port and transition it to forwarding — providing redundancy without creating a loop during normal operation.

4. Which ports does the root bridge have, and in what state are they?

A. All ports on the root bridge are Designated ports in Forwarding state — the root bridge never has root ports or alternate ports B. The root bridge has one Root port and the rest are Designated C. The root bridge has at least one Alternate port in Blocking state D. Root bridge port roles depend on the number of connected switches

Correct answer is A. The root bridge is the reference point for the entire STP topology — all other switches calculate their path cost relative to it. Since the root bridge has a cost of 0 to itself, all its ports are always Designated ports and in Forwarding state. Root ports and Alternate ports only exist on non-root switches.

5. `show spanning-tree vlan 1` on SW1 shows a Bridge ID priority of 32769 even though the default STP priority is 32768. Why?

A. SW1 has been manually configured with priority 32769 B. The extra 1 is added because SW1 is the root bridge C. The Extended System ID adds the VLAN ID to the priority — 32768 + VLAN 1 = 32769 D. IOS rounds the default priority up by 1 for administrative purposes

Correct answer is C. Cisco's Extended System ID feature embeds the VLAN ID into the lower 12 bits of the Bridge ID priority field. The effective Bridge ID priority = configured priority + VLAN ID. For VLAN 1 with default priority 32768: 32768 + 1 = 32769. For VLAN 10: 32768 + 10 = 32778. This is why you always see the VLAN ID added to the priority in show spanning-tree output.

6. What is the advantage of Cisco PVST+ over standard 802.1D STP in a multi-VLAN network?

A. PVST+ converges faster — it reduces the forward delay to 5 seconds B. PVST+ runs a separate STP instance per VLAN — enabling per-VLAN root bridge control and load balancing across redundant links C. PVST+ eliminates the need to configure bridge priority manually D. PVST+ uses fewer BPDUs than 802.1D, reducing control plane overhead

Correct answer is B. Standard 802.1D STP runs one instance for all VLANs — one root bridge and one set of blocked ports for the entire network. PVST+ runs an independent STP topology per VLAN. This allows different switches to be root for different VLANs, distributing traffic across multiple uplinks. For example, SW1 can be root for VLANs 10–20 while SW2 is root for VLANs 30–40, utilizing both trunk links simultaneously.

7. An engineer uses `spanning-tree vlan 1 root primary` on SW1. Another switch already has a priority of 8192. What priority will SW1 receive?

A. 32768 — the command has no effect if another switch already has a lower priority B. 24576 — the macro always uses this fixed value C. 8192 — it matches the competitor's priority to force a MAC tiebreaker D. 4096 — the macro sets priority to 24576 normally, but reduces further to beat any existing lower priority it detects

Correct answer is D. The root primary macro sets the priority to 24576 if no other switch has a priority below 24576. However, if the macro detects another switch with a priority at or below 24576, it automatically reduces the priority further (by 4096 increments) until it is lower than that switch — ensuring the local switch wins the election. In this case, with a competitor at 8192, SW1 gets 4096.

8. How long does a port take to transition from Blocking to Forwarding in classic 802.1D STP, and what are the stages?

A. Up to 50 seconds — Blocking (20s Max Age) → Listening (15s) → Learning (15s) → Forwarding B. Up to 30 seconds — Blocking (15s) → Learning (15s) → Forwarding C. Up to 15 seconds — Listening (5s) → Learning (10s) → Forwarding D. 1–2 seconds — STP uses rapid convergence by default

Correct answer is A. Classic 802.1D STP convergence: Blocking state can last up to 20 seconds (Max Age timer) waiting for BPDUs to stop. Then Listening (15 seconds, Forward Delay) — no MAC learning, no forwarding. Then Learning (15 seconds, Forward Delay) — MAC learning begins, still no forwarding. Finally Forwarding — normal operation. Total: up to 50 seconds. This is why Rapid PVST+ was developed.

9. A network is experiencing a broadcast storm — all switch interfaces are maxed out and the network is unreachable. What is the most likely STP-related cause?

A. The root bridge priority is too low B. Two switches have the same MAC address C. STP has been disabled on one or more switches, or a BPDU Guard shutdown created an unblocked loop D. The STP forward delay timer is too short

Correct answer is C. A broadcast storm means frames are looping indefinitely — STP is not blocking the loop. The most common causes are: STP disabled on a switch (no spanning-tree vlan [id]), a port that should be blocked is now forwarding due to a misconfiguration, or a BPDU Guard shutdown left a redundant port in a forwarding state. Verify STP is running on all switches with show spanning-tree.

10. Which command would you use to confirm that NetsTuts_SW1 is the root bridge for VLAN 10 and see all port roles in one output?

A. show spanning-tree summary B. show spanning-tree vlan 10 C. show vlan brief D. show interfaces trunk

Correct answer is B. show spanning-tree vlan 10 provides the complete STP picture for VLAN 10 specifically — the Root ID section confirms who the root bridge is (and whether "This bridge is the root" appears), the Bridge ID section shows this switch's own priority and MAC, and the interface table shows every port's role (Desg/Root/Altn) and state (FWD/BLK). It is the single most important STP verification command.

Back to Home