Introduction to Spanning-Tree

That makes total sense

Thank you!

1 Like

Question: BPDU Frame

How dose the switch determines a frame is a BPDU frame?

Hello Patrick

Take a look at this NetworkLessons note that describes the contents of a BPDU. From this, you can see that a BPDU has a specific structure and includes a protocol identifier that indicates what type of STP is being used, and also includes an identifier that states what type of BPDU is being sent.

Beyond the structure of the BPDU itself, there are lower layer protocols that also indicate to a switch receiving a frame, that it is a BPDU being sent. Take a look at this cloudshark capture of a BPDU frame being sent:

(this was taken from this cloudshark capture)

The BPDU frame information shown in the note above only deals with the layer of the packet titled Spanning Tree Protocol near the bottom of the capture.

Note that this BPDU is encapsulated within a Logical Link Control (LLC) layer PDU, which contains the information in the Destination Service Access Point (DSAP) field as a Spanning Tree BPDU, with a code of 0x42. This tells the switch that the encapsulated information is an STP BPDU.

But even that LLC layer is encapsulated within an IEEE 802.3 Ethernet frame, which in turn uses a destination MAC address of 01:80:c2:00:00:00. This is a well-known destination MAC address defined by IEEE 802.3D as the Spanning Tree for Bridges destination address.

All of the above information tells the switch that this is a BPDU, and it is interpreted as such.

I hope this has been helpful!


Thank you

I realize now that I need to learn more about 802.3; most of my training has been focused on ethernet 2.

Is there any recommended reading for the 802.3 frame format? I feel like gaining a better understanding here would do me some good.


Hello Patrick

Indeed, 802.3 Ethernet is a somewhat confusing concept when you know that both 802.3 and Ethernet II can operate seamlessly over the same infrastructure. I don’t have something specific to suggest for training material, but you can take a look at this post for some more info:

I will also create a NetworkLessons Note on this topic soon with some additional links, so you can also look out for that.

I hope this has been helpful!


Much Appreciated. That would be very helpful.

1 Like

Hello Patrick.

Here’s the NetworkLessons note on the topic of Ethernet frame types that I promised you.

Have a great day!


Awesome, thank you!!!


1 Like

Hey Rene,
As per my understanding, F0/1 should be blocked since it has the lower port no in the below case.

Please suggest.

Hello Aamir

When selecting which port to block on a switch, the following four parameters that are found within received BPDUs. Specifically, one BPDU is considered superior to another if it has:

  1. The lower root bridge ID
  2. The lower path cost to the Root
  3. The lower sending Bridge ID
  4. The lower sending port ID

These parameters are checked in order, and the next is only checked if the previous is a tie. So in this case, SW2 will receive BPDUs from the ROOT on both links. Both root bridge IDs are the same, both path costs are the same, and both sending Bridge IDs are the same. The last thing to check is the sending port ID.

Fa0/1 on SW2 receives a BPDU with the port ID of Fa0/1 from SW1. Similarly, Fa0/2 on SW2 receives a BPDU with the port ID of Fa0/2 from SW1. The port that receives a BPDU with the lowest port ID is the one chosen to forward traffic. Therefore Fa0/2 on SW2 becomes blocked. Does that make sense?

I hope this has been helpful!


hello Lazaros,
Thanks for the explanation. I appreciate that.

1 Like

Hi Rene,

Somebody maybe already ask this question. I just curious about this statement below,

‘SW1 will forward this broadcast frame on all it interfaces, except the interface where it received the frame on’

is that means SW2 will received two ARP packets at the same time on its fa0/0 and fa0/1 interfaces, or is that only one packet at a time?

Thank You

Hello Christevand

This statement simply indicates the fundamental operation of a switch. If we were to assume that Spanning Tree Protocol (STP) is not functioning at all, then the answer to your question is that yes, SW2 will receive ARP requests on both Fa0/0 and Fa0/1.

This however, as further described in the lesson, would cause problems, because SW2 would then take the ARP request it got on Fa0/0 and it would send it out of Fa0/1, and it would take the ARP request it got on Fa0/1 and send it out of Fa0/0. This results in a layer 2 loop, and a broadcast storm will take place, causing both switches to be overwhelmed, resulting in massive network slowdowns.

This example shows why STP is necessary. If STP is enabled, as it should be, this will not happen. STP will cause one of the two links between the two switches to be in a blocking state, thus only one of the two interfaces (Fa0/0 or Fa0/1) on SW2 will receive the ARP request. Which port that will be depends on the STP configuration. This resolves the layer 2 loop problem. Does that make sense?

I hope this has been helpful!


Hi Laz,

This is now make sense. Thank you for answering, much appreciate it!


1 Like

Hi Rene
I am not understanding how this topology would cause a switching loop. When H1 sends and arp request, SW1 will broadcast the frame out of all its ports except the source port. When Sw2 gets the broadcasts from both the gig1 and gig2 interfaces, the switch would check its MAC address table against the destination MAC address of the ETH Frame and send both frames to H2. Im not understanding how the frame would again be broadcasted out of SW2. Please help me understand where my thinking is wrong here.

Hello Pancratius

ARP requests use a destination MAC address of FF:FF:FF:FF:FF:FF. This is a broadcast address. When a frame with this address as a destination is received on a switch, it will be sent out of all of the switch’s ports except the one it received it on. So the MAC address table does not play any role when such a frame is received.

So if such a frame is received on Fa0/0 of SW2 it will be sent out of all ports including Fa0/1, and will be sent back to SW1. Similarly, it is also received on Fa0/1 of SW2 and it will be sent back to SW1 via Fa0/0. SW1 will receive these broadcasts and will rebroadcast them to all ports including those going back to SW2, and so on, resulting in a broadcast storm due to a Layer 2 loop. Does that make sense?

For more information about ARP, take a look at this lesson:

I hope this has been helpful!


Hi Lazaros
This does help a lot. But I have one more question. When the broadcast of FF:FF:FF:FF:FF:FF arrives at SW2, it will eventually get to H2 and H2 would reply to the ARP request. The SW2 should then add H2s mac address to the table wouldnt it? I know this would not stop the broadcast storm but just wanted clarity on this regard.

Hello Pancratius

Yes that is exactly correct. Because the ARP reply from H2 contains H2’s MAC address in the source MAC address field of the frame, the switch will place that MAC address into the MAC address table, and it will correspond with the port number on which H2 is connected to the switch.

This is true of any frame that arrives on a switch’s port, the source MAC address in the header will be added to the MAC address table.

I hope this has been helpful!


I would recommend explaining that the number next to Port on non Root Switches is the number of ports in a forwarding state/designated ports. I only found that out by labbing. An example is from my lab below Port 2 to the left of GigE0/1 Unless I missed is :wink: Entirely possible. Love this material it is the best I have found so thanks!

  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     5254.000a.cd63
             Cost        4
             Port        2 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Hello Andrew!

Actually, the information that is displayed after the word “Port” in the output in your post indicates which port on the switch is the root port for VLAN 1.

Notice it says GigabitEthernet0/1 in brackets. That’s the port using the typical designations we use to identify ports on a switch. However, STP uses an internal port reference number to identify ports, and that is what the number “2” here signifies. These STP port numbers are assigned in sequential order to all ports on a switch including management ports, fixed and modular physical ports, as well as virtual ports (SVIs) and tunnel ports.

How these numbers are assigned depends upon the platform and IOS version, and the configuration of any modular components of the switch.

These port numbers are an important part of STP as they also play a tie-breaking role in determining which port will be blocked. This is especially the case when two switches have multiple links between them, as shown at the end of this lesson. This number is the ultimate tiebreaker in such cases. Does that make sense?

I hope this has been helpful!