Introduction to Spanning-Tree

Awesome, thank you!!!


1 Like

Hey Rene,
As per my understanding, F0/1 should be blocked since it has the lower port no in the below case.

Please suggest.

Hello Aamir

When selecting which port to block on a switch, the following four parameters that are found within received BPDUs. Specifically, one BPDU is considered superior to another if it has:

  1. The lower root bridge ID
  2. The lower path cost to the Root
  3. The lower sending Bridge ID
  4. The lower sending port ID

These parameters are checked in order, and the next is only checked if the previous is a tie. So in this case, SW2 will receive BPDUs from the ROOT on both links. Both root bridge IDs are the same, both path costs are the same, and both sending Bridge IDs are the same. The last thing to check is the sending port ID.

Fa0/1 on SW2 receives a BPDU with the port ID of Fa0/1 from SW1. Similarly, Fa0/2 on SW2 receives a BPDU with the port ID of Fa0/2 from SW1. The port that receives a BPDU with the lowest port ID is the one chosen to forward traffic. Therefore Fa0/2 on SW2 becomes blocked. Does that make sense?

I hope this has been helpful!


hello Lazaros,
Thanks for the explanation. I appreciate that.

1 Like

Hi Rene,

Somebody maybe already ask this question. I just curious about this statement below,

‘SW1 will forward this broadcast frame on all it interfaces, except the interface where it received the frame on’

is that means SW2 will received two ARP packets at the same time on its fa0/0 and fa0/1 interfaces, or is that only one packet at a time?

Thank You

Hello Christevand

This statement simply indicates the fundamental operation of a switch. If we were to assume that Spanning Tree Protocol (STP) is not functioning at all, then the answer to your question is that yes, SW2 will receive ARP requests on both Fa0/0 and Fa0/1.

This however, as further described in the lesson, would cause problems, because SW2 would then take the ARP request it got on Fa0/0 and it would send it out of Fa0/1, and it would take the ARP request it got on Fa0/1 and send it out of Fa0/0. This results in a layer 2 loop, and a broadcast storm will take place, causing both switches to be overwhelmed, resulting in massive network slowdowns.

This example shows why STP is necessary. If STP is enabled, as it should be, this will not happen. STP will cause one of the two links between the two switches to be in a blocking state, thus only one of the two interfaces (Fa0/0 or Fa0/1) on SW2 will receive the ARP request. Which port that will be depends on the STP configuration. This resolves the layer 2 loop problem. Does that make sense?

I hope this has been helpful!


Hi Laz,

This is now make sense. Thank you for answering, much appreciate it!


1 Like

Hi Rene
I am not understanding how this topology would cause a switching loop. When H1 sends and arp request, SW1 will broadcast the frame out of all its ports except the source port. When Sw2 gets the broadcasts from both the gig1 and gig2 interfaces, the switch would check its MAC address table against the destination MAC address of the ETH Frame and send both frames to H2. Im not understanding how the frame would again be broadcasted out of SW2. Please help me understand where my thinking is wrong here.

Hello Pancratius

ARP requests use a destination MAC address of FF:FF:FF:FF:FF:FF. This is a broadcast address. When a frame with this address as a destination is received on a switch, it will be sent out of all of the switch’s ports except the one it received it on. So the MAC address table does not play any role when such a frame is received.

So if such a frame is received on Fa0/0 of SW2 it will be sent out of all ports including Fa0/1, and will be sent back to SW1. Similarly, it is also received on Fa0/1 of SW2 and it will be sent back to SW1 via Fa0/0. SW1 will receive these broadcasts and will rebroadcast them to all ports including those going back to SW2, and so on, resulting in a broadcast storm due to a Layer 2 loop. Does that make sense?

For more information about ARP, take a look at this lesson:

I hope this has been helpful!


Hi Lazaros
This does help a lot. But I have one more question. When the broadcast of FF:FF:FF:FF:FF:FF arrives at SW2, it will eventually get to H2 and H2 would reply to the ARP request. The SW2 should then add H2s mac address to the table wouldnt it? I know this would not stop the broadcast storm but just wanted clarity on this regard.

Hello Pancratius

Yes that is exactly correct. Because the ARP reply from H2 contains H2’s MAC address in the source MAC address field of the frame, the switch will place that MAC address into the MAC address table, and it will correspond with the port number on which H2 is connected to the switch.

This is true of any frame that arrives on a switch’s port, the source MAC address in the header will be added to the MAC address table.

I hope this has been helpful!


I would recommend explaining that the number next to Port on non Root Switches is the number of ports in a forwarding state/designated ports. I only found that out by labbing. An example is from my lab below Port 2 to the left of GigE0/1 Unless I missed is :wink: Entirely possible. Love this material it is the best I have found so thanks!

  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     5254.000a.cd63
             Cost        4
             Port        2 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Hello Andrew!

Actually, the information that is displayed after the word “Port” in the output in your post indicates which port on the switch is the root port for VLAN 1.

Notice it says GigabitEthernet0/1 in brackets. That’s the port using the typical designations we use to identify ports on a switch. However, STP uses an internal port reference number to identify ports, and that is what the number “2” here signifies. These STP port numbers are assigned in sequential order to all ports on a switch including management ports, fixed and modular physical ports, as well as virtual ports (SVIs) and tunnel ports.

How these numbers are assigned depends upon the platform and IOS version, and the configuration of any modular components of the switch.

These port numbers are an important part of STP as they also play a tie-breaking role in determining which port will be blocked. This is especially the case when two switches have multiple links between them, as shown at the end of this lesson. This number is the ultimate tiebreaker in such cases. Does that make sense?

I hope this has been helpful!


Hi Rene,
I am not sure if it was mentioned somewhere in this deep blog conversation topics, but I am happy to refresh this context to check my understanding.
My understanding is that STP follows this flow:
a) elects a root switch
b) selects the root ports on non-root switches
c) assign the designated ports
Next, when two designated ports on the same physical link are joined , STP decide which will be designated and which one must be clocked. STP or more precisely STA algorithm checks root cost for both designated ports and one with lower cost wins (it means stays designated). If costs are the same we have the next possible rules: Lower bridge ID, lower priority, or lower internal port number.
I think , Rene in this lesson took assumption that all ports have the same cost. Therefore, compared both designated ports by lower BID to select blocked port. Hope, it make a sense.
Guys , just thank you for your great work. This portal is great , from the last year I gained a lot of knowledge here , here the material is delivered in perfect way ! appreciated.

Hello Rafal

You’ve got a good grasp on how the Spanning Tree Protocol (STP) works. You’re correct that the STP process involves electing a root switch, selecting root ports on non-root switches, and assigning designated ports.

When two designated ports on the same physical link are connected, STP does indeed decide which will remain designated and which one will be blocked. This decision is based on the root path cost, with the port having the lower cost winning. If the costs are the same, as you pointed out, the tie-breakers are lower bridge ID, lower priority, and lower internal port number, in that order.

Rene’s assumption that all ports have the same cost is a simplification for the sake of explanation. In a real network, port costs may vary depending on the speed of the link, with lower costs assigned to faster links.

I’m glad to hear that you find NetworkLessons helpful and that it has contributed to your knowledge. We’re here to help, so don’t hesitate to reach out if you have any more questions!

I hope this has been helpful!


Thank you Laz !
thank you to build up my confidence with STP. Now your answer is purely clear for me. I greatly appreciate it. This is like private lesson. Amazing. :smile:
thanks again for your time.

1 Like

I don’t understand the use of a designated port on the segment that when the other end is a blocked port (only listen to BPDUs)?

Hello Kin

I assume you’re talking about this topology from the Intro to Spanning Tree lesson:

On SW2, we have a designated port Fa1/0 which is connected to Fa1/0 of SW3 which is blocked (or alternate, which is what the “A” stands for). So the question is, how can you have a designated port connected to a blocked port on the other end?

It does sound somewhat strange, but that’s the way that STP operates. For any physical loop created, it only takes the blocking of a single port to eliminate that loop. The other end of that link remains a designated port, but it simply doesn’t send or receive any data. This design approach is necessary, because at any time, the topology may change, and that blocked port may become a designated port.

Let’s say the link between SW1 and SW2 goes down. STP will reconverge, and Fa1/0 on SW3 will become a designated port, and will start to send data. The Fa1/0 port on SW2 is already a designated port and will immediately be able to receive and send data to SW3. So that port remains designated to be prepared for any topology changes without the need for the time-consuming processes it to change its role.

Now as for the BPDUs, yes, that designated port will still send and receive BPDUs. But you know what? Blocked ports also receive BPDUs as well, and they process them.

So you see, this is the setup in order to ensure that reconvergence will take place quickly without the need for additional processing and altering of port roles. Does that make sense?

I hope this has been helpful!


1 Like