Spanning Tree Best Practices

Spanning Tree Protocol (STP) is a control plane mechanism for Ethernet. It is used to create a Layer 2 topology (a tree) by placing the root switch on top of the tree.

I am explaining this topic in deep detail in my Onsite CCDE Live/Webex CCDE  Self Paced CCDE  and also my specialized “Live/Webex BGP Zero to Hero” course.


Since classical Ethernet works based on data plane learning and Ethernet frames don’t have TTL for loop prevention, loops are prevented by the STP blocking the links.

As you can see from the below figure, some links are blocked by the spanning tree. If Spanning Tree wouldn’t block those links, loop would occur in the below topology.


Spanning tree best practices

Spanning Tree blocks some links to mitigate switching loops


Loop has to be mitigated by blocking some links with the Spanning Tree but blocking links does not allow all available links to be used, nor does it provide multipathing.

In this post I am going to share some best practices which you should consider in Spanning Tree design.Some of the technologies may not be available in your network thus you may not follow the best practice. Thats is okay !

Network design doesn’t mean using always the best practices. Using best practices with the available hardware, software, technology and human who manage the network.

There might be other best or good practices, if you want to add anything please share in the comment box below.

Spanning Tree Best Practices:

  • Use RSTP or RPVST+ for fast convergence for direct and indirect failures.
  • Use MST for scaling. If you have large-scale VLAN deployment and CPU usages is a concern, take advantage of grouping VLANs to MST instance.
  • VLAN load-balancing can be cumbersome, but it has the advantage of using all uplinks.
  • Spanning tree avoids switching loops by blocking some links in the topology. If the requirement is to use all the available links, link can be grouped into a bundle.
  • LACP and the Cisco preparatory protocol PAGP are used to aggregate multiple physical links into a logical bundle.
  • LACP is a standard mechanism which can be used only between two switches or between multiple switches.
  • System ID which is generated by the System Priority and MAC address of the switches need to be same on two switches if there will be a Multichasis Ether channel.
  • For ease of troubleshooting, you can use one distribution switch as primary root switch for odd VLANs and use the other distribution as the primary root switch for even VLANs. This gives better predictability.
  • Always enable STP on the access-facing ports to protect the network from intentional or unintentional attacks.
  • Port-security is used as a STP loop avoidance mechanism at the edge of Layer 2 campus Ethernet networks.
  • Spanning Tree and the First Hop redundancy protocols should follow each other, it is called STP FHRP synchronization. Otherwise black holing and/or suboptimal forwarding occurs.


Leave a Reply

Your email address will not be published.