You have five switches in a Layer-2 domain. STP needs to pick one of them as the root bridge. The rule is "lowest priority wins; if priorities tie, lowest MAC address wins." Simple enough. But why does it work? What do the switches actually exchange? What happens when you plug in a new switch with a much lower MAC? And why does Cisco Packet Tracer make convergence look instant when real switches take 30-50 seconds?
This is the tutor-voice walkthrough a CCNA book would need 30 pages for.
The one-line framing: Every STP decision comes down to one question: "who is closer to the root?" The root is chosen by election (this post), and every other decision in STP — root port, designated port, blocked port — follows from "closer to the root wins." Understand the election and everything else follows.
Why You Need an Election At All
Layer 2 switched networks create loops when you have redundant paths. A loop means a broadcast frame circulates forever, consuming bandwidth and eventually collapsing the network (broadcast storm). Every L2 textbook has a picture of three switches in a triangle with an arrow labeled "this frame never stops."
STP prevents loops by building a loop-free tree over the Layer 2 topology. A tree has one root. So before STP can block any loop-creating link, it needs to decide: which switch is the root?
That's the election.
The Bridge ID
Every switch has a Bridge ID: a 64-bit value consisting of:
- Priority (16 bits, default 32768, must be increment of 4096)
- MAC address (48 bits, unique per switch)
Modern STP uses Extended System ID — the VLAN number occupies the lower 12 bits of the priority field, so the actual configurable priority is the upper 4 bits. This is why priority values like 32768, 4096, 8192, etc. — they're all multiples of 4096. On real IOS: spanning-tree vlan 10 priority 4096 is valid; priority 5000 is rejected.
Ask yourself: Given that every switch has a unique MAC, isn't MAC alone enough to pick a root?
Yes — MAC alone would work. But the algorithm uses priority first so that operators can force a preference. You want a specific switch to be the root (typically a powerful core switch) — you lower its priority. MAC-based tiebreak is the fallback when operators don't express a preference.
BPDU: the Ballot
Switches exchange Bridge Protocol Data Units (BPDUs). A BPDU is a multicast frame (destination MAC 01:80:C2:00:00:00) sent every 2 seconds. Every BPDU contains:
- Root Bridge ID (the sender's current belief about who the root is)
- Root Path Cost (the sender's cost to reach that root)
- Sender Bridge ID
- Port ID (which port the BPDU was sent out)
- Timers (MaxAge, Hello, Forward Delay)
When a switch receives a BPDU, it compares the BPDU's Root Bridge ID to its own current belief. Lower Root Bridge ID wins. If the BPDU advertises a lower Root Bridge ID than what the switch currently believes, the switch updates its belief and starts forwarding that new information.
This is a distributed election. Every switch runs the same comparison locally. Over 30-50 seconds, consensus emerges.
Walking Through an Election
Let's trace an election with five switches, all default priority 32768, with MAC addresses:
- SW1:
0000.0000.0001 - SW2:
0000.0000.0002 - SW3:
0000.0000.0003 - SW4:
0000.0000.0004 - SW5:
0000.0000.0005
Step 1. All switches come up. Each initially believes itself to be the root. Each sends BPDUs advertising "I am the root, Bridge ID = my own."
Step 2. SW2 receives SW1's BPDU. SW1's Bridge ID (32768.0000.0000.0001) is lower than SW2's own (32768.0000.0000.0002). SW2 updates: "the root is SW1." SW2 stops advertising itself as root.
Step 3. SW3 receives SW2's BPDU, now advertising SW1. SW3 compares SW1's Bridge ID to its own. SW1 wins. SW3 updates: "the root is SW1, reachable via SW2 with cost X."
Step 4. Meanwhile, SW3 may also directly receive SW1's BPDU (depending on topology). Either way, SW3 converges on "root = SW1."
Step 5. SW4 and SW5 follow the same process. After enough BPDU cycles (typically several seconds for BPDU propagation, then 30-50 seconds total for full convergence including listening/learning/forwarding transitions), the whole network agrees: SW1 is the root.
Ask yourself: What if I now plug in SW0 with MAC 0000.0000.0000?
SW0 advertises itself as root. BPDUs propagate. Every switch recalculates with SW0's lower Bridge ID. The root moves to SW0, which causes topology changes, which cause MAC-address-table flushes on many switches. This is why you don't add unknown switches to production networks without setting priority first — they can hijack root status unintentionally.
Priority Tiebreak: the Practical Case
In a real CCNA lab or production network, you don't rely on MAC tiebreak for root selection. You explicitly set priority on the switches you want to be root and backup-root:
SW1(config)# spanning-tree vlan 1 priority 4096
SW2(config)# spanning-tree vlan 1 priority 8192
Now SW1 is root (priority 4096 < 8192 < 32768). If SW1 fails, SW2 takes over (priority 8192 < 32768 default on other switches). This is the primary/backup root pattern — every CCNA-level design should do this.
The shortcut Cisco syntax:
SW1(config)# spanning-tree vlan 1 root primary
SW2(config)# spanning-tree vlan 1 root secondary
root primary sets priority 24576 (or 4096 less than the current root, whichever is lower). root secondary sets 28672. It's a convenience macro, not a separate feature.
Why Lowest MAC Wins (and When It Matters)
When priorities are equal, MAC-address tiebreak applies. Lowest MAC wins. But here's the CCNA-gotcha: lowest MAC = the oldest switch, typically. MACs are assigned in rough order of manufacture. So in an untouched network of switches from the same vendor over time, the oldest switch often becomes root — not because it's the best choice, but because it happened to get manufactured first.
This is why every engineer sets priority explicitly. Leaving it to MAC is accepting chaos.
Convergence Timing: Where Cisco Packet Tracer Differs From Real Switches
Classic STP (802.1D) timings are:
- Hello interval: 2 seconds (BPDU frequency)
- Forward Delay: 15 seconds (per state transition: listening → learning)
- MaxAge: 20 seconds (how long a switch holds stale root info)
When the root fails or the topology changes significantly, re-convergence takes ~30-50 seconds total. A port goes from Blocking → Listening (15s) → Learning (15s) → Forwarding. That's 30 seconds at minimum; more with MaxAge expiration.
Cisco Packet Tracer simulates STP convergence but compresses the timing. On real hardware, you can watch show spanning-tree during a failure and see the port move through states over 30+ seconds — useful CCNA learning. In Packet Tracer, this often happens in a few seconds because PT's simulated clock advances faster than real time.
Why this matters for CCNA: the exam asks you how long STP convergence takes (answer: 30-50 seconds for 802.1D, much less for 802.1w RSTP). You need to have seen it take that long on real hardware to internalize the answer. PT's compressed convergence hides the real behavior.
How to see real STP convergence: upload your topology to NetPilot and SSH into switches on real Cisco IOL. Trigger a failure (shutdown the root's active uplink). Watch show spanning-tree change in real time — 30 seconds of waiting is instructive in a way PT can't replicate.
RSTP (802.1w) — Why Modern Networks Are Faster
Real-world networks don't use 802.1D anymore — they use Rapid Spanning Tree Protocol (RSTP, 802.1w). Same election mechanism (lowest Bridge ID wins), faster convergence.
RSTP adds:
- Proposal/Agreement handshake between directly connected switches — negotiates forwarding state in under a second per link
- Alternate port role — pre-computed backup path ready to take over without transitioning through states
- Edge port (similar to Cisco's PortFast) — skips the Listening/Learning states entirely for end-host ports
RSTP convergence time: under 2 seconds in well-designed networks, vs 30-50 for 802.1D.
Cisco's default is now Per-VLAN RSTP (PVST+ with RSTP extensions). If your CCNA study material still teaches 802.1D as the default, it's dated — mentally update it to RSTP when you work on real switches.
FAQ
How does STP pick the root bridge?
Every switch generates a Bridge ID from its configured priority (default 32768) and its base MAC address. Switches exchange BPDUs every 2 seconds, each initially claiming to be the root. When a switch receives a BPDU advertising a lower Bridge ID than its own, it updates its belief and propagates the new root. After 30-50 seconds of BPDU exchange, all switches converge on the same root — the one with the lowest Bridge ID (lowest priority; if priorities tie, lowest MAC).
What happens in STP when two switches have the same priority?
The MAC address tiebreaker decides — lowest MAC wins. Since MACs are unique, this always produces a deterministic result. In practice, you should never rely on MAC tiebreak in production — always explicitly set priority on the intended root (spanning-tree vlan X priority 4096) and backup root (priority 8192) so your design is intentional rather than accidental.
What is a BPDU in STP?
Bridge Protocol Data Unit — a multicast frame (destination MAC 01:80:C2:00:00:00) that switches exchange every 2 seconds to share STP topology information. A BPDU contains the sender's current belief about the root (Root Bridge ID), its cost to reach that root, its own Bridge ID, the port ID the BPDU was sent from, and timer values. BPDUs drive the entire STP election and topology-maintenance process.
Why does Cisco Packet Tracer show STP converging faster than real switches?
Cisco Packet Tracer is a simulator with a compressed virtual clock. Real STP (802.1D) convergence takes 30-50 seconds due to Listening (15s) + Learning (15s) + MaxAge timing. PT shows state transitions happen in a few seconds, which is useful for seeing the mechanism but misleading for the timing. To observe real convergence, run the same topology on real Cisco IOL via NetPilot or similar. RSTP (802.1w) converges in under 2 seconds on real hardware.
What's the difference between 802.1D STP and 802.1w RSTP?
Same election mechanism (lowest Bridge ID wins), faster convergence. 802.1D (classic STP) takes 30-50 seconds to converge via Listening → Learning → Forwarding state transitions. 802.1w (RSTP) converges in under 2 seconds using a proposal/agreement handshake between adjacent switches and a pre-computed Alternate port role ready for failover. Modern Cisco switches default to PVST+ with RSTP extensions. CCNA covers both; production networks run RSTP.
Related reading
- OSPF Area Types Explained for CCNA — moving up to Layer 3 interior routing
- BGP Path Selection Walkthrough — decision algorithm pattern similar to STP's election
- Cisco Packet Tracer vs Real IOS Cheat Sheet — the full list of simulator timing divergences
- CCNA Practice Lab — NetPilot's CCNA-focused product page
Copy-paste ready: Practice STP root-bridge election on real Cisco IOL using the CCNA Switching prompts.
Want to watch real 30-second STP convergence with show spanning-tree output? Open NetPilot — describe a triangle of 3 switches, trigger a root-uplink failure, watch port states transition over real time.