NetPilot
Back to Blog
Tutorial6 min

STP and RSTP Lab: Root Bridge Election

Hands-on spanning tree lab: understand root bridge election, port roles, and RSTP convergence. Configure, verify, and troubleshoot STP.

S
Sarah Chen
Network Engineer

Spanning Tree Protocol is one of the most confusing CCNA topics — not because it's complex, but because it's hard to visualize. You can't easily see STP working by looking at a single switch. You need multiple switches, redundant links, and the ability to watch what happens when things break.

This lab builds a 4-switch topology where you can observe root bridge election, port roles, and convergence behavior firsthand.

To generate this lab instantly:

Build a spanning tree lab with 4 switches in a ring topology.
All switches connected: SW1-SW2, SW2-SW3, SW3-SW4, SW4-SW1.
Also connect SW1-SW3 for a diagonal redundant link.
Create VLANs 10 and 20 on all switches.

The Lab Topology

  • SW1, SW2, SW3, SW4 — four L2 switches in a ring with one diagonal link
  • 5 links total — creating multiple loops that STP must resolve
  • VLANs 10 and 20 — to practice per-VLAN spanning tree (PVST+)

Without STP, this topology would cause a broadcast storm within seconds. STP prevents that by blocking redundant links.

Step 1: Check the Default State

Before changing anything, see what STP decided on its own:

SW1# show spanning-tree
 
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     aabb.cc00.0100
             This bridge is the root
 
  Bridge ID  Priority    32769
             Address     aabb.cc00.0100
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- ----
Gi0/0            Desg FWD 4         128.1    P2p
Gi0/1            Desg FWD 4         128.2    P2p
Gi0/2            Desg FWD 4         128.3    P2p

Key things to observe:

  • Root ID — the switch with the lowest bridge ID wins. Bridge ID = priority (default 32768) + VLAN number + MAC address.
  • "This bridge is the root" — SW1 won the election because it has the lowest MAC address (with equal priorities).
  • All ports Designated/Forwarding — the root bridge has all ports in forwarding state.

Now check a non-root switch:

SW3# show spanning-tree
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- ----
Gi0/0            Root FWD 4         128.1    P2p
Gi0/1            Desg FWD 4         128.2    P2p
Gi0/2            Altn BLK 4         128.3    P2p
  • Root port (Root/FWD) — the best path to the root bridge. Every non-root switch has exactly one.
  • Designated port (Desg/FWD) — forwards traffic on the segment. One per segment.
  • Alternate port (Altn/BLK) — blocked to prevent loops. This is STP doing its job.

Step 2: Manually Set the Root Bridge

In production, you should always set the root bridge intentionally — don't leave it to the lowest MAC address.

Make SW2 the root bridge for VLAN 10, and SW3 the root for VLAN 20:

SW2(config)# spanning-tree vlan 10 root primary
SW2(config)# spanning-tree vlan 20 root secondary
SW3(config)# spanning-tree vlan 20 root primary
SW3(config)# spanning-tree vlan 10 root secondary

What these commands do:

  • root primary sets priority to 24576 (lower = more likely to win)
  • root secondary sets priority to 28672 (backup if primary fails)

Verify:

SW2# show spanning-tree vlan 10 | include Root
  Root ID    Priority    24586
             Address     aabb.cc00.0200
             This bridge is the root

Now VLAN 10 traffic follows a different spanning tree than VLAN 20. This is per-VLAN spanning tree (PVST+) — it lets you load-balance traffic across redundant links by using different root bridges per VLAN.

Step 3: Understand Port Role Selection

STP chooses port roles based on cost to reach the root bridge:

Link SpeedSTP Cost
10 Gbps2
1 Gbps4
100 Mbps19
10 Mbps100

For each non-root switch, the port with the lowest cumulative cost to the root becomes the root port. On each network segment, the port closest to the root (lowest cost) becomes the designated port. Everything else gets blocked.

Trace the path from SW4 to the root (SW2) for VLAN 10:

SW4# show spanning-tree vlan 10
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- ----
Gi0/0            Root FWD 4         128.1    P2p
Gi0/1            Altn BLK 4         128.2    P2p
Gi0/2            Desg FWD 4         128.3    P2p

Gi0/0 is the root port because it offers the shortest path (lowest cost) to SW2.

Step 4: Break Things and Watch STP Converge

This is where the real learning happens. Shut down the root port on SW4 and watch STP react:

SW4(config)# interface GigabitEthernet0/0
SW4(config-if)# shutdown

With classic STP (802.1D): Convergence takes 30-50 seconds. The alternate port transitions through listening (15s) → learning (15s) → forwarding.

! Watch the transition
SW4# show spanning-tree vlan 10
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- ----
Gi0/1            Root LIS 4         128.2    P2p    ← was Alternate, now becoming Root
Gi0/2            Desg FWD 4         128.3    P2p

After 30 seconds:

Gi0/1            Root FWD 4         128.2    P2p    ← now forwarding

Bring the interface back up and try with RSTP:

SW4(config-if)# no shutdown

Step 5: Switch to Rapid Spanning Tree (RSTP)

RSTP (802.1w) converges in 1-2 seconds instead of 30-50. Configure on all switches:

SW1(config)# spanning-tree mode rapid-pvst
SW2(config)# spanning-tree mode rapid-pvst
SW3(config)# spanning-tree mode rapid-pvst
SW4(config)# spanning-tree mode rapid-pvst

Now repeat the experiment — shut down SW4's root port:

SW4(config)# interface GigabitEthernet0/0
SW4(config-if)# shutdown

The alternate port transitions to root port almost instantly. That's because RSTP pre-calculates the alternate path and can switch over without waiting through listening/learning states.

Verify the faster convergence:

SW4# show spanning-tree vlan 10
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- ----
Gi0/1            Root FWD 4         128.2    P2p    ← immediately forwarding
Gi0/2            Desg FWD 4         128.3    P2p

Common STP Mistakes

1. Not setting a root bridge intentionally

If you let STP auto-elect the root based on MAC address, it might pick a switch in a bad location (like an access switch at the edge). Always use spanning-tree vlan X root primary.

2. Mismatching STP modes

If some switches run STP and others run RSTP, they'll interoperate but you lose RSTP's fast convergence benefits. Keep all switches on the same mode.

3. Forgetting STP runs per-VLAN (in PVST+)

Each VLAN has its own spanning tree instance. A port might be forwarding for VLAN 10 but blocked for VLAN 20. Always specify the VLAN when checking: show spanning-tree vlan 10.

Key Exam Concepts

  • Root bridge has the lowest bridge ID (priority + MAC)
  • Every non-root switch has exactly one root port
  • Each segment has exactly one designated port
  • All other redundant ports are blocked (alternate in RSTP)
  • RSTP converges in 1-2 seconds vs STP's 30-50 seconds
  • PVST+ runs a separate STP instance per VLAN

What's Next

STP pairs well with:

  • VLANs and trunking — STP runs per-VLAN on trunk links. See the VLAN lab guide.
  • EtherChannel — bundles multiple physical links into one logical link, reducing the number of ports STP needs to block
  • Layer 3 switching — in modern networks, L3 switches reduce the need for large L2 STP domains

For more CCNA practice, explore the hardest CCNA topics or check out all CCNA labs.

Ready to practice? Get started with NetPilot — describe your spanning tree topology and get a working lab in under 2 minutes.

Try NetPilot Free

Build enterprise-grade network labs in seconds with AI assistance

Get Started Free