Spanning Tree Protocol
Spanning Tree Protocol
Section titled “Spanning Tree Protocol”Summary
Section titled “Summary”The Spanning Tree Protocol (STP) provides loop-free Layer 2 network topologies while maintaining redundant links. When connecting multiple bridges or cross-connecting bridge ports, network loops can form and severely impact network stability. STP resolves this by electively blocking certain ports while ensuring all bridges remain reachable through active paths.
This documentation covers STP, Rapid STP (RSTP), and Multiple STP (MSTP) configuration in RouterOS. For switch chip-specific STP features, refer to the CRS3xx, CRS5xx, CCR2116, CCR2216 Switch Chip Features documentation.
Topology
Section titled “Topology”
Quick Start
Section titled “Quick Start”Enable STP on a bridge interface:
/interface bridgeadd name=bridge1 protocol-mode=rstp
/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3Verify STP status:
/interface bridge monitor bridge1Expected output:
state: enabled current-mac-address: 74:4D:28:6F:31:10 bridge-id: 0x8000.74:4D:28:6F:31:10 root-bridge: yes root-bridge-id: 0.74:4D:28:6F:31:10 root-path-cost: 0 port-count: 3Monitoring STP
Section titled “Monitoring STP”Bridge Status
Section titled “Bridge Status”Check the overall STP status of a bridge:
/interface bridge monitor bridge1Key fields:
- root-bridge: Whether this bridge is the root bridge (yes/no)
- root-bridge-id: The bridge ID of the root bridge (priority.MAC)
- root-path-cost: Cost to reach the root bridge
- root-port: The port used to reach the root bridge
Port Status
Section titled “Port Status”Check STP status on individual ports:
/interface bridge port monitor [find interface=ether2]Key fields:
- role: Root port, designated port, alternate port, backup port, or disabled
- edge-port: Whether the port is operating as an edge port
- port-id: The port ID (priority.port number)
- designated-bridge-id: The bridge ID of the designated bridge for this segment
STP and RSTP
Section titled “STP and RSTP”STP vs RSTP
Section titled “STP vs RSTP”| Feature | STP | RSTP |
|---|---|---|
| Convergence | Up to 50 seconds | Few seconds or milliseconds |
| Port States | Forwarding, Listening, Learning, Blocking, Disabled | Forwarding, Learning, Discarding |
| Backward Compatible | No | Yes |
Recommendation: Use RSTP instead of STP for faster convergence. RSTP is backward compatible with STP.
Port Roles (RSTP)
Section titled “Port Roles (RSTP)”- Root Port: Port facing the root bridge with the best path (lowest cost)
- Designated Port: Port forwarding away from the root bridge
- Alternate Port: Backup path to the root bridge
- Backup Port: Backup for a designated port on the same segment
- Disabled Port: Port that is administratively disabled
Port States (RSTP)
Section titled “Port States (RSTP)”| State | Forwarding | Learning | Description |
|---|---|---|---|
| Forwarding | Yes | Yes | Active, learning MACs |
| Learning | No | Yes | Preparing, not forwarding |
| Discarding | No | No | Blocked, not learning |
Configuration
Section titled “Configuration”Basic STP Configuration
Section titled “Basic STP Configuration”Create a bridge with STP enabled:
/interface bridgeadd name=bridge1 protocol-mode=stp
/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3Basic RSTP Configuration (Recommended)
Section titled “Basic RSTP Configuration (Recommended)”/interface bridgeadd name=bridge1 protocol-mode=rstp
/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3Setting Bridge Priority
Section titled “Setting Bridge Priority”Lower priority values are preferred for root bridge election:
/interface bridgeadd name=bridge1 priority=0x1000 protocol-mode=rstpValid priorities: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440
Configuring Edge Ports
Section titled “Configuring Edge Ports”Edge ports skip the learning/listening states and immediately forward traffic. Use for access ports:
/interface bridge portadd bridge=bridge1 interface=ether1 edge=yesadd bridge=bridge1 interface=ether2 edge=yesadd bridge=bridge1 interface=ether3Configuring Port Path Cost
Section titled “Configuring Port Path Cost”Control which path is preferred by adjusting path costs:
/interface bridge portset [find interface=ether2] path-cost=10Configuring Port Priority
Section titled “Configuring Port Priority”Control which port is preferred when costs are equal:
/interface bridge portset [find interface=ether2] priority=0x40Point-to-Point Links
Section titled “Point-to-Point Links”For full-duplex links, enable point-to-point for faster convergence:
/interface bridge portset [find interface=ether1] point-to-point=yesDefault Values
Section titled “Default Values”| Parameter | Default |
|---|---|
| Bridge Priority | 32768 (0x8000) |
| Port Priority | 0x80 (128) |
| Port Path Cost | Based on interface speed |
| Hello Time | 2 seconds |
| Max Message Age | 20 |
Default Path Costs (Long Mode)
Section titled “Default Path Costs (Long Mode)”| Interface Speed | Path Cost |
|---|---|
| 10 Mbps | 2,000,000 |
| 100 Mbps | 200,000 |
| 1 Gbps | 20,000 |
| 10 Gbps | 2,000 |
| 25 Gbps | 800 |
| 40 Gbps | 500 |
| 50 Gbps | 400 |
| 100 Gbps | 200 |
Path Cost Mode
Section titled “Path Cost Mode”Set the port cost mode:
/interface bridge set bridge1 port-cost-mode=long- long: Uses IEEE 802.1D style costs (default)
- short: Uses 802.1w style costs
Election Process
Section titled “Election Process”Root Bridge Election
Section titled “Root Bridge Election”- Lowest bridge priority wins
- Lowest MAC address wins
Root Port Election
Section titled “Root Port Election”- Lowest root path cost wins
- Lowest upstream bridge ID wins
- Lowest port ID wins
Configuration Examples
Section titled “Configuration Examples”Basic Redundancy
Section titled “Basic Redundancy”Three switches with redundancy:
Root Bridge (SW1):
/interface bridgeadd name=bridge priority=0x1000 protocol-mode=rstp
/interface bridge portadd bridge=bridge interface=ether1 priority=0x60add bridge=bridge interface=ether2 priority=0x50add bridge=bridge interface=ether3SW2:
/interface bridgeadd name=bridge priority=0x2000 protocol-mode=rstp
/interface bridge portadd bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether3SW3:
/interface bridgeadd name=bridge priority=0x3000 protocol-mode=rstp
/interface bridge portadd bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether3Root Path Cost Example
Section titled “Root Path Cost Example”Configure path costs to control traffic flow:
/interface bridge portset [find interface=ether1] path-cost=25set [find interface=ether2] path-cost=10The port with the lower path cost becomes the root port.
Firewall Considerations
Section titled “Firewall Considerations”If using bridge firewall filters, ensure BPDUs are allowed:
/interface bridge filteradd chain=forward dst-mac-address=01:80:C2:00:00:00 action=acceptBPDUs are sent to:
- 01:80:C2:00:00:00 - For 802.1Q bridges (STP, RSTP, MSTP)
- 01:80:C2:00:00:08 - For 802.1ad bridges
Common Issues
Section titled “Common Issues”STP Not Working
Section titled “STP Not Working”- Verify protocol-mode is not set to
none - Check that all bridges in the network have STP enabled
- Ensure consistent bridge VLAN protocol across the network
Root Bridge Not Expected
Section titled “Root Bridge Not Expected”- Manually set bridge priorities to ensure the desired root bridge
- Lower priority = preferred root bridge
Traffic Not Flowing
Section titled “Traffic Not Flowing”- Check for blocked ports:
interface bridge port monitor - Verify path costs are configured correctly
- Ensure no firewall rules are blocking BPDUs
Bridge VLAN Protocol Mismatch
Section titled “Bridge VLAN Protocol Mismatch”When mixing 802.1Q and 802.1ad, STP may not work properly:
- 802.1Q BPDUs: 01:80:C2:00:00:00
- 802.1ad BPDUs: 01:80:C2:00:00:08
Ensure all bridges use the same VLAN protocol.
Multiple Spanning Tree Protocol (MSTP)
Section titled “Multiple Spanning Tree Protocol (MSTP)”MSTP provides loop prevention across multiple VLANs with load balancing capabilities.
Basic MSTP Configuration
Section titled “Basic MSTP Configuration”/interface bridgeadd name=bridge1 protocol-mode=mstp vlan-filtering=yes
/interface bridge vlanadd bridge=bridge1 tagged=ether1,ether2 vlan-ids=10,20Configure MSTP Region
Section titled “Configure MSTP Region”/interface bridge set bridge1 region-name=REGION1 region-revision=1Create MST Instances
Section titled “Create MST Instances”/interface bridge mstiadd bridge=bridge1 identifier=1 priority=0x1000 vlan-mapping=10,20add bridge=bridge1 identifier=2 priority=0x2000 vlan-mapping=30,40Configure MST Override
Section titled “Configure MST Override”/interface bridge port mst-overrideadd identifier=1 interface=ether1 internal-path-cost=5add identifier=2 interface=ether1 internal-path-cost=10Monitor MSTP
Section titled “Monitor MSTP”/interface bridge monitor bridge1/interface bridge msti monitor 1/interface bridge port mst-override monitor 1Best Practices
Section titled “Best Practices”- Always manually configure priorities - Let the network elect an unpredictable root bridge
- Use RSTP - Faster convergence than STP
- Configure edge ports - For access ports connecting to non-STP devices
- Set point-to-point=yes - On full-duplex links for faster convergence
- Match VLAN protocols - Ensure all bridges use the same 802.1Q or 802.1ad
- Allow BPDUs in firewall - If using bridge filters
- Monitor regularly - Check port roles and states for issues