Spanning Tree Protocol

Summary

Spanning Tree Protocol (STP) is a network protocol that prevents loops in bridged networks by dynamically blocking redundant paths. RouterOS bridge interfaces support STP, RSTP, and MSTP to ensure a loop-free and redundant topology.

For small networks with just 2 bridges, STP does not bring many benefits. However, for larger networks, properly configured STP is crucial. To achieve a proper loop-free and redundant topology, you must properly set bridge priorities, port path costs, and port priorities.

RSTP (Rapid Spanning Tree Protocol) is enabled by default on new bridges in RouterOS v7. RSTP converges faster than classic STP and is recommended for most deployments.

STP and RSTP

Enabling STP/RSTP

To enable STP or RSTP on a bridge, set the protocol-mode parameter:

/interface bridge
add name=bridge1 protocol-mode=rstp

Available protocol modes:

none - STP disabled (default for legacy configurations)
stp - Classic Spanning Tree Protocol (slow convergence)
rstp - Rapid Spanning Tree Protocol (fast convergence, recommended)
mstp - Multiple Spanning Tree Protocol (VLAN-aware)

Default Values

RouterOS uses the following default values for STP:

Parameter	Default Value
Bridge Priority	32768 (0x8000)
Port Path Cost	Auto (depends on port speed)
Port Priority	128
Forward Delay	15 seconds
Max Age	20 seconds
Hello Time	2 seconds

The default bridge priority of 32768 means bridges with lower priority values will become root bridges.

Port Path Cost Defaults

Interface Speed	STP Cost	RSTP Cost
10 Mbps	100	2,000,000
100 Mbps	19	200,000
1 Gbps	4	20,000
10 Gbps	2	2,000
20 Gbps	1	1,000

Election Process

When STP is enabled, bridges exchange BPDU (Bridge Protocol Data Unit) frames to elect:

Root Bridge - The bridge with the lowest bridge ID (priority + MAC address)
Root Ports - The port on each non-root bridge with the lowest path cost to the root
Designated Ports - Ports on each segment that forward traffic toward the root
Blocked Ports - Redundant ports that are blocked to prevent loops

Bridge ID Calculation

The Bridge ID is composed of:

Priority: Configurable (default 32768), must be divisible by 4096
MAC Address: The bridge’s internal MAC

Lower priority values win the root bridge election. If priorities are equal, the lowest MAC address wins.

# Set bridge priority to make it the root bridge
/interface bridge
set [find name=bridge1] priority=4096

Path Cost Calculation

The root path cost is the sum of port path costs from a given port to the root bridge. Lower path costs are preferred.

# Set custom port path cost
/interface bridge port
set [find interface=ether1] path-cost=10

Configuration Examples

Basic RSTP Configuration

This example shows a simple RSTP setup with two MikroTik routers:

Router A (Root Bridge):

/interface bridge
add name=bridge1 protocol-mode=rstp priority=4096

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3

Router B (Secondary):

/interface bridge
add name=bridge1 protocol-mode=rstp

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3

Root Path Cost Example

In this topology, Router A is the root bridge. Router B has two paths to reach Router A:

Path 1: ether1 (1 Gbps) - cost 20,000
Path 2: ether2 (100 Mbps) - cost 200,000

RSTP automatically selects the lower-cost path (ether1) as the root port and blocks ether2.

[Router A - Root Bridge]
        |
   +----+----+
   |         |
 ether1   ether2
   |         |
   |    100Mbps
   |         |
[Router B]

Loop Prevention with Redundant Links

This configuration prevents loops in a network with redundant connections:

# On Router A
/interface bridge
add name=bridge1 protocol-mode=rstp priority=4096

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3

# On Router B
/interface bridge
add name=bridge1 protocol-mode=rstp

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3

Per-Port STP

RouterOS supports per-port STP settings for advanced control.

Edge Ports

Edge ports are ports that connect to end devices (computers, printers, etc.) and should never receive BPDUs. They transition to forwarding state immediately.

# Configure edge port
/interface bridge port
set [find interface=ether1] edge=yes

When edge is set to auto (default), the port becomes an edge port if it doesn’t receive BPDUs within 3 seconds of becoming active.

BPDU Guard

BPDU Guard shuts down a port if it receives a BPDU, preventing unauthorized switches from affecting the STP topology:

# Enable BPDU Guard on a port
/interface bridge port
set [find interface=ether1] bpdu-guard=yes

When a port with BPDU Guard receives a BPDU, it enters the disabled state and must be manually re-enabled by disabling and re-enabling the port.

Multiple Spanning Tree Protocol (MSTP)

MSTP allows mapping multiple VLANs into different spanning tree instances, providing better utilization of redundant links.

MSTP Regions

All switches in an MSTP region must share the same:

Region Name
Revision Level
VLAN-to-Instance Mapping

# Enable MSTP with VLAN filtering
/interface bridge
add name=bridge1 protocol-mode=mstp vlan-filtering=yes

# Configure MSTP region (set on the bridge itself)
/interface bridge
set [find name=bridge1] region-name=CORP-REGION region-revision=1

MST Instance

Create MST instances and map VLANs to them:

# Create MST instance and map VLANs
/interface bridge mst
add bridge=bridge1 identifier=1 vlan-mapping=10,20,30
add bridge=bridge1 identifier=2 vlan-mapping=40,50

MST Override

Use MST override to modify the bridge priority for specific instances:

# Set priority for MST instance
/interface bridge mst
set [find identifier=1] priority=4096

Monitoring

View STP Status

Check the current STP status on a bridge:

/interface bridge print detail

View Port Status

Check STP state on individual ports:

/interface bridge port print detail

View MSTP Instances

/interface bridge mst print detail

Troubleshooting

Port Stuck in Blocking State

If a port is stuck in blocking state:

Check for physical loop conditions
Verify all bridges have STP enabled
Check port path costs - lower costs should become root ports
Ensure BPDUs are not being filtered by firewall

STP Not Preventing Loops

If STP is not preventing loops:

Verify protocol-mode is set to rstp or mstp on all bridges
Check that all switches in the network support RSTP/MSTP
Verify no unmanaged switches are creating invisible loops
Check for hardware offloading issues with STP

Common Issue: Cisco Interoperability

When connecting MikroTik routers to Cisco switches:

Both devices must use the same STP version
Cisco uses PVST (Per-VLAN STP) by default - configure MSTP for compatibility
Verify BPDU guard settings match on both sides

# Cisco config for MSTP compatibility
spanning-tree mode mstp

Spanning Tree Protocol

Spanning Tree Protocol

Summary

STP and RSTP

Enabling STP/RSTP

Default Values

Port Path Cost Defaults

Election Process

Bridge ID Calculation

Path Cost Calculation

Configuration Examples

Basic RSTP Configuration

Root Path Cost Example

Loop Prevention with Redundant Links

Per-Port STP

Edge Ports

BPDU Guard

Multiple Spanning Tree Protocol (MSTP)

MSTP Regions

MST Instance

MST Override

Monitoring

View STP Status

View Port Status

View MSTP Instances

Troubleshooting

Port Stuck in Blocking State

STP Not Preventing Loops

Common Issue: Cisco Interoperability

See Also