Understanding Spanning-Tree Port-Priority
- By Joe Astorino
- June 30, 2011
- 63 Comments
Introduction
Today we are going to take a quick look at the spanning-tree port-priority and understand how it really works with regards to influencing what ports are blocking and which are forwarding in a looped layer 2 network topology.
When I first started out learning this stuff, port priority was very puzzling to me, because generally there are a lot of bad assumptions about how exactly it works.
Generally, port-priority is used as a tie-breaker in various stages of the spanning-tree protocol algorithm which ultimately determines which ports are in the forwarding state and which ports are in the blocking state. Let’s do a quick review of the STP algorithm
Spanning-Tree Protocol Algorithm Review
1) Elect a root bridge. The bridge with the lowest bridge-ID (BID) is selected. The BID consists of a switch priority defaulting to 32,768 and a MAC address.
2) Each non-root bridge elects a root port. The root port is the port on that bridge that is closest to the root bridge. This port is selected based on the lowest path cost to the root bridge. If there is a tie, we look for the port that received the lowest bridge ID from a neighbor. If that is still tied we go to lowest received port-priority
3) Each segment elects a designated port. This is a similar process as step 2. The designated port on a segment is the port attached to the switch on the segment with the lowest cost path to the root bridge. If there is a tie, we look first at lowest sending BID and then lowest received port-priority
The confusion comes in I think because people tend to forget that we are talking about the received port-priority on the link, not the port-priority you locally set on the switch itself. You see, port-priority is a value that is actually carried in BPDU frames between switches and thus communicated to neighboring switches. If we want to use port-priority to manipulate things, we need to change it on the upstream switch, not on the local switch!
Labbing It Up
The best way to learn this stuff is to look at it on real equipment…actually the best way is to DO it yourself on real equipment : ) Let’s look at our very basic network diagram today.
Here we have a simple setup with two FastEthernet links between our two switches. We will make Cat1 the spanning-tree root bridge and for simplicity sake, we will only deal with the default VLAN 1 in this example. Since we have redundant links between our two switches, we obviously have a layer 2 loop. Spanning-tree should take care of that right out of the box by blocking one of the links. The question is which one? We will run through the algorithm, and then manipulate things with port-priority. Recall the steps from above…
Root Bridge Election
We said we want Cat1 to be the root. Let’s see whats going on with that.
Cat1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000b.46e2.6980
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0018.1820.2700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.25 P2p
Fa0/24 Altn BLK 19 128.26 P2p
Cat1 is NOT the root bridge here. Let’s fix that…
Cat1#conf t Enter configuration commands, one per line. End with CNTL/Z. Cat1(config)#spanning-tree vlan 1 root primary
After 30 seconds, we see that both Fa0/23 and Fa0/24 moved to forwarding state and that they are both designated ports as they should be. Notice that the bridge priority for Cat1 changed to 24577 following our command thus giving it the lower bridge-ID and winner of the root bridge election.
Cat1(config)#do sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0018.1820.2700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 0018.1820.2700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.25 P2p
Fa0/24 Desg FWD 19 128.26 P2p
Root Port Election
Now that we have Cat1 acting as the root bridge, Cat2 is going to have to choose a root port. What has it done out of the box?
Cat2#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0018.1820.2700
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000b.46e2.6980
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
Cat2 elected Fa0/23 as it’s root port. Step 3 of the algorithm is selecting a designated port on both segments here. Since Cat1 is the root bridge, it is indeed the designated port on both links. Since Fa0/24 on Cat2 is neither the root port or a designated port it goes into blocking state. NOW…why is Fa0/23 the root port?
First, Cat2 looks at port cost and sees that the STP cost over Fa0/23 and Fa0/24 is both 19 (FastEthernet). Next, it looks at the port that is receiving the lowest bridge ID from a neighbor. Cat1 is our only neighbor and the received bridge ID is the same on both ports since we are plugged into the same neighboring switch. Finally, Cat2 looks at the RECEIVED port priority it is getting in the BPDUs from Cat1. Notice that in the show spanning-tree vlan 1 output, the port priority shows 128.23 and 128.24. This can be a little bit deceiving. That is the local port-priority configured on Cat2 followed by the interface number. The received port-priority, which is what really matters here is not shown in that command output. So, how do we see the received port priority?
Cat2#sh spanning-tree vlan 1 int fa0/23 detail Port 23 (FastEthernet0/23) of VLAN0001 is root forwarding Port path cost 19, Port priority 128, Port Identifier 128.23. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 128.25, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 1938, received 299 Cat2#sh spanning-tree vlan 1 int fa0/24 det Port 24 (FastEthernet0/24) of VLAN0001 is alternate blocking Port path cost 19, Port priority 128, Port Identifier 128.24. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 128.26, designated path cost 0 Timers: message age 1, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 1992, received 306
Notice that the “port identifier” is 128.23 and 128.24 That is the locally set port-priority on Cat2 for those ports. The actual received port-priority is the “Designated port ID”. Notice that the received port-priority on Fa0/23 is 128.25 and the received port-priority on Fa0/24 is 128.26. Since 128.25 is lower than 128.26, port fa0/23 wins the root port election and goes forwarding. We can validate this by looking at the local port priorities back on Cat1
Cat1#sh spanning-tree vlan 1 int fa0/23 detail Port 25 (FastEthernet0/23) of VLAN0001 is designated forwarding Port path cost 19, Port priority 128, Port Identifier 128.25. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 128.25, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 861, received 970 Cat1#sh spanning-tree vlan 1 int fa0/24 det Port 26 (FastEthernet0/24) of VLAN0001 is designated forwarding Port path cost 19, Port priority 128, Port Identifier 128.26. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 128.26, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 2 Link type is point-to-point by default BPDU: sent 866, received 996
Manipulating Port-Priority
Let’s say that for some reason we don’t want fa0/23 to be forwarding on Cat2 — we want the opposite of Fa0/23 blocking and Fa0/24 forwarding. How can we accomplish this using port-priority? Because the local port-priority makes absolutely no difference here, we can change that all day long and it won’t matter. We need to look at changing the port-priority upstream on Cat1 so that when Cat1 sends BPDUs to Cat2, Cat2 will compare the received port-priority values and choose the lowest one. Let’s do that.
Cat1(config)#interface fa0/24 Cat1(config-if)#spanning-tree vlan 1 port-priority 64
Now, let’s check out Cat2
Cat2#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0018.1820.2700
Cost 19
Port 24 (FastEthernet0/24)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000b.46e2.6980
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/23 Altn BLK 19 128.23 P2p
Fa0/24 Root FWD 19 128.24 P2p
Bickety Bam, we have Fa0/24 now forwarding and Fa0/23 blocking!!! Again, notice in the show spanning-tree vlan 1 output, the port-priority numbers did NOT change. This is because those are the locally significant port-priorities on Cat2. Let’s see the received port-priorities we are getting from the BPDU’s sent by Cat1.
Cat2#show spanning-tree vlan 1 int fa0/23 detail Port 23 (FastEthernet0/23) of VLAN0001 is alternate blocking Port path cost 19, Port priority 128, Port Identifier 128.23. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 128.25, designated path cost 0 Timers: message age 1, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 1938, received 694 Cat2#show spanning-tree vlan 1 int fa0/24 detail Port 24 (FastEthernet0/24) of VLAN0001 is root forwarding Port path cost 19, Port priority 128, Port Identifier 128.24. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 64.26, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 2 Link type is point-to-point by default BPDU: sent 1993, received 697
That about does it for spanning-tree port priority. The key thing to remember is that the received port-priority is what really matters. If you want to manipulate your layer two switching path based on port-priority in spanning-tree remember to make your changes upstream or you could be finding yourself confused and frustrated : )
Edit: Here is a video from my youtube channel on this topic!
Hi,
Thank you for doing this kind of review about STP and raise doubts about the vagueness.
Best regards,
Christophe
thanks :) it has cleared my spanning tree port priority concept
That was very helpful. I couldn’t find these clarifications anywhere except your blog. Thank you very much!
Hi,
What happens if the port priorities are also the same ??
PLs explain.
Port priority can not be same because it’s format is priority.port number (128.23) and this port number is different for each port. Even if switch is connected to two different switch then first tiebreaker (lowest neighboring bridge-id) comes into play
If the format is priority.port number then, why is Cat1 (initially) sending 128.25 &128.26 when the connections are on port 23 & 24?
Man, even the Cisco site did make me confused about this topic. Since now, I´m following your blog!
Hey There,
Great article, it really was very useful.
The only scenario where a bridge ID could tie is when both links are coming form the same equipment, right?
Thanks
@emerson yes!
Hello Joe Astorino
I am little confused about the selection of designated port because I want to know when that situation will arise when the switches on a particular segment will have same Bridge ID to go for a better tie of received port priority. I feel such a situation will never arise because designated port selection is based on per segment basis and one segment will have two switches are there is no possibility of having two switches with same Bridge ID. Please let me know as I am about to give CCNA exam in next month. Your explanation to port priority was nice.
How is the port number 25 and 26 on CAT 1 when the topology shows the cables plugged into Fa0/23 and Fa0/24?
thanks!
As far as spanning-tree is concerned it is the interface INDEX which is set internally by IOS and not necessarily the actual interface number as you would know it.
Thank you sooo much. I was lost. this clarifies it for me. Thanks again
Thanks so much for posting this, I was lucky that google hit straight to this blog for my question because it answered it exactly!
Thank you for taking the time and doing this right.
You help me out a lot thank you.
Hey Joe: Your post on the STP algorithm is really excellent. I appreciate the effort you put into this
thank god for your youtube video bra!!!!
Really thanks you exellent post. I’ve been so confused but now so so clear. Thx man.
Thank you for this kind of wonderful explanation……..thanks a lot
Thank you for understandable explanation!!!
[…] wouldn’t be complete if I didn’t provide a link to astorinonetworks.com, where he explains STP, complete with a youtube video. He also provides remote access to a […]
Isn’t it possible that even the port numbers and priorities could tie? If so, what is the tiebreaker?
i would say that the port priority for the designated/non-designated(alternative) port is useless and you should remove it , yes with port priority you can influence root port election, but if you have redundant link on a non root link, the designated/non-designated ports will be elected both by the switch with the lowest BID , you cannot influence nothing there with port priority . i mean that 1 switch will have both ports in designated and the other in non designated/alternative. Correct me if i am wrong I am no expert. You are doing a great job here keep it up :)
STP Root port selection:
1. Lower Root Bridge ID
2. Lower Path Cost to the Root bridge.
3. Lower sending Bridge ID
4. Lower Sending Port ID
5. Lower receiving port-id
the fifth tie breaker is the local Switch port-id, the lowest is prefered ,this condition is not shown in CCNP Switch Level.
But from CCIE Professional Development: Cisco LAN Switching book ,it says:the only case where the local Port ID is used is : one root bridge connected to the Hub with one port and a non-Roo-Bridge connected with two ports to the Hub
visit my website and looks an example of this case:
http://www.meddane.com/labs/quiz/another-quiz-spanning-tree.html
Assume we have one switch connected to the HUB over two links: fa1/2 and fa1/3 ,how the switch chooses the DP and the BP ports?
The same way any other DP would be chosen – If you do nothing it will be based on lowest port-priority which will be the lowest numerical port number. So in your case, Fa1/2 would be the DP and Fa1/3 would be blocking.
Correct me if I am wrong:
The Switch has 2 connections to a hub, the switch will send BPDU
both out the port fa1/2 and port fa1/3, BPDU from port fa1/2 will be returned to the
switch on port fa1/3 and BPDU’s from port fa1/3 will be returned on port fa1/2. the switch sees it’s own BPDU .
But as you said in your post:
Each segment elects a designated port. This is a similar process as step 2. The designated port on a segment is the port attached to the switch on the segment with the lowest cost path to the root bridge. If there is a tie, we look first at lowest sending BID and then lowest received port-priority
In this case ,fa1/3 receives Port-ID of fa1/2 (128.2) and fa1/2 receives the port-ID of fa1/3(128.3),
which is the lowest received port-priority?
SW1 looks at the RECEIVED port priority ,128.2 received by fa1/3 wins over 128.3 received by fa1/2,thus fa1/3 should be the DP and fa1/2 the BP
So we are both sort of wrong
Here is the deal – Technically the tie breaker is the port on the segment that sends the BPDU with the lowest port-priority. If you had multiple links between two switches, it makes sense to call it “lowest received port-priority” as shown in the example in the blog. When you have an odd ball case like a switch plugged into itself, it makes more sense to think about it as “lowest sent port-priority”. In your example, port fa1/3 receives a BPDU from fa1/2. The bridge ID in that BPDU is the same, so Fa1/3 looks at the port-priority it received and compares it to it’s port-priority. The port-priority received from Fa1/2 is lower so fa1/2 becomes the DP. Fa1/3 would actually be blocking and type inconsistent because the switch detects it is plugged into itself.
I have here gi6/0/1 plugged into gi6/0/2 on the same switch to demonstrate this. This is the root bridge actually as well. On that one particular segment (the 6/0/1 / 6/0/2 sgement) what happens is gi6/0/1 becomes the DP and gi6/0/2 is blocking, but also goes into type inconsistent. This is because the switch knows it is plugged into itself here. In this case 6/0/2 is blocking because it has received only a single BPDU from 6/0/1 and the BPDU from 6/0/1 is superior to it’s own, as it has a lower port-priority.
So in summary, in this particular weird case, yes the received port-priority on Gi6/0/2 is indeed lower than the received port-priority on gi6/0/1 but it is also the only path. Thing to keep in mind is whoever is sending the superior BPDU – the one with the lowest port-priority is going to win.
Hope that helps.
I think with the HUB, we have not especially the same result,I must verify with a real HUB, i have already two Switches but not a HUB
Thanks Joe for explaination. So can you please explain on what selection criteria fa1/2 will be selected as DP and fa1/3 as BP. Is it based on local port priority as its connected to hub?
It has nothing to do with local port-priority. It has everything to do with what port sends the best BPDU on to the segment. The best BPDU in this case is sent by F1/2 because it has a lower port-priority in the BPDU it is sending.
Why not the best BPDU is sent by Fa1/3,since the BID is the same, the port-ID received by Fa1/3 is better (lower) than the port-ID received by fa1/2,thus fa1/3 should be the DP
The best BPDU is sent by Fa1/2. Think it through.
Fa1/2 sends a BPDU. Say it’s bridge ID is 1. It’s port priority is 128.1
Fa1/3 sends a BPDU. Its bridge ID is also 1. It’s port priority is 128.2.
128.1 is better than 128.2. Fa1/2 is the DP.
Lab it up and see.
So the Local Port-ID make the difference,fa1/2 s’port-ID is better than the fa1/3’s Port-ID
Logically ,as what i developped in one scenario that I posted in my website ,The Switch is “Using the Local Port ID Value As a Tie-Breaker”:
http://www.meddane.com/labs/quiz/another-quiz-spanning-tree.html
Great and extreme explanation on the Topic. Thanks a lot….
Thanks you so much Mr. Astorino :).
Thanks aton :)
[…] Understanding Spanning-Tree Port-Priority […]
Hello Mr. Astorino
great thanks for that clarification
but I’m little confused in this point
Cat1#sh spanning-tree vlan 1 int fa0/24 det
Port 26 (FastEthernet0/24) of VLAN0001 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.26.
why port id incremented by 2 (it must be 128.24 or this is a random number) ?!
Great blog! The only thing I disagree with is the definition of designated port
1) Each segment elects a designated port. This is a similar process as step 2.
2) The designated port on a segment is the port attached to the switch on the segment with the lowest cost path to the root bridge.
3) If there is a tie, we look first at lowest sending BID and then lowest received port-priority
I agree with everything except the lowest *received* port-priority part of #3. The tiebreaker is the lowest *sending* port priority + interface number on a shared segment, where priority is looked at first, then interface number. portID = port priority + interface number.
For instance, SW1 the root has this designated portID on SW1’s fa0/23
Designated port id is 128.25
Port path cost 19, Port priority 128, Port Identifier 128.25
which is SW1’s portID
Port path cost 19, Port priority 128, Port Identifier 128.25 <-
David,
It’s all a matter of perspective really. As long as you understand it, that is the important thing. I encourage you to lab it up.
You are so right, Joe. “Labbing it up” is the best way. You gave me fundamentals. Thanks.
Thanks buddy, it really helped me to understood it correctly… :) :)
Thank you Joe, it has help me to debug an issue
hi,
port priority is a 4 bit field , then how can default value be 128 , and range be from 0-255,
please clarify ,
Thanks
The entire port ID field is actually 2 bytes (16 bits) divided into 2 sections – 4 bits for priority and 12 bits for the interface ID.
Let’s say the port ID field is 0x8001. In binary you have:
1000 0000 0000 0001
Even though the first 4 bits are the priority field, the priority is still expressed as the entire first byte, with the lower 4 bits being part of the interface ID portion. Thus, you have a port priority there that is 0x80 or 128 decimal. That is why you find that you can only configure the port priority as a multiple of 16. It is a similar idea to the extended bridge id with the first 4 bits being for the priority and the lower 12 bits being the VLAN.
My friend there is something that doesnt match. The following command reference for 15.0(1)SE also specified that the increments are multiple of 16 but in a switch running Version 15.2 this is what I see
DSW1(config-if)#spanning-tree vlan 20 port-priority ?
port priority in increments of 64
Where does the interface ID come from? Its 12 bits so its not the MAC address. What is it?
one word…brilliant!!
Very good explanation.I tried various websites for this concept,but didn’t find good explanation.
Thanks.
One of the best explanations ever, filled with real world examples.
Thanks for sharing !!!
This is awesome!
[…] Reference: http://www.astorinonetworks.com/2011/06/30/spanning-tree-port-priority/ […]
Thank you for taking the time to write this post.
Very clear understanding.Thanks a lot .
Thanks so much. Quality information can be hard to come by.
Excellent demostration, thank´s!!!
best explanation seen so far.
Thank you very much, I am here in 2019 and it was very enlightening, my doubts ceased.
I didn’t fully get spanning-tree and the port priority until this. Thanks heaps.
That was extremely well explained in the simplest of manners. Thank you!
Great post. After reading this, I realized that even after my 9 years of experience as a Network engineer I am still a novice. Perhaps I did not read a post such as this, which really de-clutters STP. Thanks much for sharing this post.
Dushyanth