show spanning-tree
By this time you know that the show spanning-tree command is important. With it, you can
see who the root bridge is and what the priorities are set to for each VLAN.
Understand that Cisco switches run what is called Per-VLAN Spanning-Tree (PVST), which
basically means that each VLAN runs its own instance of STP. If you typed show spanning-tree,
you’d receive information for each VLAN, starting with VLAN 1. So, say you have multiple
VLANs and you want to see what’s up with VLAN 2—you’d type the command show
spanning-tree vlan 2.
Here is an output from the show spanning-tree command from switch S1. Since I’m
using only VLAN 1, I don’t need to add the VLAN number to the command:
S1#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000d.29bd.4b80
Cost 3012
Port 56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49153 (priority 49152 sys-id-ext 1)
Address 001b.2b55.7500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------
Fa0/3 Desg FWD 3100 128.3 Edge Shr
Fa0/4 Desg FWD 3019 128.4 Edge P2p
Fa0/8 Desg FWD 3019 128.8 P2p
Po1 Root FWD 3012 128.56 P2p
Since I have only VLAN 1 configured, there’s no more output for this command, but if I had
more, I would get another page for each VLAN configured on the switch. The default priority
is 32768, but there’s something called the system ID extension (sys-id-ext), which is the
VLAN identifier. The bridge ID priority is incremented by the number of that VLAN. And
since I have only VLAN 1, I increment by 1 to 32769. Understand, by default, BackboneFast
raises the default priority to 49152 to prevent the bridge from becoming the root.
The top of the output shows you who the root bridge is:
VLAN0001
Root ID Priority 32769
Address 000d.29bd.4b80
Cost 3012
Port 56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
EtherChannel Port 1 is the root port, which means that it’s the chosen path to the root
bridge, and it has an identifier of 000d.29bd.4b80. That can be either the Core switch or S2
only, and you’ll find out which one it is in a minute.
The last output from the command displays the ports that are running STP and have a connection
to another device. Because I’m running EtherChannel, I have no blocked ports. One
way to determine whether your bridge is the root is to look to see whether there are any Altn
BLK ports (meaning a blocked port that is an alternate). A root bridge would never have a
blocked port on any interface, but all the ports on S1 show Forwarding (FWD) because of the
EtherChannel configuration.