Stp¶
17 cards — 🟢 3 easy | 🟡 4 medium | 🔴 3 hard
🟢 Easy (3)¶
1. What problem does STP solve?
Show answer
STP (Spanning Tree Protocol) prevents Layer 2 loops in networks with redundant links. Without STP, broadcast frames circulate endlessly, causing broadcast storms that saturate the network and crash switches.Name origin: invented by Radia Perlman (IEEE 802.1D, 1990), who wrote: 'I think that I shall never see / A graph more lovely than a tree.'
Under the hood: without STP, a single redundant link creates a loop where broadcasts multiply exponentially, saturating Gbps links in seconds.
2. How is the STP root bridge elected?
Show answer
The switch with the lowest Bridge ID becomes the root bridge. Bridge ID = Priority (default 32768) + MAC address. Set a lower priority to force a specific switch as root: spanning-tree vlan 1 priority 4096.Remember: "STP prevents loops by blocking redundant paths." Without STP, broadcast storms can take down a network in seconds.
Example: A switch with two paths to another switch disables one port to prevent a loop.
3. What are the port states in classic STP (802.1D)?
Show answer
Blocking (no forwarding, no learning), Listening (15s, no forwarding, no learning), Learning (15s, no forwarding, learns MACs), Forwarding (forwards and learns), Disabled. Total convergence time: 30-50 seconds.Remember: "Root bridge = lowest bridge ID wins." Bridge ID = priority (default 32768) + MAC address. Lower priority = more likely to be root.
Gotcha: If you don't set priorities, the root bridge is chosen by lowest MAC — which may be your oldest, slowest switch.
🟡 Medium (4)¶
1. How does RSTP (802.1w) improve on classic STP?
Show answer
RSTP reduces convergence from 30-50 seconds to 1-3 seconds using: edge ports (skip directly to forwarding for hosts), proposal/agreement mechanism (direct switch negotiation), and pre-computed alternate/backup ports for instant failover.Remember: "STP port states: Blocking → Listening → Learning → Forwarding." BLF is the path to forwarding. Convergence takes 30-50 seconds in classic STP.
Gotcha: RSTP (Rapid STP) converges in seconds instead of 30-50. Always use RSTP if available.
2. What are PortFast and BPDU Guard, and when should each be used?
Show answer
PortFast lets access ports (host-facing) skip STP convergence and go directly to forwarding. BPDU Guard shuts down a PortFast port if it receives a BPDU, indicating a rogue switch. PortFast should only be enabled on host-facing ports, never on switch-to-switch links.3. What are the three STP port roles and how are they assigned?
Show answer
Root Port: best path to root bridge (one per non-root switch). Designated Port: best path from a network segment to root (forwards traffic). Blocked/Alternate Port: redundant path, disabled to prevent loops. Roles are assigned based on path cost to the root bridge.4. How do you enable and check STP on a Linux bridge?
Show answer
Enable: ip link set br0 type bridge stp_state 1. Check status: brctl showstp br0 (legacy) or cat /sys/class/net/br0/bridge/stp_state (0=disabled, 1=enabled). View port states: bridge -d link show dev br0.Remember: "BPDU = Bridge Protocol Data Unit." Switches exchange BPDUs to elect the root bridge and calculate the spanning tree.
🔴 Hard (3)¶
1. How do you diagnose and stop a broadcast storm caused by a loop?
Show answer
Symptoms: all hosts unreachable, switch CPU at 100%, massive broadcast traffic. Diagnose: check show spanning-tree for topology changes, look for MAC flapping (same MAC on multiple ports). Stop: physically disconnect suspected loop port, then investigate. Enable BPDU Guard and storm control to prevent recurrence.2. What is Root Guard and why is it important?
Show answer
Root Guard prevents a port from becoming a root port, protecting the intended root bridge placement. If a superior BPDU is received on a Root Guard port, the port is put into root-inconsistent (blocked) state. This prevents a rogue or misconfigured switch from taking over as root bridge.3. What is MSTP (802.1s) and how does it differ from per-VLAN STP?