Spanning Tree Protocol (STP) helps prevent Layer 2 loops, but misconfigurations and failures can still cause network outages. Hereβs how to troubleshoot common STP issues effectively.
π 1οΈβ£ Issue: Network Loop / Broadcast Storm
π¨ Symptoms:
β
High CPU utilization on switches.
β
MAC address table fluctuates rapidly.
β
End devices lose connectivity intermittently.
β
Excessive broadcast/multicast traffic in the network.
π§ Troubleshooting Steps:
πΉ Step 1: Check STP Topology & Root Bridge
Switch# show spanning-tree
- Verify that the correct switch is the Root Bridge.
- Check Root Bridge ID and priority.
- If an unauthorized switch became Root, use Root Guard.
πΉ Step 2: Look for Redundant Links Without Blocking Ports
Switch# show spanning-tree blockedports
- STP should block at least one redundant port to prevent loops.
- If all links are Forwarding, a loop is present.
πΉ Step 3: Identify the Source of Excessive Traffic
Switch# show mac address-table dynamic | count
- If MAC addresses are flapping between ports, a loop exists.
πΉ Step 4: Enable BPDU Guard on Access Ports
Switch(config-if)# spanning-tree bpduguard enable
- Prevents rogue switches from joining STP.
β Solution: Ensure that only one active path exists between switches, and use BPDU Guard to prevent rogue switches from participating in STP.
π 2οΈβ£ Issue: Slow Convergence After a Link Failure
π¨ Symptoms:
β
Connectivity drops for 30-50 seconds after a link failure.
β
Devices unable to communicate during STP re-convergence.
β
STP topology changes frequently.
π§ Troubleshooting Steps:
πΉ Step 1: Check STP Timers and Mode
Switch# show spanning-tree detail
- If the mode is 802.1D (classic STP), convergence takes ~50 sec.
- Use Rapid PVST+ (802.1w) for faster failover.
πΉ Step 2: Verify Redundant Links & Active Ports
Switch# show spanning-tree interface Gi0/1
- Ensure that redundant links can take over quickly after failure.
πΉ Step 3: Enable UplinkFast & BackboneFast for Faster Recovery
Switch(config)# spanning-tree uplinkfast
Switch(config)# spanning-tree backbonefast
- UplinkFast speeds up failover for direct link failures.
- BackboneFast reduces downtime for indirect link failures.
β Solution: Upgrade to Rapid PVST+, and enable UplinkFast & BackboneFast for quick failover.
π 3οΈβ£ Issue: Unexpected Root Bridge Change
π¨ Symptoms:
β
Sudden network instability.
β
Traffic is rerouted inefficiently.
β
Running show spanning-tree shows a different Root Bridge.
π§ Troubleshooting Steps:
πΉ Step 1: Identify the Current Root Bridge
Switch# show spanning-tree root
- Compare the Root Bridge ID with the intended Root switch.
- If an unauthorized switch is Root, check its priority.
πΉ Step 2: Set the Correct Root Bridge Priority
Switch(config)# spanning-tree vlan 10 priority 4096
- Use a lower priority (default is 32768) on the intended Root Bridge.
πΉ Step 3: Enable Root Guard on Access Layer Uplinks
Switch(config-if)# spanning-tree guard root
- Prevents unauthorized switches from becoming the Root Bridge.
β Solution: Ensure correct Root Bridge configuration and apply Root Guard on uplinks.
π 4οΈβ£ Issue: Blocked Port Not Recovering (Loop Guard Issue)
π¨ Symptoms:
β
Some ports remain in Loop-Inconsistent State indefinitely.
β
Network outage on affected VLANs.
β
No STP loops detected, but traffic is disrupted.
π§ Troubleshooting Steps:
πΉ Step 1: Check the Blocked Ports
Switch# show spanning-tree inconsistentports
- If ports are in Loop-Inconsistent State, Loop Guard is blocking them.
πΉ Step 2: Verify BPDU Reception
Switch# debug spanning-tree bpdu
- If no BPDUs are received, the upstream switch may have failed or is misconfigured.
πΉ Step 3: Temporarily Disable Loop Guard & Re-enable STP
Switch(config-if)# no spanning-tree guard loop
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
- This resets STP and allows it to re-converge.
β Solution: Fix the BPDU reception issue and ensure the upstream switch is sending BPDUs correctly.
π 5οΈβ£ Issue: Fiber Link Failure Not Detected (UDLD Issue)
π¨ Symptoms:
β
STP shows the link as active, but traffic fails.
β
Network flapping when fiber links are in use.
β
Half-duplex issues on fiber links.
π§ Troubleshooting Steps:
πΉ Step 1: Check the Fiber Link State
Switch# show interfaces status
Switch# show udld neighbors
- If UDLD shows an error, the link may be unidirectional.
πΉ Step 2: Enable UDLD Aggressive Mode
Switch(config-if)# udld aggressive
- Automatically disables unidirectional links, preventing loops.
πΉ Step 3: Reset the Affected Port
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
β Solution: Always enable UDLD Aggressive Mode on fiber links to prevent silent failures.
π Summary of STP Troubleshooting Issues & Fixes
| Issue | Symptoms | Troubleshooting Commands | Fix |
|---|---|---|---|
| Network Loop / Broadcast Storm | High CPU, MAC flapping, excessive broadcasts | show spanning-treeshow mac address-table | Ensure blocked ports exist Enable BPDU Guard |
| Slow Convergence After Link Failure | 30-50 sec downtime | show spanning-tree detail | Use Rapid PVST+ Enable UplinkFast & BackboneFast |
| Unexpected Root Bridge Change | Traffic rerouted, different Root ID | show spanning-tree root | Set correct Root Bridge priority Enable Root Guard |
| Blocked Port Not Recovering | Ports in Loop-Inconsistent State | show spanning-tree inconsistentportsdebug spanning-tree bpdu | Ensure BPDUs are received Reset Loop Guard |
| Fiber Link Failure Not Detected | No traffic, STP still active | show udld neighborsshow interfaces status | Enable UDLD Aggressive Mode |
π Pro Tips for STP Troubleshooting
β
Document your STP topology β Know the expected Root Bridge & blocked ports.
β
Use Rapid PVST+ for faster convergence (Avoid legacy 802.1D).
β
Enable BPDU Guard & Root Guard to prevent rogue switches.
β
Monitor STP logs (show spanning-tree summary) to detect topology changes.
β
Use UDLD Aggressive Mode on fiber links to prevent silent failures.
The Lazy Networker 
Leave a comment