Interpreting show stp (1) – Answers

By certskills January 26, 2018 09:05

Of all #CCNA topics in the ICND2 half of CCNA, Spanning Tree Protocol (STP) looms with more intimidation than most. As for Mastering STP verification, the process begins with mastering the show spanning-tree command. This latest sample question focuses on the first section of that command’s output, asking about two topics: is the local switch the root switch, and what does the port number in that first grouping of messages tell you about the network? Check out the original question, and then dive in here for the answer and some explanation.


B: Some other switch is the root

E: Port G0/1 is a port on the local switch



First, note that the output shown with the question lists one section of the show spanning-tree command’s output, and does not include the 2nd and 3rd section. The first section describes facts related to the root switch, while the second section describes the local switch (that is, the switch that generated the output.) The third section shows a list of local interfaces with their STP port roles and states. So, to answer this question, you need to have mastered some of the facts found in that first section of output – you just can’t rely on the other sections (which would have been useful as well). The question requires you to trust the information in the first stanza of messages.

When issuing the show spanning-tree command on the root switch, the root switch claims to be the root, with a statement “This bridge is the root.” The output for the question does NOT list that line, so the absence of that line tells us, without question, that the local switch is not the root switch. That fact rules out two answers about which switches might be root and confirms that the local switch is not the root switch.

Figure 1: Absence of Note about the Local Switch Being Root

The second set of related answers ask about what the mention of “GigabitEthernet0/1” means. Again, from memory and earlier study, you should know that if the local switch is not the root switch, that:

  • As a non-root switch, the local switch has a root port, and a cost to reach the root
  • The show spanning-tree command lists those facts in the first stanza: facts about the local switch and its relationship to the root switch

As a result, you can know that the first message group’s mention of port GigabitEthernet0/1 is an interface on the local switch (SW4), namely the port used as its root port. That fact rules out two answers, and rules in the answer that restates that port G0/1 is on the local switch.

Figure 2: Location of Two Lines in First Stanza about Local Switch


Common Mistakes

As usual, let me give you a few more pointers about avoiding common mistakes on the exam. In this particular area of concern – that is, the narrow world of just the first section of output from show spanning-tree – keep an eye out for these items:

  • Looking for the absence of a line of output can be one of the most challenging kinds of details to notice when under pressure on the exam. When in lab, take the time to compare that first stanza of messages on the root switch versus a non-root, and help that difference sink in visually: the claim of being the root, versus the two lines about root cost and root port.
  • Another set of facts to memorize: on a non-root switch, as in this question, that first stanza lists the Bridge ID of the root, followed by the root cost and root port of the local switch. So, it’s not all about the root switch: it’s about the root switch plus the local switch’s facts related to the root switch.



Question: Interpreting show stp (1)
Predicting ARP Messages 1
By certskills January 26, 2018 09:05
Write a comment


  1. Ruben January 26, 10:58

    Again, thank you for all of these little exercises. they refresh the memory and keep us on top of the game 🙂

    Reply to this comment
  2. Gian May 3, 20:42

    Hi Wendell. I am a little confused on the Port portion of the show spanning-tree output. I understand the (GigabitEthernet) part is the local port on the switch. What does the 2 mean?

    Reply to this comment
    • certskills Author May 16, 11:42

      Hi Gian,
      Cisco switches assign each port an internal port number. These are integer, usually beginning at 1. For IOS features for which they just need to identify the port, regardless of type (FastE, GigE, multi gig, etc), the feature can reference the integer port number. The 2 in the output was the internal port number as automatically assigned by that switch.

      EG, here’s output from a another 2960. Note the bottom of the output, with two interfaces listed. the “priority.port” column shows the port numbers of 12 and 25 having been assigned to those two interfaces:
      P1-S2#show spanning-tree

      Spanning tree enabled protocol ieee
      Root ID Priority 32769
      Address 1833.9d7b.0e80
      Cost 8
      Port 25 (GigabitEthernet0/1)
      Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

      Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
      Address 1833.9d7b.1380
      Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
      Aging Time 300 sec

      Interface Role Sts Cost Prio.Nbr Type
      ——————- —- — ——— ——– ——————————–
      Fa0/12 Desg FWD 19 128.12 P2p
      Gi0/1 Root FWD 4 128.25 P2p

      Hope this helps…

      Reply to this comment
  3. Lixin December 11, 12:37

    In Example 3-12, Interface Gi0/2 Role as Altn, I think this is incorrect for STP. Altn (Alternate) should only be in RSTP, is it right?

    Reply to this comment
    • certskills Author January 21, 10:55

      Hi Lixin,
      I agree in the sense that the 802.1D standard originally did not include the alternate or backup port roles. However, Cisco has included those (abbreviated) terms in the output of “show spanning-tree” for a long time, even when running PVST+ (aka running in the mode that uses 802.1D and not RSTP.) The output in the ICND2 book example 3-12 (like all of them) come from a pod of real devices configured as shown in the example. So while I agree it appears to be incorrect, it’s a bit of misdirection as a side effect of what Cisco chooses to put in the command output.
      Hope this helps,

      Reply to this comment
  4. Reuben January 17, 02:57

    Very detailed explanation its relates the course material very well. Thanks

    Reply to this comment
  5. Jason July 23, 13:19


    While reading the stp concepts I’m wondering:

    Above all, what is the need of electing a root switch ?

    Normally, is it going to be the switch which would be the nearest from the Wan link ? If I set up its bridge ID to be the lowest, is it because I know it is going to be the nearest switch from the Wan link (and mostly being a core switch)

    Or does it has nothing to do with that, and a root switch is just being part of the STP process to avoid loop, no matter near or far from the Wan link ?


    Reply to this comment
    • certskills Author July 26, 15:57

      There is more to consider than just needing any one switch to be root so that the process works.
      Consider the end result of STP/RSTP: some ports block. Now think of typical design, with say a few distribution layer switches (no end-user devices connected), with lots of access layer switches. Then, note that the root switches do not block on any port. finally, note that most traffic will flow from access to distribution and then out to some other site – a local data center, or as you point out, a router to a WAN link.
      So, you don’t want the distribution switch to block. By doing so, avoid extra hops through additional switches to deliver packets out of the network. Also, the root tends to have a higher workload (because it does not block), and distribution switches are normally the root switches – and they usually have a much higher forwarding capacity.


      Reply to this comment
  6. Nick January 6, 14:47

    Wendell, Im having trouble understanding when you would use the spanning-tree root (primary/secondary)with the per vlan option. wouldn’t distribution switches want to encompass all vlans on the trunks?

    Reply to this comment
    • certskills Author January 7, 11:24

      Hi Nick,
      Per your second sentence, indeed, the trunks should continue to support all VLANs. The command that changes the STP root does not have an effect on the VLANs supported by the trunks. I think these are the points that might clear it up:
      – All trunks should support all the VLANs in the design, however…
      – Some ports will not be used at all times due to spanning tree. If there are redundant paths, STP will block some ports to create one (and only one) path through a VLAN
      – With all default STP settings, all VLANs will block on the same ports. As a result, the link is not used at all.
      – By tuning STP differently for different VLANs – EG, one distribution switch as root for half th VLANs, the other for the other half of the VLANs – STP blocks one one port for half the VLANs, and another port for half the VLANs
      – As a result, you still take advantage of all the bandwidth in the links in the network, with the ability to fail over to another path if a link fails.
      Does that connect the dots?

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.