In any switched network with redundant links, loops are a disaster waiting to happen — broadcast storms, MAC table instability, and duplicate frames can bring your network to its knees. Spanning Tree Protocol (STP) prevents loops by dynamically blocking ports, and it all starts with electing a single Root Bridge. For the CCNA 200-301 exam (Objective 2.5), you must master how this election works, because every STP decision — root port, designated port, blocking — flows from the Root Bridge. Understanding the election process is the foundation for troubleshooting and designing loop-free topologies.
Jump to a section
Imagine a massive library with multiple floors, each floor having a librarian. The library needs a single 'Section Leader' to coordinate book borrowing across floors and prevent confusion (like two librarians lending the same book to different people). The election happens by comparing two credentials: first, the librarian's 'seniority number' (a fixed ID assigned by the library board), and second, their 'personal priority score' (a number the librarian can adjust). The election rule is simple: the librarian with the lowest combined priority+seniority number wins. If two have the same seniority, the one with the lower priority wins. Once elected, the Section Leader becomes the reference point for all borrowing decisions — every other librarian determines their distance to the Section Leader and decides whether to lend books directly or forward requests. In the networking world, the 'seniority number' is the Bridge ID (a 2-byte priority + 6-byte MAC address), and the 'priority score' is the configurable bridge priority. The election uses Bridge Protocol Data Units (BPDUs) — think of them as nomination forms that each switch sends out, containing its own ID and the ID of the switch it believes is the Root. The switch with the lowest Root Bridge ID in the BPDU wins. If there's a tie on priority, the MAC address (the 'seniority number') breaks it — lower MAC wins. This analogy captures the exact mechanism: lowest numeric value wins, ties broken by MAC, and the elected switch becomes the central reference for all path cost calculations.
What is the Root Bridge and Why Does It Exist?
Spanning Tree Protocol (STP), defined in IEEE 802.1D, is a loop-prevention protocol for Ethernet networks. In a redundant switched topology, without STP, broadcast frames would loop infinitely, consuming bandwidth and crashing switches. STP creates a loop-free logical topology by placing some ports in a blocking state. The Root Bridge is the central reference point for all STP decisions — it is the switch that all other switches use to calculate the best path to the root. There is exactly one Root Bridge per broadcast domain (VLAN). All switches agree on which switch is the Root Bridge through an election process.
STP uses Bridge Protocol Data Units (BPDUs) to exchange information. The key field in a BPDU for root election is the Root Bridge ID, which is an 8-byte field consisting of:
Bridge Priority (2 bytes): Default is 32768 (0x8000). Configurable in increments of 4096.
MAC Address (6 bytes): The base MAC address of the switch (usually from the backplane or supervisor module).
The Bridge ID is the combination of priority and MAC. The switch with the lowest Bridge ID wins the election. If priorities are equal, the switch with the lowest MAC address becomes the Root Bridge.
Step-by-Step Election Process
Initial State: Every switch initially considers itself the Root Bridge. It sends BPDUs out all ports (except blocked ports) with its own Bridge ID as both the Root Bridge ID and the Sender Bridge ID.
BPDU Exchange: Switches exchange BPDUs every 2 seconds (Hello Time). When a switch receives a BPDU, it compares the received Root Bridge ID to its own.
Comparison Rule: If the received Root Bridge ID is lower (better) than the switch's own idea of the Root Bridge, the switch updates its Root Bridge ID to the received value and propagates that information in its own BPDUs. If the received Root Bridge ID is higher (worse), the switch ignores it and continues advertising its own.
Convergence: Within a few Hello intervals (typically less than 10 seconds in a stable network), all switches agree on the lowest Bridge ID. That switch becomes the Root Bridge.
STP Timers and Defaults
Hello Time: 2 seconds (default). The interval between BPDU transmissions from the Root Bridge.
Forward Delay: 15 seconds (default). The time spent in listening and learning states before transitioning to forwarding.
Max Age: 20 seconds (default). The maximum time a switch waits before re-electing a new Root Bridge if it stops receiving BPDUs from the current root.
These timers are derived from the diameter of the network (assumed 7 hops max). Changing the Root Bridge does not change these timers, but the Root Bridge's timers are used by all switches.
Configuring Bridge Priority
You can influence the election by setting the bridge priority. Lower priority is better. The priority must be a multiple of 4096 (Cisco's implementation). To make a switch the Root Bridge, set its priority to 0 (lowest possible).
Switch(config)# spanning-tree vlan 1 priority 0Alternatively, you can use the root primary and root secondary macros:
Switch(config)# spanning-tree vlan 1 root primary
Switch(config)# spanning-tree vlan 1 root secondaryThe root primary command sets the priority to 24576 if the current root has priority 32768, or to 4096 less than the current root if it is lower. The root secondary sets priority to 28672, ensuring it becomes the backup root if the primary fails.
Verification Commands
Use show spanning-tree to view the Root Bridge and port roles:
Switch# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0011.2233.4455
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 0011.2233.4455
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/0 Desg FWD 4 128.1 P2p
Gi0/1 Desg FWD 4 128.2 P2pIf the switch is not the root, the output shows the Root Bridge ID separately:
Switch# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24576
Address 0011.2233.4466
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 0011.2233.4455
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
...Another useful command is show spanning-tree root:
Switch# show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- ------ ------ --- --- ----------
VLAN0001 24576 0011.2233.4466 4 2 20 15 Gi0/0How STP Interacts with Related Protocols
Per-VLAN Spanning Tree (PVST/PVST+): Cisco's enhancement runs a separate STP instance per VLAN. Each VLAN has its own Root Bridge election. This allows load balancing by making different switches root for different VLANs.
Rapid Spanning Tree Protocol (RSTP): IEEE 802.1w speeds up convergence but uses the same election process. The Root Bridge is elected identically. RSTP adds edge ports and alternate/backup roles.
Multiple Spanning Tree Protocol (MSTP): IEEE 802.1s maps multiple VLANs to a single STP instance, reducing overhead. The election still uses Bridge ID, but the bridge priority includes a system ID extension (VLAN ID) in the priority field.
Impact of Root Bridge Placement
The Root Bridge should be placed centrally in the network — typically the distribution or core switch. If a low-end access switch becomes root, traffic may traverse suboptimal paths, increasing latency and congestion. Always manually configure the desired root for each VLAN.
Understand the Bridge ID
The Bridge ID is an 8-byte value used in STP BPDUs to identify switches. It consists of a 2-byte bridge priority (default 32768) and a 6-byte MAC address. The priority must be configured in increments of 4096 on Cisco switches. The lower the Bridge ID, the more likely the switch is to become the Root Bridge. For example, a switch with priority 0 and MAC 0011.2233.4455 has a Bridge ID of 0x0000001122334455 (in hex). When comparing, the priority is compared first; if equal, the MAC address (treated as a 6-byte number) decides — lower MAC wins.
BPDU Exchange Begins
When switches boot up, each assumes it is the Root Bridge and sends BPDUs out all ports every 2 seconds (Hello Time). The BPDU contains the Root Bridge ID (initially the switch's own Bridge ID) and the Sender Bridge ID (also its own). Switches listen for BPDUs on all ports. Upon receiving a BPDU, the switch compares the received Root Bridge ID to its own stored Root Bridge ID. If the received ID is lower, the switch updates its Root Bridge ID and begins advertising the new root in its own BPDUs.
Election Decision
The election converges when all switches agree on the lowest Bridge ID. For example, if Switch A has priority 32768 and MAC 0011.2233.4455, Switch B has priority 32768 and MAC 0011.2233.4466, and Switch C has priority 4096 and MAC 0011.2233.4477, the election proceeds as follows: Switch C has the lowest priority (4096), so it becomes Root Bridge. If priorities were equal, the MACs would be compared: 0011.2233.4455 < 0011.2233.4466, so Switch A would win. The elected Root Bridge continues sending BPDUs every 2 seconds; other switches forward these BPDUs with their own Sender Bridge ID but keep the Root Bridge ID unchanged.
Verify the Root Bridge
Use the `show spanning-tree` command to confirm which switch is the Root Bridge. The output shows 'This bridge is the root' if the switch is root, or displays the Root Bridge ID and the root port otherwise. For a quick view, use `show spanning-tree root`. This command lists the root ID, cost, timers, and root port for each VLAN. Example: `show spanning-tree root` for VLAN 1 might show Root ID 24576 with MAC 0011.2233.4466 and cost 4 via Gi0/0. This confirms the root and the path to it.
Configure a Desired Root Bridge
To ensure a specific switch becomes the Root Bridge, set its priority to the lowest value. Use `spanning-tree vlan <vlan-id> priority <0-61440>` (must be multiple of 4096). For example, to make a switch root for VLAN 1, configure `spanning-tree vlan 1 priority 0`. Alternatively, use the macro `spanning-tree vlan 1 root primary` which automatically sets an appropriate priority (24576 if current root is 32768, or 4096 less). For a backup root, use `spanning-tree vlan 1 root secondary` which sets priority to 28672. Always verify with `show spanning-tree`.
Troubleshoot Election Issues
If the wrong switch becomes root, check the bridge priority and MAC addresses. Use `show spanning-tree` on multiple switches to compare their Bridge IDs. If a switch with a very low MAC address (e.g., from an old access switch) becomes root unexpectedly, configure a lower priority on the desired root. Also check for BPDU filter or guard configurations that might block BPDUs. Use `debug spanning-tree events` with caution in a lab to see election messages. Common issues: a switch with priority 32768 but a very low MAC (e.g., 0000.0000.0001) can become root accidentally. Always manually set priorities to avoid surprises.
In an enterprise campus network, the Root Bridge is typically placed in the distribution layer or core. For example, consider a three-tier topology: access switches connect to end devices, distribution switches aggregate access, and core switches connect distribution. The core switch should be the root for all VLANs to ensure optimal path selection. If an access switch becomes root, traffic between users on different access switches would traverse the access layer unnecessarily, increasing latency and potentially oversubscribing uplinks.
Another scenario is load balancing across distribution switches using Per-VLAN Spanning Tree (PVST+). For instance, VLAN 10 traffic can use Distribution-1 as root, while VLAN 20 uses Distribution-2 as root. This splits traffic and uses both uplinks actively. To achieve this, configure spanning-tree vlan 10 root primary on Distribution-1 and spanning-tree vlan 20 root primary on Distribution-2. The secondary root commands ensure failover.
When misconfigured, the most common problem is an unintended root election. For example, if a new switch with a low MAC address is added and no priority is configured, it may become root, causing suboptimal traffic flows. This can lead to high CPU usage on the new switch (due to processing all BPDUs) and potential performance issues. To prevent this, always configure root primary on the desired core switches and root secondary on the backup. Also, use BPDU Guard on access ports to prevent rogue switches from participating in the election.
In large networks with hundreds of VLANs, MSTP is often used to reduce STP instances. The root election for each MST instance works similarly, but the priority field includes a system ID extension (VLAN ID) in the lower 12 bits. Careful planning of root placement is essential to avoid loops and ensure fast convergence.
The CCNA 200-301 exam tests your understanding of the STP Root Bridge election process in Objective 2.5 'Spanning Tree Protocol'. You must know the exact fields used in the election (bridge priority and MAC address) and the rule: lowest Bridge ID wins. Common exam questions present a topology with multiple switches and ask which switch becomes the root.
Common Wrong Answers and Why Candidates Choose Them: 1. Highest priority wins: Some candidates think higher priority (like 4096) is better because it 'sounds' more important. In STP, lower numeric value wins. 2. Highest MAC address wins: Similar confusion — lower MAC wins. The MAC is treated as a 6-byte hexadecimal number; 0011.2233.4455 is less than 0011.2233.4466. 3. The switch with the most ports becomes root: Port count is irrelevant. Only Bridge ID matters. 4. The switch with the lowest IP address becomes root: STP does not use IP addresses. It works at Layer 2.
Specific Values to Memorize: - Default bridge priority: 32768 - Priority increments: 4096 (valid values: 0, 4096, 8192, ..., 61440) - Root primary macro sets priority to 24576 (or 4096 less than current root) - Root secondary macro sets priority to 28672 - Hello Time: 2 seconds, Forward Delay: 15 seconds, Max Age: 20 seconds
Calculation Traps: You may be asked to calculate the Bridge ID given priority and MAC. Remember that priority occupies the first 2 bytes, MAC the last 6. When comparing, treat the entire 8 bytes as a single number or compare priority first, then MAC. Some questions show the Bridge ID in hex: e.g., 0x8000001122334455. The first 4 hex digits are priority (0x8000 = 32768).
Decision Rule for Scenario Questions: 1. List all switches and their Bridge IDs (priority + MAC). 2. Compare priorities: lowest wins. 3. If tie, compare MACs: lowest MAC wins. 4. The winner is the Root Bridge. 5. Remember that after election, all switches calculate their root port and designated ports based on the root.
Root Bridge is elected based on the lowest Bridge ID (priority + MAC).
Default bridge priority is 32768; valid priorities are multiples of 4096 from 0 to 61440.
Use 'spanning-tree vlan <vlan> root primary' to set a switch as root (priority becomes 24576 or lower).
Use 'spanning-tree vlan <vlan> root secondary' for backup root (priority 28672).
Verify root with 'show spanning-tree' or 'show spanning-tree root'.
STP timers (Hello 2s, Forward Delay 15s, Max Age 20s) are propagated from the Root Bridge.
Root Bridge placement should be central (core/distribution) for optimal performance.
These come up on the exam all the time. Here's how to tell them apart.
PVST+ (Per-VLAN Spanning Tree)
Runs a separate STP instance per VLAN
Each VLAN has its own Root Bridge election
More CPU/memory overhead with many VLANs
Cisco proprietary (but based on IEEE 802.1D)
Default STP mode on Cisco switches
MSTP (Multiple Spanning Tree Protocol)
Maps multiple VLANs to a single STP instance (MST instance)
One Root Bridge per MST instance
Less overhead, scales better for large VLAN counts
IEEE 802.1s standard
Requires manual configuration of MST region and instance mapping
Mistake
The switch with the highest bridge priority becomes the Root Bridge.
Correct
The switch with the lowest bridge priority becomes the Root Bridge. For example, priority 0 is better than 4096.
Candidates often think 'higher is better' because of other metrics like bandwidth.
Mistake
The switch with the most ports or highest CPU becomes root automatically.
Correct
Root election is based solely on Bridge ID (priority and MAC). Port count or processing power has no effect.
Real-world assumptions about 'stronger' hardware influencing elections are common.
Mistake
Changing the priority to 0 on any switch guarantees it becomes root immediately.
Correct
Setting priority to 0 makes it the root, but it takes effect after the next BPDU exchange. The election converges within a few Hello intervals.
Candidates expect instant change, not understanding the BPDU propagation delay.
Mistake
The root bridge for one VLAN is the same for all VLANs in PVST+.
Correct
In PVST+, each VLAN runs a separate STP instance, so different switches can be root for different VLANs.
Candidates confuse PVST+ with common STP that runs a single instance.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
STP elects the Root Bridge by comparing Bridge IDs. Each switch sends BPDUs containing its own Bridge ID (priority + MAC). The switch with the lowest Bridge ID becomes the root. If priorities are equal, the lowest MAC address breaks the tie. The election happens automatically when switches boot or when the root fails. You can influence it by setting a lower priority on the desired root switch.
The default bridge priority is 32768 (0x8000). This value is used unless changed. Cisco allows priorities in increments of 4096, so valid values are 0, 4096, 8192, ..., 61440. You can set it with the 'spanning-tree vlan <vlan> priority <value>' command.
Configure a low bridge priority on the desired switch. Use 'spanning-tree vlan <vlan> priority 0' for the best chance, or use the macro 'spanning-tree vlan <vlan> root primary' which automatically sets an appropriate priority (usually 24576). For a backup root, use 'spanning-tree vlan <vlan> root secondary' (priority 28672).
'root primary' sets the bridge priority to 24576 (or 4096 less than the current root if it is lower than 32768), ensuring the switch becomes the root for that VLAN. 'root secondary' sets the priority to 28672, making the switch the backup root if the primary fails. Both are macros that simplify configuration.
No, there is exactly one Root Bridge per VLAN in STP. All switches in the VLAN must agree on a single root. If multiple switches claim to be root, a loop can occur. The election ensures a single root. In PVST+, each VLAN has its own root, but within a VLAN, only one root exists.
When the Root Bridge fails, other switches stop receiving BPDUs from it. After the Max Age timer expires (default 20 seconds), they assume the root is gone and initiate a new election. The switch with the next best Bridge ID becomes the new root. This process takes about 50 seconds (20s Max Age + 15s Forward Delay + 15s Forward Delay) in classic STP, but RSTP converges faster.
Yes, if you set a lower priority than the current root, the switch will become the new root. The election will converge after the next BPDU exchange. For example, if the current root has priority 32768 and you set another switch to priority 24576, that switch will become root. Use 'show spanning-tree' to verify the change.
You've just covered STP Root Bridge Election — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?