This chapter covers Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) — its implementation, convergence mechanics, and how it differs from classic STP (802.1D). For the N10-009 exam, understanding RSTP is critical because it appears in approximately 10-15% of network implementation questions, often in scenarios involving link failures and convergence times. You will need to know port roles, states, and the proposal-agreement process to select correct answers on exam questions that test your ability to troubleshoot slow convergence or identify the protocol in use.
Jump to a section
Imagine a large office building with a fire alarm system. In the old STP system, when a fire alarm (link failure) is pulled, the building manager (root bridge) must manually call every floor (non-root bridge) to verify the evacuation plan. This takes 30-50 seconds because each floor must wait its turn to report and receive new instructions. Now consider RSTP: the building has a modern fire alarm system with smoke detectors on every floor. When a smoke detector (switch port) detects a fire (link failure), it immediately triggers a local alarm (proposal-agreement handshake) and simultaneously sends a broadcast to all floors (BPDU flooding). The floor wardens (designated ports) can instantly redirect people to alternate exits (alternate ports) without waiting for the building manager to call. The system converges in under a second because every floor already knows the building layout (port roles) and has pre-planned evacuation routes (backup paths). The key difference is that RSTP uses a 'push' model where switches proactively negotiate port states, while STP uses a 'pull' model where switches passively wait for timers. This is why RSTP converges in 1-2 seconds versus STP's 30-50 seconds.
What is RSTP and Why Does It Exist?
Rapid Spanning Tree Protocol (RSTP), defined in IEEE 802.1w, is an evolution of the original Spanning Tree Protocol (STP, IEEE 802.1D). STP prevents loops in Ethernet networks by creating a loop-free logical topology, but it converges slowly — taking 30 to 50 seconds after a topology change. This delay is unacceptable in modern networks where high availability demands sub-second failover. RSTP achieves convergence in 1 to 2 seconds by introducing new port roles, states, and a faster handshake mechanism.
How RSTP Works Internally
RSTP retains the core STP concept of electing a root bridge and computing the shortest path to it, but it changes the way ports transition and how switches communicate. The key mechanism is the proposal-agreement handshake.
Port Roles: RSTP defines four port roles: - Root Port (RP): The port on a non-root switch that has the lowest path cost to the root bridge. - Designated Port (DP): The port on a segment that provides the best path to the root bridge. Only one DP per segment. - Alternate Port (AP): A backup port for the root port. It receives better BPDUs from another switch but is not the root port. It provides a path to the root bridge if the root port fails. - Backup Port (BP): A backup port for a designated port. It receives better BPDUs from the same switch (i.e., two ports on the same switch connected to the same segment). It provides a redundant connection to the same segment.
Port States: RSTP reduces the number of port states from five (STP) to three: - Discarding: The port does not forward data frames or learn MAC addresses. It may receive BPDUs. This replaces STP's Blocking, Listening, and Disabled states. - Learning: The port learns MAC addresses but does not forward data frames. - Forwarding: The port learns MAC addresses and forwards data frames.
BPDU Format: RSTP uses the same BPDU format as STP but with two key differences:
The Protocol Version Identifier is set to 2 (802.1D STP uses 0).
The BPDU Type is 2 (STP uses 0).
The Flags field is fully used in RSTP. Specifically, bit 6 is the Proposal flag, and bit 7 is the Agreement flag. Other bits indicate port role and state.
RSTP BPDUs are sent every 2 seconds (hello time) by default, same as STP. However, switches also send BPDUs on all ports, including blocking ports, to detect failures quickly.
The Proposal-Agreement Handshake
When a port first comes up or when a topology change occurs, RSTP uses a three-way handshake to quickly transition the port to forwarding without waiting for timers.
Proposal: The switch sends a BPDU with the Proposal flag set on its designated port. This BPDU says, "I propose to be the designated port on this segment."
Agreement: The neighboring switch, if it agrees (i.e., the port receiving the proposal is its root port), sends back a BPDU with the Agreement flag set. It also immediately transitions its root port to forwarding (if it was not already). The neighboring switch then sends its own proposals on its designated ports downstream.
Sync: The proposing switch, upon receiving the Agreement, transitions its designated port to forwarding. This process propagates down the tree until all ports are in forwarding.
This handshake happens in about 1-2 seconds total, compared to STP's 30-50 seconds of listening and learning.
Edge Ports (PortFast)
RSTP introduces the concept of edge ports, which are ports that connect to end devices (e.g., PCs, printers, servers) and are not expected to form a loop. Edge ports bypass the proposal-agreement handshake and transition directly to forwarding when they come up. This is equivalent to Cisco's PortFast feature in STP. However, if an edge port receives a BPDU, it immediately loses its edge status and becomes a normal spanning tree port.
Point-to-Point and Shared Links
RSTP distinguishes between two link types: - Point-to-point (P2P): A link connecting two switches. This uses the full proposal-agreement handshake. - Shared: A link connecting to a hub (half-duplex). On shared links, RSTP falls back to STP-like behavior using timers because the handshake cannot be reliably performed.
The link type is determined automatically based on duplex mode: full-duplex implies P2P, half-duplex implies shared.
Topology Change Mechanism
RSTP handles topology changes more efficiently than STP:
When a switch detects a topology change (e.g., a port transitions to forwarding), it sends a BPDU with the Topology Change (TC) flag set on all its designated ports and root port.
The root bridge receives the TC BPDU and sets the TC flag on all BPDUs it sends for a period equal to twice the forward delay (default 30 seconds).
All switches receiving these BPDUs immediately flush their MAC address table entries for all ports except the receiving port. This is much faster than STP, which uses a 300-second MAC aging timer.
Timers and Default Values
RSTP uses three timers, same as STP: - Hello Time: 2 seconds (default). The interval between sending BPDUs. - Forward Delay: 15 seconds (default). Used only on shared links or when a switch receives an STP BPDU (backward compatibility). - Max Age: 20 seconds (default). The time a switch waits without receiving a BPDU before re-electing a root bridge. In RSTP, this is only used if the switch does not receive three consecutive BPDUs from its neighbor.
Configuration and Verification
On Cisco IOS, RSTP is enabled by default on most switches (spanning-tree mode rapid-pvst). For MSTP, the RSTP variant is used per instance. Common commands:
! Enable RSTP globally (Cisco)
spanning-tree mode rapid-pvst
! Configure an interface as an edge port
interface GigabitEthernet0/1
spanning-tree portfast
! Verify RSTP status
show spanning-tree
show spanning-tree interface GigabitEthernet0/1 detailOutput example:
SW1# show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0011.2233.4455
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0011.2233.4455
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Root FWD 4 128.2 P2p
Gi0/3 Altn BLK 4 128.3 P2pInteroperation with STP
RSTP is backward compatible with STP (802.1D). If an RSTP switch detects an STP-only neighbor on a port (based on the BPDU version), it reverts to STP behavior on that port, using timers instead of the handshake. This allows gradual migration. However, convergence on that port will be as slow as STP.
Interaction with Related Technologies
RSTP is the foundation for Multiple Spanning Tree Protocol (MSTP, 802.1s), which allows multiple VLANs to be mapped to different spanning tree instances, reducing CPU load. MSTP uses RSTP for rapid convergence within each instance. Also, RSTP is used in Per-VLAN Rapid Spanning Tree (Rapid PVST+), which runs a separate RSTP instance per VLAN (Cisco proprietary).
Key Differences from STP
Convergence time: RSTP: 1-2 seconds; STP: 30-50 seconds.
Port states: RSTP: 3 (Discarding, Learning, Forwarding); STP: 5 (Blocking, Listening, Learning, Forwarding, Disabled).
Port roles: RSTP adds Alternate and Backup roles.
BPDU exchange: RSTP sends BPDUs every hello time on all ports, including blocking; STP only sends on designated ports.
Topology change: RSTP flushes MAC tables immediately; STP uses aging timer (300 seconds).
Handshake: RSTP uses proposal-agreement; STP relies on timers.
Edge ports: RSTP has explicit edge port concept; STP uses PortFast extension.
Root Bridge Election
RSTP elects a root bridge using the same process as STP: the switch with the lowest bridge ID (priority + MAC address) becomes root. Each switch sends BPDUs with its own bridge ID. If a switch receives a BPDU with a lower bridge ID, it stops sending its own and starts forwarding the superior BPDU. The election completes within a few hello intervals (2 seconds each). On the exam, remember that the root bridge is the only switch that has all ports in designated role (except for the root port on itself, which doesn't exist).
Port Role Assignment
Once the root bridge is elected, each non-root switch determines its root port (the port with the lowest path cost to the root bridge). Path cost is calculated based on link speed (e.g., 10 Gbps = 2, 1 Gbps = 4, 100 Mbps = 19, 10 Mbps = 100). On each network segment, the switch with the lowest path cost to the root becomes the designated port. All other ports become alternate or backup ports (discarding). This assignment happens quickly because RSTP uses the same algorithm as STP but without waiting for timers.
Proposal-Agreement Handshake
After port roles are assigned, each designated port sends a BPDU with the Proposal flag set. The neighboring switch, upon receiving the proposal on its root port, immediately sends back an Agreement BPDU and transitions its root port to forwarding. The proposing switch then transitions its designated port to forwarding. This handshake propagates from the root bridge outward, converging the entire network in under a second. If a switch receives a proposal on a non-root port, it rejects it by sending a BPDU with the Proposal flag cleared (indicating it is not in agreement).
Edge Port Bypass
Ports configured as edge ports (or detected as such by not receiving BPDUs) skip the handshake entirely and transition directly to forwarding. This is critical for connecting end devices that expect immediate network access. On Cisco switches, edge ports are configured with 'spanning-tree portfast'. If an edge port receives a BPDU, it immediately loses its edge status and reverts to normal RSTP behavior, which might cause a temporary loop if the port was already forwarding. This is a common exam trap: edge ports should only be used on access ports, not on links to other switches.
Topology Change Notification
When a switch detects a topology change (e.g., a port transitions to forwarding or a link goes down), it sends a BPDU with the TC flag set on all its designated ports and root port. The root bridge receives this and sets the TC flag on all BPDUs it sends for a period of twice the forward delay (30 seconds). All switches receiving these BPDUs immediately flush their MAC address table entries for all ports except the receiving port. This ensures that MAC addresses are relearned quickly, preventing black holes. On the exam, remember that RSTP flushes MAC tables immediately on TC, unlike STP which waits for the aging timer.
Scenario 1: Data Center Leaf-Spine Architecture In a modern data center using leaf-spine topology, each leaf switch connects to every spine switch. Without STP, this creates loops. RSTP is used to provide loop-free Layer 2 connectivity while allowing multiple paths for redundancy. The leaf switches run RSTP (often Rapid PVST+ or MSTP) to elect a root bridge (typically a spine switch). The proposal-agreement handshake ensures that if a spine switch fails, the alternate ports on the leaf switches transition to forwarding in under a second. In production, engineers must ensure that all inter-switch links are full-duplex (point-to-point) to leverage RSTP's fast convergence. Shared links (half-duplex) would force RSTP to fall back to timer-based convergence, causing delays. Common misconfiguration: forgetting to configure edge ports on server-facing interfaces, causing servers to wait for the handshake (though edge ports are automatic if no BPDUs are received, it's safer to explicitly configure them).
Scenario 2: Campus Network with Redundant Distribution A campus network has two distribution switches and multiple access switches. The access switches connect to both distribution switches for redundancy. RSTP ensures that only one path is active at a time. The root bridge is set to one distribution switch via priority configuration. If the primary distribution switch fails, the access switches' alternate ports (connected to the secondary distribution) become root ports and transition to forwarding via the handshake. Performance-wise, RSTP converges in 1-2 seconds, which is acceptable for most campus traffic. However, for voice or video, sub-50ms failover is needed, which requires technologies like REP (Resilient Ethernet Protocol) or TRILL. A common pitfall: using default STP timers on RSTP-enabled switches — RSTP ignores forward delay on point-to-point links, but if a shared link is present, convergence slows to 30 seconds. Engineers must verify duplex settings.
Scenario 3: Virtualized Environment with vSwitches Virtual switches (e.g., VMware vSphere Distributed Switch) can also run RSTP to prevent loops when multiple uplinks are used. In this scenario, RSTP operates between the virtual switch and physical switches. The virtual switch acts as a regular RSTP bridge. A common issue is that virtual switches may not support RSTP fully and may fall back to STP, causing slow convergence. Engineers should check compatibility and consider using link aggregation (LACP) instead of STP for redundancy.
What N10-009 Tests on RSTP The exam objectives (Domain 2.1: Network Implementation) test your ability to:
Compare and contrast STP and RSTP.
Identify RSTP port roles (Root, Designated, Alternate, Backup) and states (Discarding, Learning, Forwarding).
Understand convergence times: RSTP = 1-2 seconds; STP = 30-50 seconds.
Recognize the proposal-agreement handshake as the mechanism for fast convergence.
Know that edge ports (PortFast) bypass the handshake.
Understand that RSTP is backward compatible with STP and falls back to timer-based convergence on shared links or with STP neighbors.
Common Wrong Answers and Why 1. "RSTP uses the same five port states as STP." — Wrong. RSTP uses three states: Discarding, Learning, Forwarding. Blocking, Listening, and Disabled are collapsed into Discarding. 2. "RSTP convergence is faster because it reduces the hello timer." — Wrong. The hello timer remains 2 seconds. Speed comes from the proposal-agreement handshake, not timer reduction. 3. "RSTP eliminates the root bridge election." — Wrong. RSTP still elects a root bridge using the same bridge ID comparison. 4. "Edge ports are used for switch-to-switch links to speed convergence." — Wrong. Edge ports are for end devices. Using them on switch links can cause loops.
Numbers to Memorize - Default hello time: 2 seconds - Default forward delay: 15 seconds (used only on shared links or with STP neighbors) - Default max age: 20 seconds - RSTP convergence: 1-2 seconds (up to 5 seconds in some implementations) - STP convergence: 30-50 seconds - RSTP BPDU version: 2 - RSTP BPDU type: 2 - Proposal bit: bit 6 of flags - Agreement bit: bit 7 of flags
Edge Cases - If a switch receives a BPDU on an edge port, the port loses edge status and may cause a temporary loop. The exam may test that edge ports should be used only on access ports. - On shared links (half-duplex), RSTP cannot use the handshake and falls back to STP timers (forward delay). - RSTP sends BPDUs every hello time on all ports, including discarding ports. This allows faster detection of link failures.
How to Eliminate Wrong Answers - If a question mentions "30 seconds" or "50 seconds" convergence, the answer involves STP, not RSTP. - If a question mentions "Blocking" or "Listening" states, it's STP — RSTP uses Discarding. - If a question describes a handshake with Proposal and Agreement flags, it's RSTP. - If a question says "PortFast," it's an STP feature; in RSTP, it's called an edge port.
RSTP (802.1w) converges in 1-2 seconds, compared to STP's 30-50 seconds, due to the proposal-agreement handshake.
RSTP uses three port states: Discarding, Learning, Forwarding — not five like STP.
RSTP adds Alternate (backup for root port) and Backup (backup for designated port) roles.
Edge ports (PortFast) bypass the handshake and transition directly to forwarding.
RSTP sends BPDUs every 2 seconds on all ports, including discarding ports, for faster failure detection.
On shared links (half-duplex), RSTP falls back to STP-like timer-based convergence.
RSTP is backward compatible with STP; if a neighbor sends STP BPDUs, the port reverts to STP.
Topology changes in RSTP cause immediate MAC table flush, not a 300-second timer.
The root bridge election process is identical to STP (lowest bridge ID wins).
Default timers: hello 2 sec, forward delay 15 sec, max age 20 sec.
These come up on the exam all the time. Here's how to tell them apart.
STP (802.1D)
Convergence time: 30-50 seconds (listening + learning)
Five port states: Blocking, Listening, Learning, Forwarding, Disabled
Port roles: Root, Designated, Blocked (no Alternate/Backup roles)
BPDUs sent only on designated ports every hello time
Topology change: MAC aging timer set to 300 seconds
RSTP (802.1w)
Convergence time: 1-2 seconds (proposal-agreement handshake)
Three port states: Discarding, Learning, Forwarding
Port roles: Root, Designated, Alternate, Backup
BPDUs sent on all ports every hello time (including discarding)
Topology change: immediate MAC table flush on TC notification
Mistake
RSTP eliminates the need for a root bridge.
Correct
RSTP still elects a root bridge using the same bridge ID (priority + MAC address) as STP. The root bridge is the central point for topology calculation.
Mistake
RSTP uses the same five port states as STP.
Correct
RSTP uses only three port states: Discarding, Learning, and Forwarding. The STP states Blocking, Listening, and Disabled are all mapped to Discarding in RSTP.
Mistake
RSTP converges faster because its timers are shorter.
Correct
RSTP's timers (hello, forward delay, max age) are the same as STP defaults. The speed comes from the proposal-agreement handshake, which bypasses the timer-based transition.
Mistake
Edge ports are used for connections between switches to speed convergence.
Correct
Edge ports are intended for end devices (PCs, servers) that do not generate BPDUs. Using edge ports on switch-to-switch links can cause loops if a BPDU is received, and the port loses its edge status.
Mistake
RSTP is not compatible with STP and requires all switches to support it.
Correct
RSTP is backward compatible with STP. When an RSTP switch detects an STP neighbor on a port, it reverts to STP behavior on that port, using timers instead of the handshake.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
RSTP converges in 1-2 seconds, while STP takes 30-50 seconds. RSTP uses a proposal-agreement handshake that transitions ports to forwarding without waiting for listening and learning timers. STP relies on forward delay timers (15 seconds each for listening and learning). On the exam, remember that RSTP is much faster, but both use the same hello timer (2 seconds).
RSTP has four port roles: Root Port (best path to root bridge), Designated Port (best path on a segment), Alternate Port (backup for root port), and Backup Port (backup for designated port). Alternate and Backup ports are in discarding state. The exam may ask you to identify these roles from a topology diagram.
When a switch detects a topology change (e.g., a port transitions to forwarding), it sends a BPDU with the Topology Change (TC) flag set on all its designated ports and root port. The root bridge then sends BPDUs with the TC flag for twice the forward delay (30 seconds). All switches receiving these BPDUs immediately flush their MAC address tables for all ports except the receiving port. This is faster than STP, which uses a 300-second aging timer.
An edge port is a port that connects to an end device (e.g., PC, server) and is not expected to form a loop. Edge ports bypass the proposal-agreement handshake and transition directly to forwarding. On Cisco, this is configured with 'spanning-tree portfast'. If an edge port receives a BPDU, it loses its edge status and becomes a normal spanning tree port. The exam tests that edge ports should only be used on access ports, not on trunk links to other switches.
Yes, RSTP is backward compatible with STP (802.1D). When an RSTP switch receives an STP BPDU on a port, it reverts to STP behavior on that port, using timers (forward delay) instead of the proposal-agreement handshake. This allows gradual migration but results in slower convergence on that port. The exam may ask about this fallback mechanism.
The proposal-agreement handshake is a three-way process that quickly transitions ports to forwarding. A designated port sends a BPDU with the Proposal flag set. The neighboring switch, if it agrees (the port is its root port), sends back an Agreement BPDU and immediately transitions its root port to forwarding. The proposing switch then transitions its designated port to forwarding. This handshake propagates from the root bridge outward, converging the network in under a second.
RSTP uses the same default timers as STP: hello time = 2 seconds, forward delay = 15 seconds, max age = 20 seconds. However, on point-to-point links, RSTP ignores forward delay and uses the handshake. The forward delay is only used on shared links (half-duplex) or when interoperating with STP. The exam expects you to know these numbers.
You've just covered RSTP Implementation and Convergence — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?