Wrong Switch Elected as STP Root Bridge
Presenting Symptom
End users in VLAN 10 report intermittent connectivity issues, and network monitoring shows high CPU utilization on a low-end access switch that is unexpectedly acting as the root bridge for the spanning tree.
Network Context
A small branch office with three Cisco Catalyst 2960 switches (SW1, SW2, SW3) connected in a triangle topology. SW1 is a high-end model intended as the root bridge, SW2 and SW3 are lower-end access switches. All switches run IOS 15.0 and use Rapid PVST+. The network has multiple VLANs, but the issue is observed in VLAN 10.
Diagnostic Steps
Identify the current root bridge for VLAN 10
show spanning-tree vlan 10VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 0011.2233.4455
This bridge is the root
Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address 0011.2233.4455
...The output shows that this switch (SW3) is the root bridge. The priority 24586 (24576 + 10) indicates the default priority was used. If the intended root bridge (SW1) had a lower priority, it would be listed as the root. This confirms the wrong switch is root.
Check the root bridge status on the intended root bridge (SW1)
show spanning-tree vlan 10VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 0011.2233.4455
Cost 19
Port GigabitEthernet0/1
Bridge ID Priority 28682 (priority 28672 sys-id-ext 10)
Address 0011.2233.4456
...SW1 sees SW3 as the root (priority 24586) and is not root itself. Its bridge priority is 28682 (28672+10), which is higher than SW3's, so SW1 will never become root. This confirms SW1 has not been configured with a lower priority.
Verify the current bridge priority on all switches
show running-config | include spanning-tree vlan 10On SW1: (no output) On SW2: (no output) On SW3: (no output)
No manual spanning-tree priority configuration is present on any switch. All switches are using the default priority (32768), but due to the system ID extension, the effective priority becomes 32768 + VLAN ID. Since all have the same priority, the root is elected based on lowest MAC address. SW3 has the lowest MAC (0011.2233.4455), so it becomes root.
Check the MAC addresses of all switches to confirm root election
show version | include System serial numberOn SW1: System serial number : FOC12345678 On SW2: System serial number : FOC87654321 On SW3: System serial number : FOC11223344
The MAC addresses are not directly shown here, but the serial numbers help identify switches. To see MAC, use 'show interfaces' or 'show spanning-tree' on each. The root bridge is the one with the lowest MAC address. In this case, SW3 has the lowest MAC, confirming it was elected root by default.
Root Cause
The root bridge for VLAN 10 was not manually configured. All switches are using the default spanning-tree priority (32768), so the root is elected based on the lowest MAC address. The low-end access switch SW3 has the lowest MAC address, making it the root bridge. This causes suboptimal traffic flow and high CPU on SW3, as it must process all BPDUs and topology changes for the VLAN.
Resolution
Verification
On SW1, run 'show spanning-tree vlan 10'. Expected output: VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 24586 Address 0011.2233.4456 This bridge is the root Bridge ID Priority 24586 (priority 24576 sys-id-ext 10) Address 0011.2233.4456 ... This confirms SW1 is now the root bridge. On SW3, run the same command; it should show SW1 as root with a cost of 19 via the appropriate port.
Prevention
1. Always manually configure the root bridge and secondary root bridge for each VLAN using 'spanning-tree vlan <vlan> root primary' and 'secondary' commands. 2. Use a consistent naming or MAC address scheme to avoid unexpected root elections. 3. Document the intended root bridge location and verify with 'show spanning-tree' after any network changes.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests understanding of STP root bridge election and the impact of default priorities. Questions may present a troubleshooting scenario where a switch with a lower MAC address becomes root, causing performance issues. Candidates must know that the root bridge is elected by lowest bridge ID (priority + MAC), and that manual configuration with 'spanning-tree vlan <vlan> root primary' is the recommended method to control root placement.
Exam Tips
Remember that the default bridge priority is 32768, and the system ID extension adds the VLAN ID, so effective priority = 32768 + VLAN ID.
The 'spanning-tree vlan <vlan> root primary' command sets priority to 24576, which is lower than default, ensuring the switch becomes root.
Be able to interpret 'show spanning-tree' output to identify the root bridge and its priority, and know that 'This bridge is the root' indicates the local switch is root.
Commands Used in This Scenario
show running-config
Displays the current active configuration in DRAM, showing all non-default settings.
show spanning-tree
Displays the Spanning Tree Protocol (STP) state and configuration for all VLANs or a specific VLAN, used to verify root bridge, port roles, and STP topology.
spanning-tree vlan [id] root primary
This command configures a switch as the root bridge for a specific VLAN by setting its bridge priority to 24576 (or lower if another switch has a lower priority), ensuring it becomes the root bridge in the Spanning Tree Protocol (STP) topology.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions