Spanning Tree Protocol (STP) prevents Layer 2 loops in switched networks with redundant paths. Without STP, a broadcast storm would instantly saturate all links and crash the network. CompTIA Network+ N10-009 tests STP operation, port states, root bridge election, and modern variants (RSTP, MSTP). STP questions appear in implementation and troubleshooting domains — recognizing STP symptoms and understanding the protocol's role in network stability is essential.
Practice this topic
Layer 2 networks with redundant paths form loops. Ethernet frames have no TTL field — unlike IP packets, a looping Ethernet frame never expires. A broadcast frame entering a loop multiplies exponentially as each switch floods it to all ports — within seconds, all bandwidth is consumed (broadcast storm). Switches' MAC tables also become unstable as MAC addresses appear to move between ports rapidly (MAC flapping).
STP (IEEE 802.1D) solves this by logically blocking redundant paths while keeping them available for failover. The blocked path activates automatically if the primary path fails, providing resilience without permanent loops.
STP elects a root bridge — the switch with the lowest Bridge ID (priority + MAC address). Default priority is 32768; lower priority = better chance of becoming root. All other switches calculate the lowest-cost path to the root bridge. Ports on the lowest-cost paths become designated or root ports; redundant ports enter blocking state.
STP port states (802.1D): Blocking (receives BPDUs only, discards data frames, not forwarding), Listening (processes BPDUs, 15 seconds), Learning (learns MAC addresses but not forwarding data, 15 seconds), Forwarding (normal operation), Disabled (administratively shut down). Convergence time: 30–50 seconds total.
RSTP (802.1w — Rapid STP): the modern replacement, converges in 1–2 seconds. Introduces new port roles: Alternate (blocked alternate to root) and Backup (redundant on same segment). RSTP is backward compatible with STP. Virtually all modern deployments use RSTP.
Root port: the port on each non-root switch that has the best path to the root bridge (forwarding). Designated port: the port on each network segment that is closest to the root bridge (forwarding). Non-designated port: a redundant port that is blocked to prevent loops.
PortFast (Edge port in RSTP): immediately transitions access ports to forwarding state — eliminates 30-second delay for end-device connections. Only use on access ports connected to end devices. BPDU Guard: disables a PortFast port if it receives STP BPDUs — prevents rogue switches or user-connected hubs from affecting STP topology. Root Guard: prevents a port from becoming a root port — protects the STP root bridge placement.
MSTP (Multiple Spanning Tree Protocol, 802.1s): allows multiple VLANs to be mapped to different spanning tree instances — enables load balancing across redundant links by having different VLANs use different blocked ports.
STP causes network downtime — it should be disabled
STP should never be disabled on switches with redundant paths — without it, a broadcast storm would take down the entire network. Disable STP only on edge ports using PortFast, never on switch uplinks
RSTP and STP are incompatible
RSTP (802.1w) is backward compatible with STP (802.1D) — a network can have a mix of STP and RSTP switches, though the STP switches revert convergence to slower STP timers on segments they share
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A network administrator notices that workstations take 30 seconds to connect to the network after being powered on or reconnecting a cable. Which feature should be enabled to eliminate this delay?
Explanation: PortFast causes the switch port to skip the STP Listening (15s) and Learning (15s) states and immediately transition to Forwarding. This eliminates the ~30-second delay for end-device access ports. PortFast should only be used on ports connected to single end devices, always paired with BPDU Guard to prevent rogue switches.
The switch with the lowest Bridge ID becomes the root bridge. Bridge ID = Priority (16-bit, default 32768) + System ID extension + MAC address. To control which switch becomes root: lower its priority (e.g., set to 4096 for primary, 8192 for secondary). The lowest priority wins; if tied, the lowest MAC address breaks the tie. Cisco's 'spanning-tree vlan X root primary' command automatically sets an appropriate priority.
Try free Spanning Tree practice questions with explanations, topic links and progress tracking.