Since I just posted a reply on another post about why STP should not be left to its default settings, I thought I would post a more detailed version here. Let me know if I got anything wrong and I will correct it. The purpose of this tutorial is to show the importance of proper root bridge placement. It is written for those who have a basic understanding of STP.
The purpose of STP is to allow you to have a network with redundancy while eliminate bridging loops. However, it is very important that STP be configured properly, otherwise an undesirable network topology can result from an improper STP configuration or by leaving STP to its default settings. STP establishes a loop free layer 2 network by electing one switch as the root bridge, then calculates the lowest cost path to that root bridge. STP calculates the root bridge first by choosing the switch with the lowest priority. If the priorities are the same, then the switch with the lowest MAC address is chosen. The default priority of Cisco switches is 32,768. The combination of the priority value and MAC address is known as the bridge id.
If a switch sees more than one path to the root bridge, the lowest cost path is chosen. If the paths have equal costs going through different upstream switches, the switch with the lowest bridge id is chosen.
In a redundant core HSRP network, all traffic meant for another VLAN or the internet will need go to the default gateway in the active router.
Now if the STP priorities are left to the default settings, this is a possible topology that can result-
Since switch C has the lowest MAC address of all the switches on the network it will be the root bridge. All switches will try to establish the lowest cost path to switch C. Since the 2 core switches have direct connections to switch C, those links will be in forwarding state. The link between the two cores will go into blocking state. Switches D and E don't have direct connections to switch C. However, both of them have 2 equal cost paths going through the cores. Since Core B has a lower MAC address than core A, the links to core B will going into forwarding states and the links to core A will go into blocking states.
Now if any traffic has to go though the default gateway in core A, it will have to take the path that is shown. Link 1 will now handle all of the traffic of the entire LAN. Not a very good thing.
This is a proper configuration of STP priorities-
In a redundant core HSRP network, the active router needs to have the lowest priority value and the standby router needs to have the second lowest priority value. Under normal operations core A has the lowest priority value and will be elected the root bridge. All the links connected to core A will be in the forwarding state and the links to core B will be in the blocking state. In the event that core A fails, core B will become the root bridge because its value of 4096 is now the lowest on the network. All the links to core B will now go into the forwarding state. To set the priority values of a switch, run the command-spanning-tree vlan [vlan range] priority [# value]
You might ask why I chose the value of 4096 instead of 2. Because Cisco switches use extended system-id, the normal 2 byte (or 16 bit) value used for priority is divided up into 2 sections. 12 of the bits are used for the vlan ID and only 4 bits are used for the priority multiplier. With only 4 bits to cover the range of 0-61440, the priority values can only be set in increments of 4096.
Now Cisco does have the command spanning-tree vlan [vlan range] root [primary, secondary]
. This is a one time macro that will run the commands necessary to make the switch the lowest priority on the network at the time that is entered. If all switches are at the default value, it will set the switch priority to 24,576 for the primary and 28,672 for the secondary. If another switch already has a lower than default priority value, running the primary
command will set the priority to 4096 below the current lowest priority on the network. However, if another switch is added to the network accidentally or maliciously with a lower priority value after the command is entered, the new switch will become the root bridge. So I would recommend that you use the priority commands instead.