STP Troubleshooting SOP

Modified on Fri, 12 Jun at 3:55 PM

SPANNING TREE PROTOCOL (STP) TROUBLESHOOTING - STANDARD OPERATING PROCEDURE

Knowledge Base Article

Document ID: KB-STP-001
Version: 1.0
Last Updated: June 12, 2026
Platform: Juniper Networks (EX Series, QFX, vEX)
Status: Production

1. OVERVIEW

Spanning Tree Protocol (STP) prevents network loops in Layer 2 switched environments by creating a loop-free logical topology. This SOP provides comprehensive troubleshooting guidance for STP-related issues including convergence delays, topology changes, and port blocking problems.

1.1 Objective

Quickly identify STP topology issues
Diagnose convergence problems
Resolve blocking and forwarding state issues
Provide escalation path for complex scenarios

1.2 Scope

This document covers: - STP (802.1D) - Rapid STP (RSTP/802.1w) - Multiple Spanning Tree (MSTP/802.1s) - Bridge Protocol Data Units (BPDU) analysis - Port cost and priority configuration

2. COMMON STP SYMPTOMS & ISSUES

Issue	Symptoms	Root Cause
Slow Convergence	Network unreachable for 30+ seconds after link failure	High forward delay, slow BPDU processing, RSTP not enabled
Unexpected Port Blocking	Port stuck in Blocking state despite no loop risk	Incorrect port cost, priority misconfiguration, BPDU issues
All Ports Blocked	Entire switch blocked in MSTP region	Root bridge election failure, region misconfiguration
Topology Instability	Constant BPDU changes and port state transitions	Bridge priority conflict, loop detection triggering
Root Bridge Issue	Wrong switch elected as root	Priority not configured correctly, bridge ID collision
TCN Storms	Excessive Topology Change Notifications	Loop present, port flapping, upstream convergence issue
BPDU Transmission Failure	No BPDUs transmitted on ports	Protocol not enabled, port misconfiguration, hardware issue
MSTP Region Mismatch	MSTP instances not synchronizing	Region name/revision mismatch, instance number conflict
Port Priority Issues	Backup port not becoming root port on failover	Static cost overriding RSTP calculations

3. PREREQUISITES FOR TROUBLESHOOTING

Before starting troubleshooting, ensure you have:

Access to all switches in STP topology (root, bridges, edge switches)
CLI access with proper network credentials
Network topology diagram showing bridge hierarchy
Baseline STP configuration and expected root bridge
Documentation of port costs and priorities
Permission to enable debug/trace on switches
Storage for BPDU captures (minimum 100MB)
Maintenance window scheduled if reconfiguration needed

4. UNDERSTANDING STP BASICS (QUICK REFERENCE)

STP Port States

State	Packets Forwarded	BPDUs Processed	Time	Purpose
Disabled	No	No	N/A	Port shutdown
Blocking	No	Yes	0s	Discard phase, prevents loops
Listening	No	Yes	Forward Delay	Preparation for forwarding
Learning	No	Yes	Forward Delay	Build MAC address tables
Forwarding	Yes	Yes	Ongoing	Normal operation

Key Bridge Parameters

Bridge Priority: 0-61440 (lower = root bridge)
Bridge ID: Priority + MAC Address
Root Path Cost: Sum of all port costs to root
Port Cost: Lower values have priority (default: based on link speed)
Forward Delay: Time in Listening/Learning states (default: 15 seconds)
BPDU Hello Time: 2 seconds between BPDUs
Max Age: Time to wait for new BPDU (default: 20 seconds)

5. INITIAL DIAGNOSTIC STEPS

Step 1: Verify STP Status and Root Bridge

Command:

show spanning-tree bridge
show spanning-tree brief

Expected Output:

Bridge ID : 32768.00:01:02:03:04:05 (Root)
Designated Root : 32768.00:01:02:03:04:05
Root Cost : 0
Root Port : (none) - This is Root Bridge
Hello Time : 2
Max Age : 20
Forward Delay : 15

What to Look For: - ✓ Bridge ID shows expected root bridge - ✓ Root Cost = 0 on root bridge - ✓ All parameters match configuration - ✗ Bridge ID doesn’t match expected root - ✗ Multiple bridges show Bridge ID = Designated Root

Step 2: Check Port States and Roles

Command:

show spanning-tree interface
show spanning-tree port

Expected Output:

Interface State Role Cost Priority
ge-0/0/0.0 Forwarding Root Port 20000 128.0
ge-0/0/1.0 Forwarding Designated 20000 128.1
ge-0/0/2.0 Blocking Alternate 20000 128.2

Interpret Port States: - ✓ Root bridge shows Root Ports or Designated Ports - ✓ Non-root bridges show one Root Port - ✓ Designated ports in Forwarding state - ✓ Alternate/Backup ports in Blocking state - ✗ All ports in Blocking = Configuration issue - ✗ Multiple root ports on same bridge = Loop present

Step 3: Review STP Configuration

Command:

show configuration protocols rstp
show configuration interfaces | grep -i "stp\|spanning"

Check for:

set protocols rstp bridge-priority 4096
set interfaces ge-0/0/0 unit 0 family bridge
set interfaces ge-0/0/0 unit 0 family bridge port-mode access

Step 4: Analyze BPDU Statistics

Command:

show spanning-tree statistics
show spanning-tree port ge-0/0/0.0 statistics

Key Metrics: - BPDUs Sent: Should increase steadily (1 per hello-time per port) - BPDUs Received: Should be non-zero on all spanning-tree ports - TCNs Received: Should be low (spike indicates topology changes) - Config Errors: Should be zero

Interpret Results: - ✓ BPDUs Sent/Received increasing = Normal - ✗ BPDUs Received = 0 = Port not receiving updates - ✗ TCNs Received > 10/minute = Instability - ✗ Config Errors > 0 = BPDU format mismatch

6. STEP-BY-STEP TROUBLESHOOTING WORKFLOWS

SCENARIO 1: Slow Convergence (Recovery Time > 30 seconds)

Step 1.1: Identify STP Version in Use

show spanning-tree bridge | grep "Rapid"
show configuration protocols | grep -E "rstp|mstp"

RSTP should converge in 3-6 seconds
Classic STP can take 30+ seconds (Forward Delay × 2)

Step 1.2: Enable RSTP if Possible

set protocols rstp
set protocols rstp disable false
commit
show spanning-tree bridge (verify RSTP enabled)

Step 1.3: Check Forward Delay Settings

show spanning-tree bridge | grep "Forward Delay"
show configuration protocols rstp | grep "forward-delay"

If STP (not RSTP), reduce forward delay: set protocols stp forward-delay 5
Note: Minimum is 4 seconds per standard

Step 1.4: Verify Port Speed Configuration

show interfaces ge-0/0/0.0 terse
show spanning-tree port ge-0/0/0.0 detail

Port speed affects default cost
Ensure speeds match expected values

Step 1.5: Check for Edge Port Configuration

show configuration interfaces | grep "stp\|edge"
show spanning-tree port ge-0/0/0.0 | grep "Edge"

Edge ports bypass Listening/Learning states
Enable on access ports: set interfaces ge-0/0/24 unit 0 family bridge edge-port

Step 1.6: Test Convergence Time

# Simulate link failure by shutting down port
set interfaces ge-0/0/0 disable
commit

# On another switch, monitor when port becomes unreachable
monitor interface statistics (measure time until port marked down)

# Re-enable port
delete interfaces ge-0/0/0 disable
commit

SCENARIO 2: Port Stuck in Blocking State

Step 2.1: Verify Port is Not Root Port

show spanning-tree port ge-0/0/0.0 detail

Should show “Role: Alternate” or “Role: Backup”
If Role = Root Port but Blocking, topology issue exists

Step 2.2: Check Port Cost

show spanning-tree port ge-0/0/0.0 | grep -i cost
show configuration interfaces ge-0/0/0.0 | grep cost

Compare with other ports: show spanning-tree port | grep Cost
Lower cost = higher priority to become root port

Step 2.3: Verify Designated Bridge Information

show spanning-tree port ge-0/0/0.0 detail | grep -i "designated"

If different designated bridge, port blocking is correct
If designated bridge is local, verify BPDU transmission

Step 2.4: Check for Port Priority Issues

show spanning-tree port ge-0/0/0.0 detail | grep -i priority
show configuration interfaces ge-0/0/0.0 | grep priority

Higher priority value = lower chance of selection
Adjust if needed: set interfaces ge-0/0/0 unit 0 family bridge priority 16

Step 2.5: Monitor BPDU Flow

SCENARIO 3: Multiple Root Bridges (Topology Instability)

Critical: Indicates Loop or Configuration Error

Step 3.1: Compare Bridge IDs Across All Switches

# Run on each switch:
show spanning-tree bridge | head -5

Document which bridge ID shows “Root”
Multiple bridges showing Root = Serious issue

Step 3.2: Collect Topology Information

# On each switch:
show spanning-tree port | grep -E "Root Port|Designated"
show spanning-tree bridge

Step 3.3: Analyze Root Bridge Election

# Calculate bridge priority + MAC
# Priority set with: set protocols rstp bridge-priority XXX
show configuration protocols rstp | grep priority

Expected root bridge should have lowest priority value
If not, adjust: set protocols rstp bridge-priority 4096

Step 3.4: Check for Bridge ID Collision

show spanning-tree bridge | grep "Bridge ID"

If two bridges show identical Priority, MAC must differ
If priority too high on intended root, lower it

Step 3.5: Look for Configuration Conflicts

show configuration protocols | grep -E "stp|rstp|mstp"

Verify all bridges configured with same protocol (STP/RSTP/MSTP)
Check region name matches in MSTP

Step 3.6: Force Root Bridge Recalculation

# Clear STP states (only if safe):
clear spanning-tree interface all
commit

# Or reconfigure root bridge explicitly:
set protocols rstp bridge-priority 0
commit

SCENARIO 4: TCN Storm (Excessive Topology Changes)

Step 4.1: Identify Port Triggering TCNs

show spanning-tree statistics all | grep -i TCN
show log messages | grep -i "topology.*change" | tail -30

Step 4.2: Check for Port Flapping

If interface flapping, resolve underlying physical issue
See Interface Flap troubleshooting SOP

Step 4.3: Verify No Loops Exist

# Create test traffic on affected VLAN
# Monitor if traffic loops back to source

# Check switch port connections:
show spanning-tree port | grep ge-0/0/0.0

Trace port to connected switch
Verify loop-free topology

Step 4.4: Check BPDU Guard

show configuration interfaces ge-0/0/0 | grep -i "bpdu\|guard"
show spanning-tree port ge-0/0/0.0 | grep -i "guard"

BPDU Guard can trigger TCNs
Disable if falsely triggering: delete interfaces ge-0/0/0 family bridge bpdu-guard-action

Step 4.5: Increase TCN Throttle

show configuration protocols rstp | grep -i "tcn"
set protocols rstp max-age 40
set protocols rstp forward-delay 15
commit

This increases time before port state changes
Use only for unstable networks

SCENARIO 5: MSTP Region Mismatch

Step 5.1: Verify MSTP Configuration

show spanning-tree bridge | grep -i "region\|instance"
show configuration protocols mstp

Step 5.2: Check Region Name and Revision

show spanning-tree mstp region-info
show configuration protocols mstp region-name
show configuration protocols mstp revision-level

Region name and revision must match across all region members
Instance numbers must be consistent

Step 5.3: Sync MSTP Configuration

# On each MSTP bridge, set matching region:
set protocols mstp region-name "RegionName"
set protocols mstp revision-level 1

# Configure same MSTP instances:
set protocols mstp instance 1 bridge-priority 4096
set protocols mstp instance 2 bridge-priority 8192
commit

Step 5.4: Verify Instance Convergence

show spanning-tree mstp instance all
show spanning-tree mstp instance 1 port detail

7. LOG COLLECTION PROCEDURE

7.1 Collecting Basic STP Logs (No Downtime)

Execute on ALL switches in topology:

# Collect STP status information
show spanning-tree bridge > stp_bridge_info.txt
show spanning-tree port > stp_port_status.txt
show spanning-tree interface > stp_interface_detail.txt
show spanning-tree brief > stp_brief.txt

# Collect detailed port information
show spanning-tree port ge-0/0/0.0 detail > stp_port_ge0_0_0_detail.txt
show spanning-tree port statistics > stp_port_statistics.txt

# Collect STP configuration
show configuration protocols rstp > stp_configuration.txt
show configuration protocols mstp >> stp_configuration.txt

# Collect BPDU information
show spanning-tree statistics > stp_bpdu_stats.txt

# Collect interface information
show interfaces terse > interface_status.txt
show interfaces ge-0/0/0.0 detail > interface_detail.txt

# Collect system information
show system information > system_info.txt
show chassis routing-engine > system_status.txt

7.2 Collecting System Logs

Command:

7.3 Enabling STP Debug Traces

WARNING: Increases CPU usage - use for active troubleshooting only

Step 1: Enable Protocol Tracing

set protocols rstp traceoptions file stp_debug.log
set protocols rstp traceoptions flag bpdu-recv
set protocols rstp traceoptions flag bpdu-send
set protocols rstp traceoptions flag topology-change
commit

# Monitor in real-time:
show log stp_debug.log | tail -f

Step 2: Reproduce Issue - Trigger topology change - Allow 60-90 seconds of trace capture - Monitor BPDU transmission/reception

Step 3: Collect Trace File

show log stp_debug.log | last 1000 > stp_debug_complete.log
file copy /var/log/stp_debug.log /var/tmp/stp_debug_backup.log

7.4 BPDU Packet Capture

When to Use: Port blocking issues, BPDU transmission failures, topology instability

Steps:

# Capture BPDU packets on specific interface
request packet-capture interface ge-0/0/0.0 count 100 file /var/tmp/bpdu_capture.pcap filter "(proto 89 or dst 01:80:c2:00:00:00)"

# Alternative: Capture with timeout
request packet-capture interface ge-0/0/0.0 count 200 file /var/tmp/bpdu_packets.pcap timeout 60 filter "proto 89"

# Wait for capture to complete

# Save file for analysis
file copy /var/tmp/bpdu_capture.pcap /var/tmp/bpdu_capture_backup.pcap

Analyze with Wireshark: - Filter: stp or rstp - Check BPDU root bridge ID in captured packets - Verify port roles in BPDU flags - Check BPDU interval timing

8. DIAGNOSTIC COMMANDS REFERENCE

View Spanning Tree Status

show spanning-tree bridge
show spanning-tree port
show spanning-tree brief
show spanning-tree interface [interface-name]

Check Configuration

show configuration protocols rstp
show configuration protocols mstp
show configuration interfaces | grep bridge

Monitor Statistics

show spanning-tree statistics
show spanning-tree statistics ge-0/0/0.0

Check Port Details

show spanning-tree port ge-0/0/0.0 detail
show spanning-tree port ge-0/0/0.0 statistics

MSTP Information

show spanning-tree mstp region-info
show spanning-tree mstp instance all
show spanning-tree mstp instance 1 port detail

Monitor in Real-time

monitor spanning-tree
monitor interface ge-0/0/0.0

Check for Errors

show interfaces errors
show log messages | match "STP\|BPDU"

9. COMMON ROOT CAUSES & SOLUTIONS

Problem	Root Cause	Solution
Slow Convergence	STP instead of RSTP	Enable RSTP: set protocols rstp
Slow Convergence	Forward Delay too high	Set lower delay (minimum 4s): set forward-delay 5
Port Blocking	Port cost higher than root path	Lower port cost: set ... port-cost 1000
Port Blocking	Port priority too high	Lower priority value: set ... priority 16
Port Blocking	No BPDUs received	Check port enabled, check cable, check remote switch STP
Multiple Roots	Bridge priority too high	Set lower priority: set bridge-priority 0
Multiple Roots	Priority not configured	Configure unique priorities on each bridge
TCN Storm	Interface flapping	Fix physical issue (see Interface Flap SOP)
TCN Storm	Loop in topology	Verify no duplicate connections in physical topology
MSTP Mismatch	Region name differs	Sync region name across all bridges in region
MSTP Mismatch	Revision number differs	Set same revision level on all bridges
MSTP Mismatch	Instance numbers differ	Configure same instance numbers on all bridges
High CPU	Excessive BPDU processing	Increase hello time: set hello-time 4
No BPDU Transmission	STP disabled on port	Enable bridge mode: set family bridge
No BPDU Transmission	Port disabled	Bring up port: delete interfaces ge-0/0/0 disable

10. ESCALATION CRITERIA

Escalate to JTAC if:

Multiple root bridges despite configuration corrections
Persistent TCN storms with no identifiable cause
STP not converging within expected time (>2 min RSTP, >60s STP)
MSTP regions unable to synchronize
Port stuck in blocking despite correct configuration
BPDU transmission failures on multiple ports
STP causing high CPU usage (>80%)
Topology instability affecting production traffic
Loops detected in network
Root bridge election failures

Provide JTAC with: - All diagnostic logs from Section 7 - BPDU capture files (pcap format) - Complete topology diagram - Configuration from all switches - Timeline of issue occurrence - Network changes preceding issue

11. CONFIGURATION VERIFICATION CHECKLIST

Before Declaring STP Operational:

☐ Root bridge correctly elected (lowest priority)
☐ All non-root bridges show exactly one root port
☐ Designated ports in Forwarding state
☐ Alternate/Backup ports in Blocking state
☐ All VLAN interfaces in bridge domain
☐ RSTP or STP enabled on all switches
☐ MSTP regions configured identically (if applicable)
☐ Port costs and priorities correctly set
☐ No BPDU transmission failures
☐ No excessive TCNs in logs
☐ Convergence time within specifications
☐ Network loop testing passed
☐ Edge ports configured on access ports
☐ BPDU Guard enabled where appropriate
☐ Root guard enabled on non-root bridges (optional)

12. REFERENCE DOCUMENTATION

Standards: - IEEE 802.1D (STP) - IEEE 802.1w (RSTP) - IEEE 802.1s (MSTP)

Juniper Publications: - Juniper EX Series Switching Configuration Guide - STP Best Practices - RSTP and MSTP Configuration Guide

Related Procedures: - Interface Troubleshooting SOP - VLAN Configuration SOP - Network Topology Verification

13. DOCUMENT HISTORY

Version	Date	Author	Changes
1.0	2026-06-12	Network Engineering	Initial creation

For Support: Contact Network Operations Center or JTAC
Document Owner: Network Engineering Team
Last Reviewed: June 12, 2026