Network Access Intermediate

Rapid STP & MSTP

Why classic 802.1D STP's 50-second convergence is unacceptable in 2026, and how RSTP and MSTP fix it — port roles, port states, sync mechanism, MST regions and instances.

TL;DR

Classic STP (802.1D) takes ~50 seconds to converge — unacceptable for VoIP/video. RSTP (802.1w) converges in 1-2 seconds using a sync handshake.
RSTP keeps the same loop-prevention idea but adds new port roles (Alternate, Backup) and merges port states (Discarding replaces Listening+Blocking).
MSTP (802.1s) groups VLANs into instances — instead of one STP per VLAN (PVST+), you have a few instances each covering many VLANs. Massively more scalable.

SW1 is elected root. SW2's and SW3's best paths point toward it. The direct SW2↔SW3 link gets blocked to prevent a loop.

Mental model

Classic 802.1D Spanning Tree (covered in Spanning Tree) prevents Layer-2 loops by blocking redundant links. It works — but it converges slowly:

Blocking     → Listening    → Learning    → Forwarding
   ↑ 20 s        ↑ 15 s          ↑ 15 s

Topology change → 30 seconds at minimum, often 50 seconds, before traffic flows. VoIP drops calls. Video stutters. Cloud apps reconnect. Unacceptable for modern networks.

RSTP (802.1w, 2001) keeps the loop-prevention math but reorganizes the state machine for fast convergence — typically 1-2 seconds, sub-second in trim topologies.

MSTP (802.1s, 2002) layers on top: it adds multi-instance support so you can have many VLANs share a small number of STP instances instead of running PVST+ (one STP per VLAN — which doesn’t scale beyond ~250 VLANs on most platforms).

Cisco gear runs PVST+ and Rapid-PVST+ (Cisco-flavored Per-VLAN STP) and MSTP (standards). In modern Cisco shops, Rapid-PVST+ is the default for small/mid deployments; MSTP is used in service-provider and very large enterprise.

RSTP — what changed

Port roles

Classic STP had four roles: Root, Designated, Blocking, Disabled. RSTP keeps Root and Designated and replaces the “blocking” idea with two more precise roles:

Role	What it means
Root	Best path to the Root Bridge. Same as in STP.
Designated	Best path to a segment, owned by this bridge. Forwarding.
Alternate	Has a fallback path to the Root. Not forwarding. Knows of a better Root port — ready to take over instantly.
Backup	Backup for the designated port on the same segment (only happens with bridges that have two ports in the same segment, e.g., a hub). Rare.

The key innovation is Alternate. RSTP has already pre-computed the next-best path; failover is just “promote Alternate → Root.” No timers, no recalculation.

Port states — only three

Classic STP had Blocking, Listening, Learning, Forwarding, Disabled (5 states). RSTP collapses them:

RSTP state	Forwards data?	Learns MAC?
Discarding	No	No
Learning	No	Yes
Forwarding	Yes	Yes

Blocking + Listening + Disabled all merged into Discarding.

Edge ports (PortFast)

RSTP formalizes the concept of an “edge port” — a port that connects to a host, not another switch. Edge ports skip the STP state machine entirely and go straight to Forwarding.

In Cisco IOS:

SW1(config-if)# spanning-tree portfast              ! single-port edge
SW1(config)# spanning-tree portfast default         ! all access ports are edge by default

If a switch BPDU arrives on an edge port, RSTP demotes it back to a normal port — protecting against loops if you accidentally cable two switches at an “edge” port. (Pair with BPDU Guard for hard error-disable — see BPDU Guard / Root Guard.)

Proposal / Agreement — the sync mechanism

When a new link comes up between two RSTP bridges, both could potentially carry traffic — but the bridge doesn’t know which side is closer to the root. Instead of waiting for timers, RSTP uses a proposal/agreement handshake:

Bridge A sends a Proposal BPDU on the new link: “I want this to be my designated port.”
Bridge B receives it, checks: am I better positioned? If A is closer to root, B agrees — but first syncs by temporarily Discarding on its other non-edge ports (to prevent a transient loop) — then sends Agreement.
Bridge A puts the link into Forwarding.
B then propagates the same sync down its tree — fast, hop-by-hop.

Total convergence on a new link: hundreds of milliseconds to a couple of seconds, vs 30-50 seconds for legacy STP.

Configuration on Cisco

Cisco’s PVST+ runs one STP instance per VLAN. Rapid-PVST+ is the same but uses RSTP per VLAN:

SW1(config)# spanning-tree mode rapid-pvst

That’s it. No per-port changes needed for basic RSTP. All the role/state benefits kick in immediately.

MSTP — STP for many VLANs

PVST+ becomes painful at 100+ VLANs — one STP instance per VLAN means 100 separate calculations, 100 BPDU streams on every trunk. CPU and memory hit becomes real.

MSTP (802.1s) groups VLANs into a small number of instances. Instead of 100 STP processes, you might run 4 — one per “VLAN class.” Each instance has its own root, port states, etc.

MST regions

All switches that share the same region name + revision + VLAN-to-instance mapping are in the same MST region. Inside the region, MSTP runs its full multi-instance logic. Between regions, MSTP looks like a single instance to legacy STP — so multi-vendor and legacy switches see one consistent STP world.

SW1(config)# spanning-tree mode mst
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# name CAMPUS-A
SW1(config-mst)# revision 1
SW1(config-mst)# instance 1 vlan 10-99
SW1(config-mst)# instance 2 vlan 100-199
SW1(config-mst)# instance 3 vlan 200-299
SW1(config-mst)# end

Every switch in the region must have identical config (name + revision + mapping). One wrong character and the switch falls out of the region.

Why use MSTP

Two big wins:

Scale. 1000 VLANs → 4 instances instead of 1000 STP processes.
Traffic engineering. Make instance 1 use one set of trunks as primary, instance 2 use a different set. Both run active simultaneously. Real link-load balancing across redundant uplinks.

Cisco-only shops often stick with Rapid-PVST+ — simpler. MSTP is mandatory in multi-vendor environments and in very dense enterprise with 200+ VLANs.

Quick comparison

Aspect	STP (802.1D)	RSTP (802.1w)	MSTP (802.1s)
Convergence	30-50 s	1-2 s (sub-second possible)	Same as RSTP
Port roles	Root, Designated, Blocking, Disabled	Root, Designated, Alternate, Backup	Same as RSTP
Port states	5 (Blocking, Listening, Learning, Forwarding, Disabled)	3 (Discarding, Learning, Forwarding)	Same as RSTP
Per-VLAN	No (one tree for all)	No (or per-VLAN in Cisco PVST+)	Many VLANs share one instance
Multi-vendor friendly	Yes	Yes	Yes (the standard)
Cisco default	n/a	rapid-pvst is the modern default	Used at scale / multi-vendor

RSTP-specific Cisco features

These are commonly tested as a layer on top of RSTP:

PortFast — edge port, skip the state machine on link-up.
BPDU Guard — if a PortFast port ever receives a BPDU, err-disable it. Hard loop prevention. (See BPDU Guard / Root Guard.)
BPDU Filter — silently drop BPDUs on a port (rare, use with extreme caution).
Root Guard — prevent an unexpected switch from claiming Root.
Loop Guard — prevent unidirectional link failures from incorrectly transitioning a port to Forwarding.
UDLD — unidirectional link detection at L1/L2 — pairs with Loop Guard.

Verification

SW1# show spanning-tree summary
Switch is in rapid-pvst mode
...

SW1# show spanning-tree vlan 10
VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     001a.2b3c.4d5e
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Interface       Role Sts Cost      Prio.Nbr Type
  --------------- ---- --- --------- -------- --------------------
  Gi1/0/1         Desg FWD 4         128.1    P2p
  Gi1/0/2         Desg FWD 4         128.2    P2p Edge
  Gi1/0/24        Root FWD 4         128.24   P2p

SW1# show spanning-tree mst
SW1# show spanning-tree mst configuration
SW1# show spanning-tree mst 1 detail

The Type column tells you the link is P2p (point-to-point — full duplex switch-switch — RSTP can use fast handshake) vs Shared (half-duplex hub-style — must use the slow path).

Common mistakes

Leaving the default pvst mode. You’re running classic 802.1D per VLAN — slow convergence. Change to rapid-pvst immediately.
PortFast on a switch-to-switch link. If anything other than a host plugs in, you’ve created a 1-second loop window. Pair with BPDU Guard always.
Mismatched MST configuration across the region. A typo in name, mismatched revision, or different VLAN-to-instance mapping → the switch falls out of the region, all its VLANs go to instance 0. Diagnose with show spanning-tree mst configuration digest.
Manual port priority instead of using bridge priority. New engineers tweak per-port priority to “fix” STP. Almost always wrong — the right tool is bridge priority on the right bridges (root and secondary root).
No backup root. Root bridge fails → tree rebuilds, but a secondary root that wasn’t pre-elected means slow re-election. Set spanning-tree vlan X root primary and root secondary on two bridges.
Mixing PVST+ and Rapid-PVST+ across switches. Mostly works (they fall back to common STP) but loses Rapid benefits. Standardize.
Forgetting half-duplex links revert to “Shared” type. RSTP can’t use proposal/agreement on a shared link → slow convergence on that segment. Always run full-duplex.

Lab to try tonight

Three switches in a triangle. All RPVST+: spanning-tree mode rapid-pvst.
Identify the Root — usually the one with the lowest MAC unless you’ve set priority.
Make SW1 root with spanning-tree vlan 1 priority 4096. Make SW2 secondary with priority 8192.
show spanning-tree vlan 1 — observe port roles (Root, Designated, Alternate).
Shut down the link between SW2 and SW3. Time the convergence — ping should drop 1-2 packets, not 30+.
Unshut. Watch traffic shift back almost instantly.
Set up an end host on a switch port. spanning-tree portfast on that port — interface comes up to forwarding instantly.
Bonus: convert all switches to MST. Region LAB, revision 1, map VLANs 10-19 to instance 1 and VLANs 20-29 to instance 2. Set SW1 as root for instance 1 and SW2 as root for instance 2 → independent active paths simultaneously.

Cheat strip

Concept	Plain English
STP (802.1D)	Original. 30-50 s convergence. Obsolete
RSTP (802.1w)	Rapid. 1-2 s convergence. Default in any modern Cisco shop
MSTP (802.1s)	Groups VLANs into a few STP instances. Scales to 1000s of VLANs
Rapid-PVST+	Cisco’s RSTP-per-VLAN. `spanning-tree mode rapid-pvst`
Alternate port	RSTP’s “pre-computed backup root path” — instant failover
Discarding	RSTP’s merger of Blocking + Listening + Disabled
Edge port (PortFast)	Skip state machine for host-facing ports
Proposal / Agreement	The handshake that achieves fast convergence on new links
MST region	Switches sharing name + revision + VLAN mapping. Identical config required
MST instance	An independent STP topology covering a group of VLANs
Bridge priority	Tune this to deliberately elect a Root and Secondary — never leave to chance
Pair with BPDU Guard	PortFast without BPDU Guard is a loop waiting to happen

← Previous topic

Wi-Fi 6, 6E, and 7 Features

What changed in 802.11ax (Wi-Fi 6), 6 GHz extension (6E), and 802.11be (Wi-Fi 7) — OFDMA, MU-MIMO, target wake time, 6 GHz spectrum, MLO, and what each one actually means for users.

Next topic →

OSPF Single-Area

Definitive CCNA-level OSPF guide — link-state mental model, seven neighbor states, LSA types, DR/BDR election, cost tuning, authentication, route summarization, common debug patterns, and 8 worked scenarios.

Master this on a real network

Want this drilled into reflex?

1:1 weekly sessions, live feedback on your labs, and US interview prep — built around the CCNA® exam blueprint. Free first session. No card on file until you decide.

Claim my free session →

One topic per email, every fortnight

VLANs, OSPF, ACLs, subnetting, automation — written like this. Unsubscribe in one click.

We respect your inbox. One email per week, max. Unsubscribe any time.