Switching, Routing, and Why STP Exists

Modern networks use two forwarding models: routing (Layer 3) and switching (Layer 2).

Routers maintain routing tables and use protocols to compute efficient paths between networks. Ethernet switching takes a different approach: fast, inexpensive connectivity inside a local network.

Instead of calculating paths, switches rely on MAC learning. When a frame arrives, the switch records the source MAC address and the port it arrived on, building a forwarding table.

If the destination is known, the frame goes directly to that port. If it is unknown, the switch floods the frame to all other ports.

This makes switching extremely fast, but switches have no understanding of network topology, which creates a serious problem when redundant links exist.

STP forces the network to behave like a loop-free tree even when redundant links exist. It does this using control messages called Bridge Protocol Data Units (BPDUs).

Switches elect a Root Bridge as the reference point for the Layer-2 topology. Each switch then calculates its lowest-cost path to the root.

If BPDUs arrive from multiple directions, the switch keeps the best path and places the remaining ports into a blocking state, physically connected but not forwarding frames.

This creates a loop-free topology while preserving redundant links for failover.

Modern networks use Rapid Spanning Tree (RSTP), which converges much faster when topology changes occur. In effect, STP provides a form of “routing-lite” for switching, ensuring traffic follows a single safe path through the Layer-2 network.

RSTP includes a feature called STP Edge, designed for ports connected to endpoint devices rather than other switches.

When STP Edge is enabled, the port immediately enters the forwarding state and skips topology recalculations. This prevents dual-homed devices from triggering unnecessary topology convergence events.

The tradeoff is that STP Edge assumes the connected device is not part of the switching topology. If an unmanaged switch or bridge is accidentally connected, the system won't be able to mitigate a real loop.

For this reason, STP Edge is paired with BPDU Guard. If a BPDU is received on an STP Edge port, the port is immediately disabled.

For any port connected to a known endpoint, PCs, IoT devices, or other client devices, confirm that STP Edge and BPDU Guard are active. This prevents dual-homed devices from triggering unnecessary topology recalculations and protects the network if an unmanaged switch is accidentally connected.

Designate a stable, centrally located switch as the Root Bridge by assigning it the lowest STP priority. Assign progressively higher priority values to each subsequent downstream tier (aggregation/distribution, then access), ensuring that all switches within the same tier use the same priority value.

This approach provides deterministic path selection, stable convergence behavior, and prevents an access-layer switch from unexpectedly becoming the root.