Spanning Tree Protocol (STP) stops the loops from forming on an Ethernet LAN. By preventing the loops from forming, it saves an Ethernet LAN from the broadcast storms, MAC table instability, and multiple frame transmission, by putting the ports in forwards or blocking state. STP does not change any other configuration of the interface, it just adds this additional information. Interfaces in the forwarding state work as normal, whereas the interfaces in the blocking state do not process any frames, except some overhead messages. The blocked interfaces do not even learn the MAC addresses of the received frames.
Though it seems very simple to implement, it can encounter various problems that stop STP from working as intended. Majority problems are related to hardware failures, misconfigurations, and cabling problems. There can also be some software issues but the chances of their occurrence are very rare. An overloaded CPU can also disrupt the functioning of STP. STP assumes that the links over a bridge are bidirectional, but sometimes the link is unidirectional and it does not forward the STP packet to the downstream devices therefore STP obstructs the working of STP. When troubleshooting STP, first of all, verify the type of spanning tree protocol configured on the device and also the network topology by using the show spanning-tree detail or the show spanning-tree summary totals command, among others. Data loops can form on an STP network whenever there is high CPU utilisation, high link utilisation, constant flapping, and MAC address relearning. To break a loop, we must shutdown or disconnect the ports involved in the loop. To verify the interfaces that are involved in the loops, we can check which interfaces with high link utilisation by using the show interface interface-type include rate command. To fix a loop, the switch must know the correct root port. For a given LAN, we can check it by using the show spanning-tree vlan vlan-id command. And it must also be ensured that the root port is identified properly by the root bridge. There can be a change in the network topology which can be verified by using the show spanning-tree vlan vlan-id detail command. Also make sure that the timers set on all the devices match, otherwise STP would fail. Root guard and BPDU (Bridge Protocol Data Unit) guard save STP form outside influence and they can be configured using the spanning-tree loopguard default command, and we can shut any ports which are receiving any BPDUs by using the spanning-tree bpduguard enable command. Whenever there is a change in the topology it must be kept in mind that the convergence and reconvergence of the STP take time, and it can take a long time whenever there is a misconfiguration, CPU overload, or a software defect. To secure a network against forwarding loops, we can enable unidirectional link detection (UDLD), we can also enable loop guard, and enable portfast on all end-station ports. Autonegotiation should not be disabled as this conveys remote fault information, which is the quickest way to detect a failure at the remote site.