Why MST (MSTP)?
Standard Rapid PVST+ runs one independent spanning tree instance per VLAN. In networks with 100 VLANs, that's 100 spanning tree instances running simultaneously:
VLAN 10 → Instance 1 → BPDUs every 2 seconds
VLAN 11 → Instance 2 → BPDUs every 2 seconds
VLAN 12 → Instance 3 → BPDUs every 2 seconds
...
VLAN 109 → Instance 100 → BPDUs every 2 seconds
─────────────────
400+ BPDUs per second
CPU consumption: significant
Configuration complexity: high
Multiple Spanning Tree (MSTP) consolidates multiple VLANs into a single spanning tree instance:
VLAN 10,11,12 → Instance 0 → BPDUs every 2 seconds
VLAN 20,21,22 → Instance 1 → BPDUs every 2 seconds
VLAN 30,31,32 → Instance 2 → BPDUs every 2 seconds
──────────────
Fewer BPDUs
Lower CPU
Simpler management
IEEE 802.1s (MSTP) is the standard that replaced 802.1w (RSTP) by adding multi-instance support. On Catalyst switches, it's called Cisco MSTP or "MST mode."
MST Concepts: Regions and Instances
MST Region: A set of switches with the same VLAN-to-instance mapping configuration. Switches in different regions (different MST configs) cannot share instances—they form an IST (Internal Spanning Tree).
MST Instance (MSTI): A logical spanning tree that carries traffic for multiple VLANs. Instance 0 is the IST (the instance that connects regions). Instances 1-15 are additional instances.
IST (Internal Spanning Tree): Instance 0, always present. Bridges region boundaries.
Example MSTP Design:
Campus Network (MSTP Region)
│
├─ Instance 0 (IST): VLANs 1, 99 (native/management)
│ Root: SW1
│
├─ Instance 1: VLANs 10,11,12 (Users)
│ Root: SW1
│
├─ Instance 2: VLANs 20,21,22 (Servers)
│ Root: SW2
│
└─ Instance 3: VLANs 30,31,32 (Management)
Root: SW1
Benefits:
- Only 4 spanning trees running instead of 32
- Different root per instance (load-balancing)
- Reduced BPDU traffic and CPU
- Simpler troubleshooting
Enabling MST Mode
First, enable MST globally:
SW1(config)# spanning-tree mode mst
SW1(config)# end
Verify:
SW1# show spanning-tree summary
Switch is in mst mode
All switches in the same MST region must have this command.
Configuring the MST Region
Once MST is enabled, configure the MST region to define VLAN-to-instance mapping:
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# name PingLabz-Campus
SW1(config-mst)# revision 1
SW1(config-mst)# instance 1 vlan 10,11,12
SW1(config-mst)# instance 2 vlan 20,21,22
SW1(config-mst)# instance 3 vlan 30,31,32
SW1(config-mst)# exit
SW1(config)# end
Explanation:
name PingLabz-Campus: Region name (must be same on all switches in region)revision 1: Configuration revision number (increments when changed)instance 1 vlan 10,11,12: Map VLANs 10, 11, 12 to instance 1instance 2 vlan 20,21,22: Map VLANs 20, 21, 22 to instance 2instance 3 vlan 30,31,32: Map VLANs 30, 31, 32 to instance 3
VLANs not explicitly mapped (1, 99) remain in Instance 0 (IST).
Verify Configuration
SW1# show spanning-tree mst configuration
Name [PingLabz-Campus]
Revision 1 Instances configured 4
Instance Vlans Mapped
------- --------
0 1, 99
1 10, 11, 12
2 20, 21, 22
3 30, 31, 32
Region Consistency: Critical Requirement
All switches in the same MST region must have identical:
- Region name
- Revision number
- VLAN-to-instance mapping
If any switch has a different MST config, it operates in a different region and uses IST (Instance 0 only) to interact with the other region.
Correct Configuration (All Switches in Region):
SW1:
name PingLabz-Campus
revision 1
instance 1 vlan 10,11,12
instance 2 vlan 20,21,22
SW2:
name PingLabz-Campus ← SAME name
revision 1 ← SAME revision
instance 1 vlan 10,11,12 ← SAME mapping
instance 2 vlan 20,21,22
SW3:
name PingLabz-Campus ← SAME name
revision 1 ← SAME revision
instance 1 vlan 10,11,12 ← SAME mapping
instance 2 vlan 20,21,22
Wrong Configuration (Creates Region boundary):
SW4:
name PingLabz-Campus
revision 1
instance 1 vlan 10,11,12
instance 2 vlan 20,21,22
instance 4 vlan 40,41,42 ← DIFFERENT—creates region boundary
SW4 is in a different region. Instances 1 and 2 are not shared with SW1-SW3.
Configuring MST Root Bridge
After region config is complete, configure the root bridge per instance:
SW1(config)# spanning-tree mst 0 root primary
SW1(config)# spanning-tree mst 1 root primary
SW1(config)# spanning-tree mst 2 root primary
SW1(config)# spanning-tree mst 3 root primary
SW1(config)# end
This makes SW1 the root bridge for instances 0, 1, 2, and 3.
Configure a backup root on SW2:
SW2(config)# spanning-tree mst 0 root secondary
SW2(config)# spanning-tree mst 1 root secondary
SW2(config)# spanning-tree mst 2 root secondary
SW2(config)# spanning-tree mst 3 root secondary
SW2(config)# end
Verify MST Root
SW1# show spanning-tree mst
##### MST0 vlans mapped: 1, 99
Root ID Priority 0
MAC-address 0022.55a6.5801
Bridge ID Priority 0 (priority 0 sys-id-ext 0)
MAC-address 0022.55a6.5801
Timers: hello 2, forward delay 15, max-age 20, txholdcount 6
##### MST1 vlans mapped: 10, 11, 12
Root ID Priority 4096
MAC-address 0022.55a6.5801
Bridge ID Priority 4096 (priority 4096 sys-id-ext 0)
MAC-address 0022.55a6.5801
##### MST2 vlans mapped: 20, 21, 22
Root ID Priority 4096
MAC-address 0022.55a6.5801
Bridge ID Priority 4096 (priority 4096 sys-id-ext 0)
MAC-address 0022.55a6.5801
##### MST3 vlans mapped: 30, 31, 32
Root ID Priority 4096
MAC-address 0022.55a6.5801
Bridge ID Priority 4096 (priority 4096 sys-id-ext 0)
MAC-address 0022.55a6.5801
SW1 is root for all instances.
Load-Balancing with MST
A key advantage of MST is load-balancing across multiple uplinks. You can make different instances use different root ports:
Topology:
SW1 (Root MST0, MST1)
SW2 (Root MST2, MST3)
│
┌──┴──┐
│ │
Gi0 Gi1 (Two uplinks)
│ │
SW3 (Access)
Configuration on SW3:
SW3(config)# spanning-tree mode mst
SW3(config)# spanning-tree mst configuration
SW3(config-mst)# name PingLabz-Campus
SW3(config-mst)# revision 1
SW3(config-mst)# instance 1 vlan 10,11,12
SW3(config-mst)# instance 2 vlan 20,21,22
SW3(config-mst)# instance 3 vlan 30,31,32
SW3(config-mst)# exit
! Configure MST root to balance loads
SW3(config)# spanning-tree mst 0 priority 32768 ! Default
SW3(config)# spanning-tree mst 1 priority 32768 ! Default
SW3(config)# spanning-tree mst 2 priority 28672 ! Higher priority for root via SW2
SW3(config)# spanning-tree mst 3 priority 28672 ! Higher priority for root via SW2
SW3(config)# end
Result:
Instance 0 (IST) → Root port: Gi0 (toward SW1)
Instance 1 → Root port: Gi0 (toward SW1)
Instance 2 → Root port: Gi1 (toward SW2)
Instance 3 → Root port: Gi1 (toward SW2)
Gi0 carries traffic for instances 0,1
Gi1 carries traffic for instances 2,3
Load-balanced across both uplinks
Verify:
SW3# show spanning-tree mst brief
Port Role Sts Cost Prio.Nbr Type
Gi0 Root FWD 4 128.1 P2p (MST0, MST1)
Gi1 Altn BLK 4 128.2 P2p (MST2, MST3)
The show spanning-tree mst brief output is unclear, but the effect is that Gi0 is root port for instances where SW1 is root, and Gi1 is root port for instances where SW2 is root.
Check per-instance:
SW3# show spanning-tree mst 2
##### MST2 vlans mapped: 20, 21, 22
Root ID Priority 4096
MAC-address 0055.8844.2202
Bridge ID Priority 28672
MAC-address 0055.8844.2203
Role Sts Cost Prio.Nbr Type
Gi1 Root FWD 4 128.2 P2p
For MST2, Gi1 is the root port (toward SW2, the root for MST2).
Lab Configuration: Complete MST Example
Lab: SW1, SW2 (Distribution), SW3, SW4 (Access). VLANs 10, 20, 30, 99.
Step 1: All Switches—Enable MST Mode
SW1(config)# spanning-tree mode mst
SW1(config)# end
! Repeat for SW2, SW3, SW4
Step 2: All Switches—Configure MST Region (MUST BE IDENTICAL)
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# name PingLabz-Campus
SW1(config-mst)# revision 1
SW1(config-mst)# instance 1 vlan 10
SW1(config-mst)# instance 2 vlan 20
SW1(config-mst)# instance 3 vlan 30
SW1(config-mst)# exit
SW1(config)# end
! Repeat exactly on SW2, SW3, SW4
SW2(config)# spanning-tree mst configuration
SW2(config-mst)# name PingLabz-Campus
SW2(config-mst)# revision 1
SW2(config-mst)# instance 1 vlan 10
SW2(config-mst)# instance 2 vlan 20
SW2(config-mst)# instance 3 vlan 30
SW2(config-mst)# exit
SW2(config)# end
! (Repeat for SW3, SW4)
Step 3: SW1 (Primary Root)
SW1(config)# spanning-tree mst 0 root primary
SW1(config)# spanning-tree mst 1 root primary
SW1(config)# spanning-tree mst 2 root primary
SW1(config)# spanning-tree mst 3 root primary
SW1(config)# end
Step 4: SW2 (Secondary Root)
SW2(config)# spanning-tree mst 0 root secondary
SW2(config)# spanning-tree mst 1 root secondary
SW2(config)# spanning-tree mst 2 root secondary
SW2(config)# spanning-tree mst 3 root secondary
SW2(config)# end
Step 5: Access Switches—Configure Uplinks
SW3(config)# interface range GigabitEthernet 1/0/25-28
SW3(config-if-range)# spanning-tree link-type point-to-point
SW3(config-if-range)# spanning-tree guard root
SW3(config-if-range)# exit
! Configure PortFast on access ports
SW3(config)# interface range GigabitEthernet 1/0/1-24
SW3(config-if-range)# spanning-tree portfast
SW3(config-if-range)# spanning-tree bpduguard enable
SW3(config-if-range)# exit
SW3(config)# end
! Repeat for SW4
Step 6: Verification
On SW1:
SW1# show spanning-tree mst summary
Switch is in mst mode
Root bridge for MST0, MST1, MST2, MST3
MST Instances
Instance Vlans Mapped
0 1, 99
1 10
2 20
3 30
On SW3:
SW3# show spanning-tree mst
##### MST0 vlans mapped: 1, 99
Root ID Priority 0
MAC-address 0022.55a6.5801
Bridge ID Priority 32768
MAC-address 0055.8844.2203
Root port is Gi1/0/25 (cost 4)
##### MST1 vlans mapped: 10
Root ID Priority 4096
MAC-address 0022.55a6.5801
Bridge ID Priority 32768
MAC-address 0055.8844.2203
Root port is Gi1/0/25 (cost 4)
##### MST2 vlans mapped: 20
Root ID Priority 4096
MAC-address 0055.8844.2202
Bridge ID Priority 32768
MAC-address 0055.8844.2203
Root port is Gi1/0/26 (cost 4)
##### MST3 vlans mapped: 30
Root ID Priority 4096
MAC-address 0022.55a6.5801
Bridge ID Priority 32768
MAC-address 0055.8844.2203
Root port is Gi1/0/25 (cost 4)
SW3 has different root ports for different instances:
- MST0,1,3 → Gi1/0/25 (toward SW1)
- MST2 → Gi1/0/26 (toward SW2)
Perfect load-balancing.
Changing MST Configuration
If you need to add or modify VLAN-to-instance mapping, increment the revision number on all switches:
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# name PingLabz-Campus
SW1(config-mst)# revision 2 ← Increment
SW1(config-mst)# instance 1 vlan 10,11 ← Add VLAN 11
SW1(config-mst)# instance 2 vlan 20,21
SW1(config-mst)# instance 3 vlan 30,31
SW1(config-mst)# exit
SW1(config)# end
! Repeat on all switches in region with revision 2
Increment revision ensures all switches update simultaneously. Without incrementing, a switch might not recognize the change if it's still processing the previous revision.
Migration from Rapid PVST+ to MST
Converting from Rapid PVST+ to MST requires coordination:
Step 1: Plan Instance Mapping
Current PVST+ (100 VLAN instances):
VLAN 10,11,12,13 → Desired Instance 1
VLAN 20,21,22,23 → Desired Instance 2
VLAN 30,31,32,33 → Desired Instance 3
Step 2: Enable MST on All Switches (One at a Time)
! On SW1:
config t
spanning-tree mode mst
spanning-tree mst configuration
name PingLabz-Campus
revision 1
instance 1 vlan 10,11,12,13
instance 2 vlan 20,21,22,23
instance 3 vlan 30,31,32,33
exit
spanning-tree mst 0 root primary
spanning-tree mst 1 root primary
spanning-tree mst 2 root primary
spanning-tree mst 3 root primary
end
! Wait 60 seconds for convergence. Observe STP summary:
show spanning-tree mst summary
! Then move to SW2, then SW3, etc.
Step 3: Verify All Switches Are in Same Region
SW1# show spanning-tree mst configuration
Name [PingLabz-Campus]
Revision 1
Instances configured 4
Check on all switches to ensure name, revision, and instance mapping are identical.
Step 4: Monitor for Issues
After migration, monitor for:
- Unexpected topology changes
- Elevated CPU on switches
- Connectivity issues
Most Rapid PVST+ to MST migrations are transparent to users.
Verification Commands
Summary of MST Status
SW1# show spanning-tree mst summary
Switch is in mst mode
Root bridge for MST0, MST1, MST2
PortFast BPDU Guard: Enabled
PortFast Enabled: 24
MST Instances
Instance Vlans Mapped
0 1, 99
1 10, 11, 12
2 20, 21, 22
Detailed MST Information
SW1# show spanning-tree mst
##### MST0 vlans mapped: 1, 99
(detailed output for instance 0)
##### MST1 vlans mapped: 10, 11, 12
(detailed output for instance 1)
##### MST2 vlans mapped: 20, 21, 22
(detailed output for instance 2)
Check Interface MST Role
SW1# show spanning-tree mst interface GigabitEthernet 1/0/1
MST0 MST1 MST2
Role: Desg Role: Desg Role: Desg
Sts: FWD Sts: FWD Sts: FWD
Verify MST Configuration Matches Across Network
SW1# show spanning-tree mst configuration
Name [PingLabz-Campus]
Revision 1
! Copy this output and compare on SW2, SW3, SW4
! They MUST be identical
Common MST Mistakes
Mistake 1: Region Name Mismatch
Problem:
SW1:
name PingLabz-Campus
SW2:
name PingLabz-Campus-Distrib ← Different name!
SW1 and SW2 are in different regions. Spanning trees don't coordinate.
Fix: Use the same name on all switches:
SW2(config)# spanning-tree mst configuration
SW2(config-mst)# name PingLabz-Campus
Mistake 2: Revision Number Not Incremented After Change
Problem:
SW1:
revision 1
instance 1 vlan 10,11
SW1 then changed to:
revision 1 ← Forgot to increment!
instance 1 vlan 10,11,12 ← Added VLAN 12
Switches may not recognize the configuration change.
Fix: Always increment revision:
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# revision 2 ← Increment
SW1(config-mst)# instance 1 vlan 10,11,12
Mistake 3: Configuring Different Instances on Different Switches
Problem:
SW1:
instance 1 vlan 10,11,12
SW2:
instance 1 vlan 10 ← Different mapping!
instance 2 vlan 11,12
Instance 1 means different things on SW1 and SW2. VLAN 11 paths are inconsistent.
Fix: Copy region config to all switches identically:
! Generate on SW1, then copy to SW2, SW3, etc.
SW1# show spanning-tree mst configuration
! Copy entire config
SW2(config)# spanning-tree mst configuration
SW2(config-mst)# name PingLabz-Campus
SW2(config-mst)# revision 1
SW2(config-mst)# instance 1 vlan 10,11,12 ← Identical
SW2(config-mst)# instance 2 vlan 20,21,22
Mistake 4: Forgetting to Configure Root Bridge Per Instance
Problem:
SW1(config)# spanning-tree mode mst
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# name PingLabz-Campus
SW1(config-mst)# instance 1 vlan 10,11,12
SW1(config-mst)# exit
! Forgot to set root bridge!
Each instance elects its own root based on priority. Random switches become root for different instances.
Fix: Configure root after region config:
SW1(config)# spanning-tree mst 0 root primary
SW1(config)# spanning-tree mst 1 root primary
SW1(config)# spanning-tree mst 2 root primary
Mistake 5: Too Many Instances
Problem:
spanning-tree mst configuration
instance 1 vlan 10
instance 2 vlan 11
instance 3 vlan 12
...
instance 16 vlan 25 ← 16 instances (max is 15 instances + IST)
Only instances 0-15 exist. Instance 16 creates an error.
Fix: Consolidate VLANs into fewer instances:
instance 1 vlan 10,11,12 ← Multiple VLANs per instance
instance 2 vlan 20,21,22,23
instance 3 vlan 30,31,32,33
! Total: 4 instances (0,1,2,3) = well within limit
When to Use MST
Use MST if:
- Network has 50+ VLANs
- CPU utilization from STP is high (>30% on core switches)
- You want to load-balance traffic across multiple uplinks per instance
- You need simpler configuration (fewer instances to manage)
Stick with Rapid PVST+ if:
- Network has <20 VLANs
- CPU utilization is acceptable
- You prefer per-VLAN control
- You're familiar with PVST+ and comfortable with it
Do NOT use BPDU Filter with MST. Use BPDU Guard and Root Guard as in PVST+.
Troubleshooting MST Issues
Symptom: Unexpected Root Bridge Election
Cause: MST region configuration is inconsistent across network.
Investigation:
! On all switches, check region config
show spanning-tree mst configuration
! Compare Name, Revision, and VLAN mappings
! They MUST be identical
! If different, find the mismatched switch
! Bring it into compliance
Symptom: VLAN Forwarding on Wrong Port After MST Migration
Cause: Instance mapping is different than expected, or root bridge priorities are not set.
Investigation:
! Check current instance mapping
show spanning-tree mst configuration
! Check which instance carries the problematic VLAN
show spanning-tree mst | include "VLAN X"
! Check root bridge for that instance
show spanning-tree mst | grep "Root ID"
! Verify root bridges match plan
Symptom: High CPU After Enabling MST
Cause: Instances are reconverging due to region changes or inconsistent configs.
Investigation:
show processes cpu sorted
! Look for spanning-tree process CPU usage
! If high, wait 5-10 minutes for convergence
! Then check again
! If still high, verify MST config consistency
show spanning-tree mst configuration
What's Next
MST is the final major spanning tree configuration topic. Together, Articles 8-14 cover the complete STP/RSTP/MSTP configuration and protection features needed for modern campus and data center networks. Proper STP design includes root bridge selection (Article 8), Rapid PVST+ or MST mode (Article 9 and 14), edge port configuration (Article 10), BPDU Guard on access ports (Article 11), Root Guard and Loop Guard on uplinks (Article 12), and avoiding dangerous features like per-interface BPDU Filter (Article 13).
The next article in the series (Article 15) will cover advanced topics: STP interaction with FHRP protocols (HSRP, VRRP, GLBP), STP timers and optimization, and design best practices for large-scale networks.