Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) is what replaced classic Spanning Tree (802.1D) on every Cisco switch shipped this century. The classical PVST+ implementation Cisco shipped before the rapid version is, to a first approximation, dead. If you are running a network in 2026 you are almost certainly running Rapid-PVST+ or MST, both of which inherit from RSTP. This post walks through what RSTP changed, the new port roles and states, the proposal/agreement handshake that gives RSTP its speed, and how to read the show output on Cisco IOS XE.
For the cluster overview, see the Spanning Tree Protocol pillar. For the L2 fundamentals RSTP sits on top of, see the VLAN and L2 switching pillar.
Why classic STP needed replacing
Classic 802.1D STP took up to 50 seconds to recover from a topology change. The slowdown came from two hard-coded timers: 20 seconds for max-age (waiting to see if the old root was really gone), and 30 seconds combined for the listening and learning states each port had to pass through before it could forward. On a modern switched network, 50 seconds of unreachability is unacceptable. Voice calls drop. TCP sessions reset. Users call the help desk.
RSTP rebuilt the FSM around active negotiation between switches instead of passive timer expiration. The result, in practice, is sub-second convergence on most topologies.
The four port roles
RSTP defines port roles, separate from port states. The roles describe what the port does in the topology; the states describe its current operational behavior.
| Role | Meaning | STP equivalent |
|---|---|---|
| Root | The port on this switch that points toward the root bridge along the lowest-cost path | Same concept in STP |
| Designated | The port elected as the forwarding path for a given segment (the "best port" on a segment) | Same concept in STP |
| Alternate | A port that offers an alternate path to the root if the root port fails. Discarding in steady state. | Did not exist in STP; this is the role that makes sub-second failover possible |
| Backup | A port that offers a backup path to a segment for which another local port is already Designated. Rare in modern topologies. | Did not exist in STP |
The Alternate role is what lets RSTP fail over fast. When the root port goes down, the Alternate immediately transitions to Root without waiting for a topology change recalculation across the whole network. The new path was already known; only the role-and-state transition is needed.
The three port states
RSTP collapses STP's five port states (Disabled, Blocking, Listening, Learning, Forwarding) into three.
| State | What it does | MAC learning? | Frame forwarding? |
|---|---|---|---|
| Discarding | Drops all frames except BPDUs | No | No |
| Learning | Drops frames but starts populating the MAC table | Yes | No |
| Forwarding | Normal operation | Yes | Yes |
The three RSTP states map cleanly to operational reality. Discarding is "I should not be forwarding here right now." Learning is the brief transitional state between Discarding and Forwarding. Forwarding is steady-state.
The proposal/agreement handshake
This is the mechanism that lets RSTP achieve sub-second convergence on point-to-point links. The full description in 802.1w is long; the operational reality is short.
When two switches connected by a point-to-point link first come up, the upstream switch (closer to the root) sets the Proposal bit in its BPDU and sends it. The downstream switch receives the proposal, syncs its other ports to Discarding (preventing loops), then replies with an Agreement BPDU. As soon as the upstream switch receives the agreement, both ends transition to Forwarding.
The handshake completes in low-millisecond time. Compare that to the 30 seconds classic STP took. The cost is that RSTP requires switches to identify links as point-to-point (which it does automatically based on duplex; full-duplex links are P2P, half-duplex are shared media).
Edge ports (PortFast, in Cisco terms)
RSTP introduces the concept of an "edge port": a port connected to an end host that will never participate in the spanning tree. Cisco's PortFast feature is the implementation. An edge port skips the proposal/agreement handshake entirely and goes straight to Forwarding when link comes up.
Enable it on every access port that connects to a host. Skipping this causes 30-second startup delays on PCs at boot, the original problem PortFast was created to solve back in classic-STP days.
interface GigabitEthernet1/0/5
switchport mode access
switchport access vlan 10
spanning-tree portfastTo enable PortFast by default on all access ports globally (recommended in modern designs):
spanning-tree portfast defaultThe matching protection is BPDU Guard. An edge port that receives a BPDU (someone plugged a switch into a user port) is shut down immediately:
spanning-tree portfast bpduguard defaultTopology Change Notifications: also simpler
Classic STP propagated topology changes via TCN BPDUs that bubbled up to the root, which then flooded a TC bit through the network. RSTP eliminates the bubble-up. When a switch detects a topology change (a non-edge port transitions to Forwarding or a Designated port goes down), it sets the TC bit on its outbound BPDUs for a fixed interval. Other switches receiving the TC bit flush their MAC tables for the affected VLAN. No round-trip to the root required.
Rapid-PVST+: Cisco's per-VLAN flavor
Cisco's default RSTP implementation is Rapid-PVST+ (Per-VLAN Spanning Tree Plus). It runs a separate RSTP instance per VLAN. Each VLAN can have a different root bridge. This is computationally heavier than the IEEE-standard 802.1w single-instance RSTP, but it lets you do per-VLAN load balancing (one VLAN's traffic takes one uplink, another VLAN's takes the other).
To enable Rapid-PVST+ on a Catalyst switch (this is the default on most modern IOS XE):
spanning-tree mode rapid-pvstIf you have a lot of VLANs (more than 50 or so) and care about CPU and BPDU bandwidth, MST (Multiple Spanning Tree, 802.1s) maps multiple VLANs to a single instance, dramatically reducing the per-instance overhead. MST is the choice for large environments.
Reading the show output
The most useful command on a steady-state network:
SW1# show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 0050.7989.aaaa
Cost 4
Port 25 (TenGigabitEthernet1/1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0050.7989.bbbb
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/1 Root FWD 4 128.25 P2p
Te1/1/2 Altn BLK 4 128.26 P2p
Gi1/0/5 Desg FWD 19 128.5 Edge P2pThree things to read off:
- Root ID vs Bridge ID. If they match, this switch is the root. If not, the Root ID tells you which switch the topology has elected.
- Role column. Root, Designated (Desg), Alternate (Altn), Backup. The pattern of roles tells you the active topology.
- Type column. "P2p" means RSTP is treating it as a point-to-point link (enables fast handshake). "Shr" means shared media (slow). "Edge" means it is an edge port (PortFast).
Common gotchas
| Symptom | Cause |
|---|---|
| Convergence is slow even though "RSTP" is configured | One end of a link is half-duplex. RSTP treats it as shared media (Shr), skipping the proposal/agreement handshake. |
| Access ports take 30 seconds to come up | PortFast not enabled. Add spanning-tree portfast default globally. |
| STP reconverges when a single host reboots | An access port without PortFast is registered as topology-change-generating. Add PortFast. |
| Different VLANs choose different root bridges, traffic takes weird paths | Rapid-PVST+ behavior. Either set deterministic root priorities per VLAN, or migrate to MST and group VLANs into instances. |
| BPDU Guard shutting down ports that should be edge | Probably correct, actually. Investigate why an edge port saw a BPDU before re-enabling. |
Key takeaways
RSTP replaced classic STP because 50-second convergence was no longer acceptable. The mechanisms that achieve sub-second recovery are the new Alternate port role (pre-computed backup path), the three-state model (Discarding, Learning, Forwarding), the proposal/agreement handshake on point-to-point links, and the elimination of the root-bubble-up for topology changes. Cisco's Rapid-PVST+ is RSTP per VLAN; MST is RSTP with VLAN-to-instance mapping for large environments. PortFast on every access port and BPDU Guard on the same ports are non-negotiable in modern designs.
For the STP cluster, see the Spanning Tree Protocol pillar.
