STP prioritize port priority over System-Mac-Address in my project.

eitanbenari4 · ‎01-25-2025

Root bridge is IOU1

i executed this script on the kali machine. after it the egress port to the root transitioned to the alternative state, despite the lower mac address of the Root-bridge. CHAT said its becuase of a lower port priority, but from what i know, port priority only comes after mac address.

eitanbenari4 · ‎01-25-2025

MHM Cisco World · ‎01-26-2025

There is no loop so no need any port to become Alt BLK

Try use other program gns3 iosl2 is bad

MHM

eitanbenari4 · ‎01-26-2025

Usually yes but I told the switch the the root bridge is near me. In situations like that the sw can decline receiving the information and block the port

Devaa · ‎01-26-2025

"In situations like that the sw can decline receiving the information and block the port "

For that, we should enable BPDU Guard in those ports.

interface Ethernet0/2
 spanning-tree bpduguard enable
end

vishalbhandari · ‎01-26-2025

@eitanbenari4 The egress port transitioning to the alternate state despite the Root Bridge having a lower MAC address is likely due to the port priority value being lower on the active port. You’re correct that MAC address comes into play, but only after port priority is compared. In Spanning Tree Protocol (STP), the decision hierarchy is: root priority -> root MAC address -> port priority -> port ID. If the port priority on one port is lower, it will take precedence, even if the Root Bridge MAC address favors another port.

eitanbenari4 · ‎01-26-2025

Yeah because i know the order, I thought that the source mac address(l2 header) should turn the table in the root bridge favor over the kali

paul driver · ‎01-26-2025

Hello
Alternate state - so you have dual connection towards the root switch correct?
the stp port-priority is received in the bpdu so if the port priority is changed on the opposite side of the link stp on the receiving port will choose the lowest port value for forwarding state and put its the other link into an alternate/blocking state

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Devaa · ‎01-26-2025

In your Kali BPDU, the root mac and bridge mac is same. So, there is a tie in Bridge mac, hence it goes to next tiebreaker Port ID, which is least via Kali port Et0/2 in IOU3 when compared to Et0/0.

This is something like connecting IOU3 E0/2 to IOU1 E0/1 (set port-priority to 0)

eitanbenari4 · ‎01-26-2025

the bridge mac and root mac are the same in bpdu values but you can also see the source mac address is different. Non root switch simply forward the root bridge configuration bpdu so those values are always the same.

eitanbenari4 · ‎01-26-2025

I know it's because of the port priority because I played with it and saw it affected the calculation, but I feel like the source mac address also should have an affect. I now understand that from the sw perspective it's talking to the same sw so it's looking at port priority and port id

Devaa · ‎01-26-2025

For election purpose, it uses the Bridge MAC in BPDU, not in L2 Src mac.

You can use below cmd to check that.

show spanning-tree interface e0/2 detail

Also, Not sure, which version of switch image you use. I tested with 15.2, if the bridge mac and L2 source mac are not same, the switch don't care about that bpdu. I had to match src mac to be root mac for the switch to receive that BPDU. I added below line in the code for that.

packet[0].src=packet[0].rootmac

eitanbenari4 · ‎01-26-2025

I'm not sure why, I read it may depend on the vendor

eitanbenari4 · ‎01-26-2025

About the fact that stp doesn't use 2 layer info, it might be true I need to check it

eitanbenari4 · ‎01-26-2025

Ok so source mac address how can that be equal to bridge Mac address value in the bpdu if it can't be modified by anyone besided root bridge