← Back to NetLookup

Special MAC Addresses

Spanning Tree Protocol MAC Addresses

Special MAC addresses used by IEEE 802.1D Spanning Tree Protocol and variants

Standards

  • IEEE 802.1D - Spanning Tree Protocol (Original)
  • IEEE 802.1w - Rapid Spanning Tree Protocol (RSTP)
  • IEEE 802.1s - Multiple Spanning Tree Protocol (MSTP)

Address Range

01:80:C2:00:00:xx where xx defines the specific STP function

These are Bridge Reserved Addresses that switches must not forward.

STP MAC Addresses

Core STP Addresses

MAC AddressProtocolPurpose
01:80:C2:00:00:00STP/RSTPBridge Group Address
01:80:C2:00:00:01IEEE 802.3xPause Frames
01:80:C2:00:00:02IEEE 802.3Slow Protocols
01:80:C2:00:00:03IEEE 802.1XPort-based Authentication
01:80:C2:00:00:08Provider STPProvider Bridge Group
01:80:C2:00:00:0ELLDPLink Layer Discovery Protocol

Most Important: 01:80:C2:00:00:00

This is the primary STP MAC address used for:

  • Bridge Protocol Data Units (BPDUs)
  • Root bridge election
  • Loop prevention communication

How STP Works

The Problem: Switching Loops

Without STP, redundant switch connections create loops:

[Switch A] ─── [Switch B]
     |             |
     └─── [Switch C] ──┘

Result: Broadcast storm and MAC table instability

STP Solution

  1. Elect root bridge (lowest Bridge ID)
  2. Calculate shortest path to root from each switch
  3. Block redundant ports to eliminate loops
  4. Maintain one active path between any two switches

BPDU Communication

Switches send BPDUs to MAC address 01:80:C2:00:00:00:

  • Configuration BPDUs: Root bridge election and path calculation
  • Topology Change BPDUs: Network topology updates
  • TCN BPDUs: Topology change notifications

STP Variants

Original STP (IEEE 802.1D)

  • Convergence: 30-50 seconds
  • States: Disabled, Blocking, Listening, Learning, Forwarding
  • Timers: Hello (2s), Forward Delay (15s), Max Age (20s)

RSTP (IEEE 802.1w)

  • Convergence: Sub-second
  • States: Discarding, Learning, Forwarding
  • Port Roles: Root, Designated, Alternate, Backup
  • Faster convergence through improved BPDU handling

MSTP (IEEE 802.1s)

  • Multiple instances: Different VLANs can use different topologies
  • Load balancing: Traffic engineering across redundant paths
  • Regions: Groups of switches with same MSTP configuration

BPDU Frame Structure

Destination MAC

Always 01:80:C2:00:00:00 for standard STP

BPDU Contents

  • Root Bridge ID: Current root bridge
  • Root Path Cost: Cost to reach root
  • Bridge ID: Sending bridge identifier
  • Port ID: Sending port identifier
  • Timers: Hello, Forward Delay, Max Age

Network Behavior

Switch Processing

  1. Receive BPDU on 01:80:C2:00:00:00
  2. Process locally (never forwarded)
  3. Update STP state based on BPDU information
  4. Send own BPDUs with current information

Port States (RSTP)

  • Discarding: Not forwarding, learning, or relaying BPDUs
  • Learning: Not forwarding but building MAC table
  • Forwarding: Full operation - forwarding and learning

Troubleshooting STP

Common Issues

  • Loops: STP disabled or misconfigured
  • Slow convergence: Original STP in use instead of RSTP
  • Suboptimal paths: Incorrect root bridge selection
  • Flapping: Unstable network causing frequent topology changes

Debugging Commands

# Cisco
show spanning-tree
show spanning-tree interface gigabitethernet0/1
show spanning-tree root
show spanning-tree blockedports

# Monitor BPDUs
debug spanning-tree events

Wireshark Analysis

# Filter for STP BPDUs
stp

# Filter for specific STP MAC
eth.dst == 01:80:c2:00:00:00

Best Practices

Root Bridge Selection

  • Manually configure root bridge (don't rely on defaults)
  • Use lowest priority on desired root (priority 4096)
  • Configure secondary root for redundancy
  • Place root centrally in network topology

Network Design

  • Enable RSTP instead of legacy STP
  • Use PortFast on access ports (PCs, servers)
  • Configure BPDU Guard to protect against loops
  • Monitor topology changes

Configuration Example (Cisco)

# Configure primary root
spanning-tree vlan 1 root primary

# Configure secondary root  
spanning-tree vlan 1 root secondary

# Enable RSTP
spanning-tree mode rapid-pvst

# Configure access port
interface gigabitethernet0/24
 spanning-tree portfast
 spanning-tree bpduguard enable

Advanced Features

BPDU Guard

  • Shuts down port if BPDU received
  • Prevents accidental loops from connected switches
  • Use on access ports only

Root Guard

  • Prevents inferior BPDUs from becoming root
  • Protects root bridge selection
  • Use on designated ports

Loop Guard

  • Prevents alternate ports from becoming designated
  • Protects against unidirectional failures
  • Use on blocking/alternate ports

Modern Alternatives

Shortest Path Bridging (SPB)

  • IEEE 802.1aq
  • Uses IS-IS for path calculation
  • Allows multiple equal-cost paths

TRILL (TRansparent Interconnection of Lots of Links)

  • IETF standard
  • Layer 2 with Layer 3 routing benefits
  • Better utilization of redundant paths

Security Considerations

STP Attacks

  • Root bridge takeover: Attacker claims to be root
  • Topology manipulation: Malicious BPDUs change network topology
  • DoS attacks: Flood with topology change notifications

Protection Mechanisms

  • BPDU Guard: Shut down ports receiving unexpected BPDUs
  • Root Guard: Prevent root bridge hijacking
  • Authentication: 802.1X port authentication
  • Network segmentation: Limit STP domain scope

Related Standards

IEEE 802.1D - Spanning Tree Protocol

Original spanning tree specification defining the basic loop prevention algorithm.

IEEE 802.1w - Rapid Spanning Tree Protocol

Improved version with faster convergence and better port state management.

IEEE 802.1s - Multiple Spanning Tree Protocol

Extension allowing multiple spanning tree instances for load balancing.