[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Root Bridge Election

Published on
11,454 Points
3 Endorsements
Last Modified:
This article is geared towards shedding more light on the underlying process in the election of a Root Bridge in a spanning tree instance, an issue that was raised in this question. I tried to break it down as much as possible for better understanding.

I hope this helps someone!

Root Bridge Election 1
Understanding might be helped if we use this chart:
    OPQR STUV WXYZ (let's call these columns)
A = 0013.8039.9500
B = 0013.80d7.d580
C = 0013.8030.5e80
D = 0013.80c7.9700

Open in new window

All MACs, in this example, start with 0013.80xx.xxxx, so columns O through T are the same. Based on the above values, all 4 switches are made by the same manufacturer, in this case, by Cisco. See http://standards.ieee.org/develop/regauth/oui/public.html for information about all manufacturers.

Hex number range
0 1 2 3 4 5 6 7 8 9 A B C D E F, with 0 being the least and F being the highest

The addresses start to change from column U. 3 is the lowest number in this column but 2 devices A and C have 3 in that column. This eliminates B and D as candidates for lowest MAC address.

0 is the lowest number in column V; we don't have to proceed since there is no tie any more.

C has the lowest MAC Address. Arranging the switches from lowest mac to highest mac, we will have
C = 0013.8030.5e80
A = 0013.8039.9500
D = 0013.80c7.9700 (C is lower than D in column U)
B = 0013.80d7.d580

Open in new window

The default rule for a root bridge if all devices have default priority (33768) is that the oldest device becomes the root bridge.

During production, manufacturers will assign MAC addresses chronologically just like you would assign numbers to your anything if you have multiple items, like your first car, second car, third car and so on. Cisco (identified by 0013.80) will have the first MAC address for that range as 0013.8000.0001.

The next device will be 0013.8000.0002, and the ninth device will be 0013.8000.0009. The tenth device would normally be 0013.8000.00010, but that exceeds four bits, so the "10" will therefore be replaced with A, making the tenth device 0013.8000.000A. The 11th device will be 0013.8000.000B, and the 15th device will be 0013.8000.000F.

15 is the maximum number when counting in hexadecimal, just like you would move from 9 to 10 in decimal, you would move from F to 10 in hexadecimal. So your16th device will be 0013.8000.0010 and so on.

The Default priority is 32768
For VLAN 1, the default priority will be default + VLAN number, or 32768 + 1 = 32769. For VLAN 2, 32768 + 2 = 32770, for VLAN 10, 32768 + 10 = 32778 and so on. You can then influence which device becomes the root bridge by lowering the priority for that device.

Spanning tree will go through the following checks to determine Root bridge.
1. Checks priority per VLAN. It then selects the device with the lowest priority. If there is a tie (that is, 2 devices having the same priority) Spanning tree will then skip to step 2
2. Selects the device with the lowest MAC address

Port Assignment
The Root bridge (Imagine it as King) has no restrictions on its port. It is honored by having all its ports in Designated (forwarding) state. Every other device will now decide which of its ports is closest to the root bridge.

Once they elect that port, they will identify it as the Root Port, meaning, "This port is the closest to the Root Bridge and we must use this port to connect to the Root Bridge." In essence, there will only be one Root Port per switch on the network except for the Root Bridge Switch.

There is NEVER a Root Port on a Root Bridge because it does not need to connect to itself.

Spanning tree sends probes into the network to determine loops and it is also used in the election of a Root Bridge. Every switch, when turned on, assumes it is the root bridge (per VLAN) until it receives a BPDU (Bridge Protocol Data Unit) from another switch and finds out that the other device either has a lower priority or a lower MAC address than itself. It then freely submits to that switch. If it receives another BPDU from another device that has even a lower priority or MAC address than the previous switch it had assigned as its Root Bridge, it automatically replaces the old switch and makes the new switch the Root Bridge.

This is done per VLAN.

Every Switch sends out BPDUs to announce itself to other switches on the network and also inspect other BPDUs it finds. A switch never expects to receive its own BPDU (by default as the BPDU would not return the way it went out. If however, a switch sees its own BPDU, it knows there is redundancy set up somewhere which potentially can cause a loop.

It will then determine which of the redundant connections it needs to block if it is the "Highest switch in the pile" based on priority or MAC address.

Root Bridge Election 2
LVL 18

Author Comment


I answered a question about this and decided to put it up as an article in case someone else has similar questions.

I plan to follow it up with another article.

Not too many people understand the underlying theory behind most device processes. Articles like this will eliminate trivial questions
LVL 18

Author Comment

Works for me

Administrative Comment

by:Eric AKA Netminder

Congratulations! Your article has now been published.

Page Editor
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.


Expert Comment

by:Sandeep Udgirkar
Great Article. Understood it in one reading.
LVL 25

Expert Comment

Only two things I would note.

You write
"The default rule for a root bridge if all devices have default priority (33768) is that the oldest device becomes the root bridge"

You correctly say 32768 later, but just so there's not confusion I would correct that mistype.

Also, I would note that what you are describing is PVST.  802.1D, CST, is a single STP instance per device, NOT per vlan.  standards based doesn't do per vlan.  The closest is MST.  PVST is Cisco specific.
LVL 18

Author Comment

Yes, the 33768 was a typo
Thanks for the observation.

Featured Post

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month