Today I activated Wireshark on my computer’s network card. Next, I bridged my computer’s loopback adapter with my network card, to test out VRRP on virtual routers from different vendors. I never got to that, however, because I suddenly noticed STP frames being captured in Wireshark.
Since my computer is currently hooked up to a Cisco 3560 switch with all ports set to Portfast, my initial thought was that I misconfigured something on the switch, or I simply misinterpreted the whole Portfast concept. But then I noticed these frames originated from my computer’s MAC address. After checking the spanning-tree status on my switch I noticed it did no longer consider himself the root, but the computer!
The conclusion was simple: Windows participates in STP when a bridge is made between network connections. I did some Google searches but it seems that it’s something that isn’t really known as I found no useful results. The only relevant reference to this feature I found was in the Microsoft MSDN Library, and even there it’s just a line explaining the registry key to toggle the setting.
I find it positive that this is included in Windows, as it may prevent bridging loops from forming (in rare cases), but I’m left with questions. Since what version is it supported, and in which editions? I’m using Windows 7 Professional. My first guess is that it’s something new to either Vista or Windows 7, as people would have noticed this in Windows XP by now. I’m also not sure which Windows Server versions support this, but a calculated guess is that the 2008 version does. I may perform more tests later.
Either way, here you have it. I thought I’d share this information, might be useful to someone someday.
Greetings!
Reggle 
I find this very interesting and begin to wonder of the possible application for this in real world. One of my initial thoughts automatically wondered towards the possibility of creating etherchannel between servers and switches.
As far as I know Windows 7 is server-ready and perhaps the L2 feature has been implemented for this reason.
Anyone else care to take a stab at it?
In real-life this is a horror. When clients start acting as spanning-tree endpoints, this means they can also insert BPDU packets into the network thus triggering the root bridge to recalculate. Depending on configuration, this could lead to a network meltdown as the network is busy recalculating spanning-tree changes in stead of forwarding traffic.
Personally I would advise threating endpoints as endpoints and do not let them trigger any spanning-tree events. Only network devices should be able to sent out BPDU’s and change the network topology.
True. It shows why BPDU Guard functions are mandatory. Also, I did this by creating a loopback and bridging between it and the physical NIC. Another reason not to grant administrator rights to users. I’m also surprised that the bridge priority can’t be changed and doesn’t start at a lower priority to prevent mistakes from happening.
It is definitely supported in Windows XP, at least Pro SP2 (possibly earlier).
I just ran into this Until I run a physical cable to this room, I am using a Windows 7 Professional PC and bridging a Gigabit Wired NIC to an 802.11n Wireless NIC. The wired NIC is connected to a small unmanaged 5 port Gigabit switch. Today, I connected one of my 2 Cisco 2960s (CCNA/CCNP Lab) to the unmanaged switch so that I could connect to my switches via Wi-Fi and SSH. The other switch was trunked to that switch and both were assigned IP Addresses to VLAN 1.
I set them to use Rapid STP and then did a show spanning-tree. SW1 was not the root bridge. OK, I figured SW2 must be the root bridge as there are only 2 Cisco switches in the topology. So, I SSH into SW2 and its NOT the root bridge either. That’s odd. So, I run show mac address-table and the root bridge MAC is listed off Gi0/2 which is the port connected to my home network.
At this point, there are 3 possibilities:
1) The 5 port unmanaged switch
2) The MAC Bridge (Windows 7)
3) My Home Router’s Built-in Switch
Since neither 1 nor 3 would give me their MACs directly (had the W7 PC not been the culprit, I would have had to check it’s ARP cache to see which interface the MAC Address was off of – that is whether it was on the IF connected to my home router or the one connected to the unmanaged switch), the most obvious place to look was the Windows 7 PC. I Remote Desktop-ed in from my Laptop and opened a command prompt, ran ipconfig /all and wouldn’t you know it – the root bridge was in fact the Windows 7 PC. I never thought it would participate in STP, but it makes sense. Once you start bridging multiple interfaces you open up the possibility of switching loops, exactly what STP was created to prevent.
The STP Protocol has been in windows since windows 98 and above, it is more predominantly known about in the server version as it is used more in these architectures. As for your run of the mill windows versions you can add the protocol in your network settings, and do some configuring after the protocol is enabled. The Network will automatically use the lowest MAC address for root unless configured not to do so.