Mastering Office LAN Topology: From Switches to STP and VLAN Solutions

How does the topology form?

In an office each desk usually has a network port, resulting in dozens or hundreds of ports per floor. A single switch is insufficient, so multiple switches are interconnected, creating a more complex topology.

When two switches are connected, they form three LAN segments. If a host (Machine 1) only knows the IP of another host (Machine 4), it must broadcast an ARP request to discover the MAC address.

Switch A initially knows no topology, so it forwards the broadcast out all ports except the one it arrived on, causing other hosts (Machine 3) to receive the request. Switch B does the same, forwarding the broadcast to its third LAN where Machines 4 and 5 receive it. Machine 4 replies with its MAC, completing the ARP exchange.

Through this process both switches learn that Machine 1 is on the left port, improving future forwarding decisions.

How to solve common loop problems?

As the number of switches grows, the network can develop loops. When two switches connect the same LANs, broadcast frames can circulate endlessly, causing broadcast storms and network congestion.

In a loop, an ARP broadcast from Machine 1 reaches both Switch A and Switch B, each forwards it to the other LAN, and the packet keeps circulating, causing repeated learning and confusion about the source port.

To break the loop, a protocol such as STP (Spanning Tree Protocol) is required.

Hard-to-understand concepts in STP

STP is based on the graph theory concept of a minimum spanning tree, turning a network graph with loops into a loop‑free tree.

Root Bridge – the “master” switch at the top of the tree.

Designated Bridge – a “branch” switch that forwards traffic toward the root.

Bridge Protocol Data Unit (BPDU) – messages exchanged between switches to compare their “strength” (priority).

Priority Vector – a set of values (Root Bridge ID, Root Path Cost, Bridge ID, Port ID) used to decide which bridge wins.

How does STP work?

Initially every switch assumes it is the root and generates BPDUs containing its ID and priority. Switches compare received BPDUs; the one with the lowest priority becomes the Root Bridge, and others become Designated Bridges or non‑designated ports.

The process proceeds through four scenarios:

Scenario 1: Root meets root

When two root candidates meet, the one with the lower priority wins and the other becomes a non‑root.

Scenario 2: Same branch meets

If a root encounters one of its own designated switches, the network detects a loop and re‑evaluates the path costs, possibly promoting a designated switch to a new root for that segment.

Scenario 3: Root meets another branch’s member

A root may absorb a member from another branch if that member’s path to the root is shorter, causing a re‑assignment of hierarchy.

Scenario 4: Different branch members meet

When members from different branches meet, the one with the better path to the root wins, and the other joins its tree, eventually forming a single spanning tree.

How to solve broadcast and security issues?

With many switches, broadcast traffic can overwhelm the network and expose sensitive data. Physical isolation (separate switches per department) or virtual isolation using VLANs can segment traffic.

VLAN tags (12‑bit IDs) allow up to 4096 virtual LANs on a single switch. Only ports belonging to the same VLAN forward each other’s frames, eliminating unnecessary broadcasts.

Trunk ports on VLAN‑aware switches carry traffic for all VLANs between switches, while access ports are assigned to a specific VLAN (e.g., VLAN 10 for developers, VLAN 20 for HR, VLAN 30 for finance).

Summary

When many switches are present, loops cause broadcast storms; STP eliminates loops by forming a spanning tree.

VLANs provide logical isolation, solving broadcast overload and security concerns in larger LANs.