It came up very briefly at work today why the STP bridge priority must be a multiple of 4096 so I thought I would post my response on here.

There was only 2 fields in the original STP Bridge ID this was a 2 byte priority which allowed any value for the priority to be set from 0 to 65,535, followed by 6 bytes for the MAC address for those tie breaker situations.

But when multiple spanning trees instances started to appear on networks due to technologies such as PVST+ and MST this caused the switch to have a single BID for all the VLANs as it could not differentiate between the VLANs. So switch vendors like Cisco used a unique MAC address for each VLAN, but this caused a wastage of MAC addresses as each switch could have to reserve up to 4094 addresses if non standard VLANs were used (Im sure there must have been a limit to the amount each switch could reserve, but this was before my time so I don’t have any practical information on this).

Therefore to prevent the overuse of the MAC addresses they turned the 2 bytes which was used in the priority field of the Bridge ID into a 4 bit priority and used the remaining 12 bits for the vlan, the extra information which is used to carry the VLAN number is called the Extended System ID, and this process is sometimes called MAC address reduction as it reduces the number of reserved MAC addresses needed. The 12 bits of extra VLAN information allows support for 4096 VLANs, so there is full support for extended range VLANs. Therefore because of the use of the Extended System ID in the Bridge ID, there is only the first 4 bits of the original 2 byte number to be used for the bridge priority so it only allows multiplies of 4096.

VLANs numbered 1 to 1005 are considered “normal” and ones higher than this are considered extended (VLANs 1006 to 4094). These VLANs cannot be stored in the vlan.dat file which resides in flash as standard range VLANs are, instead they are only stored in the running config. The switch must also be in VTP transparent mode as these VLANs cannot be sent in VTP updates.

VLAN Numbers Summary

VLAN 0 is reserved and not available for use

VLAN 1 is the default  VLAN on all Cisco Switches, the VLAN cant be deleted or changed, its not advertised by VTP as it does not need to be as its a default and cant be removed/changed

VLANs 2 to 1001 Normal range VLANs for allocation

VLANs 1002 to 1005 are used for FDDI and TR translational bridging and shouldn’t be used for anything other than these purposes, they are also not advertised by VTP

VLANs 1006 to 4094 are extended range VLANs which cant be advertised by VTP and the switch must be configured in VTP transparent mode.

Its also an interesting point that when a switch starts up it checks the VTP mode and domain name from the startup-config and vlan.dat file, if they are different it ignores the startup-config and only uses the vlan.dat file