STP portfast with a switch and transparent PIX

Unanswered Question

Thanks to all, I appreciate your input. This is the situation, I have an environment with 2 PIX's in transparent mode active/stdby connected to a 6500 on the inside and a 2950 in the outside, what is the proper configuration for the switch port where the pix connects? should it be configured with STP portfast enabled or should it be disabled? we are having issues when one pix goes down, thank you again!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
glen.grant Fri, 03/09/2007 - 09:24
User Badges:
  • Purple, 4500 points or more

Normally any port that has network equipment attached would have portfast "disabled" .

Rajat Chauhan Sat, 03/10/2007 - 09:44
User Badges:
  • Cisco Employee,


PortFast is an option that tells the switch that you have a Layer 3 device connected out of a switch port. This causes the switch to put the port into forwarding state immediately after the link comes up, instead of waiting the default 30 seconds (15 seconds for listening, and 15 seconds for learning). It is important to understand that enabling PortFast does not disable spanning tree. Spanning tree is still running on that port; enabling PortFast only tells the switch that there is not another switch or hub (Layer 2-only device) connected at the other end of the link. This causes the switch to bypass the normal 30-second delay while it is trying to determine if bringing up that port will result in a Layer 2 loop. After the link is brought up, it will still participate in spanning tree. BPDUs will still be sent out the port, and the switch will still listen for BPDUs on that port. For these reasons, it is recommended to enable PortFast on any switch port that connects to a PIX. Thus, if the PIX's interface goes down during failover, the switch will not have to wait 30 seconds while the port is transitioned from a listening to learning to forwarding state.

Please rate as applicable.


Rajat Chauhan

Rajat Chauhan Tue, 03/13/2007 - 20:16
User Badges:
  • Cisco Employee,


I guess i missed that. yes, in transparent mode, it'll allow BPDU by default, so you should rather disable portfast on that link.



This Discussion