When to enable Portfast?

Answered Question
Mar 19th, 2007

Switch to switch?

Switch to server?

Switch to desktop?

Switch to router?

Switch to firewall?

By the way, I've decided to disable auto-negotiation and set speeds for 100/full or 1000/full for ports and connecting hosts.

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 8 months ago

Chris

Portfast is appropriate when you are sure that you are connecting to a single device that will not potentially bridge you to other ports. So portfast is fine switch to server, desktop, router, and firewall.

What you do about auto-negotiation does not have any impact on portfast or not. I will just observe that when you configure speed and duplex on one device it will not negotiate with the other device. That means if the device connected to the switch is auto for speed or duplex it will fail negotiation and the assumption then is to do half-duplex. So you need to be careful to configure every device that connects to the switch.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.

Portfast is designed for access ports where you never expect to see BPDU packets. Portfast shortens/bypasses normal STP timers to get ports up and forwarding as quickly as practical. This typically is a host PC/Workstation.

It's used to minimimize the impact of STP TCN BPDU traffic when a simple host is being rebooted or connected to a switch.

It's a Layer 2 function so routers/firewalls are out.

Switch-to-switch connections are STP environments and need to talk BPDU with each-other, so Portfast shouldn't be enabled on these connections.

Servers and workstations should be portfast enabled.

csjord Tue, 03/20/2007 - 11:17

Not for sure what you mean when you say "route/firewalls are out"?

sundar.palaniappan Mon, 03/19/2007 - 13:21

Chris,

You don't want to enable porfast in situations that could cause spanning tree loops. With that said, in your scenario, you can enable portfast in all except between the 'switch to switch' connection under normal circumstances.

One other situation you don't want to enable portfast is if your router has multiple interfaces and they are part of the same bridge group then you don't want to enable portfast on the switchport(s). Although, you mayn't be having this setup it's a good to know that.

HTH

Sundar

Correct Answer
Richard Burts Mon, 03/19/2007 - 13:24

Chris

Portfast is appropriate when you are sure that you are connecting to a single device that will not potentially bridge you to other ports. So portfast is fine switch to server, desktop, router, and firewall.

What you do about auto-negotiation does not have any impact on portfast or not. I will just observe that when you configure speed and duplex on one device it will not negotiate with the other device. That means if the device connected to the switch is auto for speed or duplex it will fail negotiation and the assumption then is to do half-duplex. So you need to be careful to configure every device that connects to the switch.

HTH

Rick

walleyewiz Thu, 03/22/2007 - 12:24

Another good way to do it is to enable the following commands globally:

spanning-tree portfast default

spanning-tree portfast bpduguard default

spanning-tree portfast bpdufilter default

Any switchport that is configured as an access port will then inherit the default commands--trunk ports do not.

Actions

This Discussion