- Bronze, 100 points or more
We'll be retiring the last of our 3500XLs next month and replacing them with 3560 and 3570s. Once complete, I would like to migrate from PVST and RPVST across the board in order to speed up convergence times.
The implementation seems pretty straight forward, but one thing I'm confused about is Portfast and BPDUGuard. Can I still use these features with RPVST? The documention says that backbonefast and uplinkfast are obsolete in RPVST, but is iffy when it comes to portfast. We rely on them heavily for protection against and user dropping an unauthorized bridge in to the network, and without them I'd have to look in to doing port-security.
If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.
If configured in the global config, make sure to disable it on ports where you have authorized switches.
As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.
You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....