Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
3
Replies

Portfast and BPDUGuard with RPVST?

Go to solution
johnnylingo
Level 5
Level 5

‎06-17-2007 10:06 AM - edited ‎03-05-2019 04:46 PM

We'll be retiring the last of our 3500XLs next month and replacing them with 3560 and 3570s. Once complete, I would like to migrate from PVST and RPVST across the board in order to speed up convergence times.

The implementation seems pretty straight forward, but one thing I'm confused about is Portfast and BPDUGuard. Can I still use these features with RPVST? The documention says that backbonefast and uplinkfast are obsolete in RPVST, but is iffy when it comes to portfast. We rely on them heavily for protection against and user dropping an unauthorized bridge in to the network, and without them I'd have to look in to doing port-security.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎06-17-2007 10:27 AM

If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.

If configured in the global config, make sure to disable it on ports where you have authorized switches.

As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.

You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎06-17-2007 10:27 AM

If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.

If configured in the global config, make sure to disable it on ports where you have authorized switches.

As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.

You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....

0 Helpful

Go to solution
johnnylingo
Level 5
Level 5
In response to Edison Ortiz

‎06-18-2007 07:45 AM

Thanks for the post. So I'm taking it that Portfast & BPDUGuard will continue to be supported with RPVST? The document says the following:

The Cisco implementation maintains that the PortFast keyword be used for edge port configuration. This makes the transition to RSTP simpler

But I was just wondering if this is accurate.

We plan to continue to use BPDUGuard, since all switches are managed by IT and are only plugged in to pre-defined ports.

You make a good point about using Port-security for hubs and other devices that don't transmit BPDUs. Thanks!

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to johnnylingo

‎06-18-2007 07:54 AM

Yes, RPVST will support Portfast and BPDUGuard.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swstpopt.htm#wp1031116

"Optional Spanning-Tree Configuration Guidelines

You can configure PortFast, BPDU guard, BPDU filtering, EtherChannel guard, root guard, or loop guard if your switch is running PVST+, rapid PVST+, or MSTP.

You can configure the UplinkFast or the BackboneFast feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. "

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card