Advantage/Disadvantages of BPDU guard with portfast enabled?

Unanswered Question
Mar 31st, 2008

Can anyone tell me what the advantages or disadvantages are of enabling BPDU guard while having portfast enabled also?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Advantage: Workstations behind edge ports need portfast enabled to make sure they connect to the network without typical spanning tree delays.

Advantage: Bpduguard ensures that if somebody tries to put a L2 device on the network. it is clipped before possible interruption of spanning tree.

Disadvantage: portfast - no disadvantages I know of for access level switch edge ports.

Disadvantage: bpduguard - If you ever need to just plug a switch into an acces switch port for whatever reason, you'll have to get to the CLI of the access switch and disable bpduguard on the subject port.

The golden rule is that if specific ports on a switch are never expected to have anything but end user devices connected, then active portfast and bpduguard on those ports. It's safe, helps keep the user experience positive, and keeps detrimental spanning-tree surprises from jumping up and biting you when you least expect it.

Hope this helps.

sundar.palaniappan Mon, 03/31/2008 - 16:26

I agree with Bill's comments about the advantages of BPDU guard. However, I would say there's no disadvantage in using portfast and bpdu guard configuration on access ports to connected to end hosts. Actually, many companies have strict security policies that warrants use of many commands on ports connected to end hosts and bpdu guard is one of them.




This Discussion