hi every body!
I was reading ccnp bcmsn guide by David Hucaby.
According to David Hucaby " Catalyst switches offer the PortFast feature ,which shortens the listening and learningstates to a negligible amount of time. When work station link comes up, the switch immediately moves the portfast port into forwarding state. Spanning-tree loop detection is still in operatio,however, and the port moves into the blocking state if a loop is ever detected on the port"
question#1) That means we should not be concerned about the loop formation if we by mistake connect a switch to portfast enabled port as spanning-tree will put that port in blocking state.But in next paragraph i find " Obviously , you should not enable portfast on a switch port that is connected to a hub or another swith because bridging loops could form"
Well, i get that part portfast should be enabled on access port connected to single host, but how could bridging loop form even if a switch is connected to portfast enabled port by mistake, as stp would block the port.
Am i right?
thanks a lot!
Ooh, Interesting! The answer is it depends!
I will assume you are not also using BPDU-Guard!
If you have a spanning tree network, and you simply add a switch, with no alternate paths to a port with portfast enabled, you won't have a loop, but the moment the network sees a BPDU from the switch, it will block the port for user trafficuntil spanning tree is certain there are no loops. How long that is will depend upon the version of spanning tree - traditional or rapid implemented on the network and the new switch.
If traditional I would expect forwarding to resume in around 30 secs, and rapid around 2.
If there is a loop spanning tree will have to determine form each switch the best path to thr root bridge, and which ports should be designated or root ports on each segment. Once that has been determined, your port *may* be in blocking permanently (where permanently means to the next real topology change).
Back to BPDU Guard. It is good practise to enable BPDU-Guard on all portfast ports. A good way to think of a port with portfast is that it is an edge port as far as your L2 network is concerned. There should be no L2 forwarding devices beyond an edge port. What BPDU Guard does (as default) is put the port into err-disabled - effectively shutting it down until someone removes the source of BPDUs and re-enables the port. Basically if a user wants to add a PC and adds a switch to your network, they then have to ask to have the port re-enabled, and you get the opportunity to explain to them why adding devices to the network without permission is not a good idea...
Speed is the issue. Set a port as non-portfast and it will wait till it is darn sure there is no loop before putting the port into forwarding.
Use portfast and create a loop, and you will have a period before BPDUs are detected where the network will have a loop. Even a short period can be an issue on a modern network carrying many business critical services.
OK it will probably sort itself out in the end, but better to be tidy about it!
the question is that with portfast enabled there isn't a 100% probability to avoid bridging loops in traditional STP like in a normal port:
the initial listening and learning states that are 15 seconds each (with default values) are there in order to let the STP topology to synchronize and only at the end of both a single port in the segment will be the designated port ando so in forwarding state.
With portfast as soon as the line protocol is up the port is directly put in forwarding.
So there are some possible scenarios where a loop can form.
Hope to help