cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
573
Views
0
Helpful
7
Replies

portfast enabled port

sarahr202
Level 5
Level 5

hi every body!

I was reading ccnp bcmsn guide by David Hucaby.

According to David Hucaby " Catalyst switches offer the PortFast feature ,which shortens the listening and learningstates to a negligible amount of time. When work station link comes up, the switch immediately moves the portfast port into forwarding state. Spanning-tree loop detection is still in operatio,however, and the port moves into the blocking state if a loop is ever detected on the port"

question#1) That means we should not be concerned about the loop formation if we by mistake connect a switch to portfast enabled port as spanning-tree will put that port in blocking state.But in next paragraph i find " Obviously , you should not enable portfast on a switch port that is connected to a hub or another swith because bridging loops could form"

Well, i get that part portfast should be enabled on access port connected to single host, but how could bridging loop form even if a switch is connected to portfast enabled port by mistake, as stp would block the port.

Am i right?

thanks a lot!

3 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sarah,

the question is that with portfast enabled there isn't a 100% probability to avoid bridging loops in traditional STP like in a normal port:

the initial listening and learning states that are 15 seconds each (with default values) are there in order to let the STP topology to synchronize and only at the end of both a single port in the segment will be the designated port ando so in forwarding state.

With portfast as soon as the line protocol is up the port is directly put in forwarding.

So there are some possible scenarios where a loop can form.

Hope to help

Giuseppe

View solution in original post

paul.matthews
Level 5
Level 5

Speed is the issue. Set a port as non-portfast and it will wait till it is darn sure there is no loop before putting the port into forwarding.

Use portfast and create a loop, and you will have a period before BPDUs are detected where the network will have a loop. Even a short period can be an issue on a modern network carrying many business critical services.

OK it will probably sort itself out in the end, but better to be tidy about it!

View solution in original post

Ooh, Interesting! The answer is it depends!

I will assume you are not also using BPDU-Guard!

If you have a spanning tree network, and you simply add a switch, with no alternate paths to a port with portfast enabled, you won't have a loop, but the moment the network sees a BPDU from the switch, it will block the port for user trafficuntil spanning tree is certain there are no loops. How long that is will depend upon the version of spanning tree - traditional or rapid implemented on the network and the new switch.

If traditional I would expect forwarding to resume in around 30 secs, and rapid around 2.

If there is a loop spanning tree will have to determine form each switch the best path to thr root bridge, and which ports should be designated or root ports on each segment. Once that has been determined, your port *may* be in blocking permanently (where permanently means to the next real topology change).

Back to BPDU Guard. It is good practise to enable BPDU-Guard on all portfast ports. A good way to think of a port with portfast is that it is an edge port as far as your L2 network is concerned. There should be no L2 forwarding devices beyond an edge port. What BPDU Guard does (as default) is put the port into err-disabled - effectively shutting it down until someone removes the source of BPDUs and re-enables the port. Basically if a user wants to add a PC and adds a switch to your network, they then have to ask to have the port re-enabled, and you get the opportunity to explain to them why adding devices to the network without permission is not a good idea...

View solution in original post

7 Replies 7

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sarah,

the question is that with portfast enabled there isn't a 100% probability to avoid bridging loops in traditional STP like in a normal port:

the initial listening and learning states that are 15 seconds each (with default values) are there in order to let the STP topology to synchronize and only at the end of both a single port in the segment will be the designated port ando so in forwarding state.

With portfast as soon as the line protocol is up the port is directly put in forwarding.

So there are some possible scenarios where a loop can form.

Hope to help

Giuseppe

Thanks again Giuseppe!

paul.matthews
Level 5
Level 5

Speed is the issue. Set a port as non-portfast and it will wait till it is darn sure there is no loop before putting the port into forwarding.

Use portfast and create a loop, and you will have a period before BPDUs are detected where the network will have a loop. Even a short period can be an issue on a modern network carrying many business critical services.

OK it will probably sort itself out in the end, but better to be tidy about it!

thanks for your reply!

Let say switch discovers the loop and put portfast enabled port in blocking state.

How long that blocking state will last?

say we connect host back to portfast enabled port of the switch which the switch having discovered loop, put it in blocking port.

how can we restore the connectivity ?

thanks a lot!

It depends the state of the switchport.

If the switchport became err-disabled due to the loop-detection, you have to shut and no shut the switchport for it to become operational again.

If it's blocked by STP, simply swapping the connection from a switch to a host should restore the switchport to forwarding state.

HTH,

__

Edison.

Ooh, Interesting! The answer is it depends!

I will assume you are not also using BPDU-Guard!

If you have a spanning tree network, and you simply add a switch, with no alternate paths to a port with portfast enabled, you won't have a loop, but the moment the network sees a BPDU from the switch, it will block the port for user trafficuntil spanning tree is certain there are no loops. How long that is will depend upon the version of spanning tree - traditional or rapid implemented on the network and the new switch.

If traditional I would expect forwarding to resume in around 30 secs, and rapid around 2.

If there is a loop spanning tree will have to determine form each switch the best path to thr root bridge, and which ports should be designated or root ports on each segment. Once that has been determined, your port *may* be in blocking permanently (where permanently means to the next real topology change).

Back to BPDU Guard. It is good practise to enable BPDU-Guard on all portfast ports. A good way to think of a port with portfast is that it is an edge port as far as your L2 network is concerned. There should be no L2 forwarding devices beyond an edge port. What BPDU Guard does (as default) is put the port into err-disabled - effectively shutting it down until someone removes the source of BPDUs and re-enables the port. Basically if a user wants to add a PC and adds a switch to your network, they then have to ask to have the port re-enabled, and you get the opportunity to explain to them why adding devices to the network without permission is not a good idea...

Marwan ALshawi
VIP Alumni
VIP Alumni

to add to the great info from Giuseppe and Paul

practicly only consider portfast on access ports with clients need to get IP address from a DHCP server like PC or IP phone

because portfast taks the port directly to forwarding state the client can get ip address fron the DHCP server without problem becase in normal cases without portfast the port will take longer time to get in forwarding state as it should go in listning, learing .. so on so might make problem with geting IP from DHCP server this is the main idea behind it

good luck

hope this helpful

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: