Spanning-tree questions

Unanswered Question
Jun 25th, 2009


I've been asked to enable portfast on all ports on our edge switches. I've got a mix of 3Com, Cisco 2950 and 3560 switches, with a majority of them being Dell. I can enable bpduguard on the Cisco equipment, but unfortunately Dell and I don't believe 3Com support anything like that.

My question is more of a general STP question though:

Under what circumstances would create a loop when a non-Cisco switch is connected to a portfast enabled port? Is there something that will guarantee it to go down, or is it like playing roulette? I have a switch on my desk that I enabled portfast on a port, and then I connected my computer to it. I connected another switch to the portfast enabled port, and I didn't have any problems. They want us to enable portfast, but I have the argument that a loop could happen and now they want me to prove it.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Collin Clark Thu, 06/25/2009 - 13:18

You could do this- plug the switch on your desk into two ports on your network, one in vlan A and the other in vlan B. Then go sit in your bosses office and wait :-). I'm sure I'll get scolded for this, but here is what I would do. I would enable portfast on all access ports along with bpduguard. That's fulfilling the request. I would not turn it on on the trunk ports.

Jon Marshall Thu, 06/25/2009 - 13:24


As you know, portfast allows the port to bypass the listening and learning phases of STP and being forwarding immediately. It still runs STP on the port though.

If you connect a switch to a portfast port then as long as you have not formed a L2 loop by doing this there won't be an issue. Where there will be an issue is if you connect a switch to a port with portfast and that switch now forms a L2 loop.

Key thing is if you create a L2 loop, STP will block one of the ports. But if your ports have portfast enabled then if there is enough traffic flowing between the switches by the time the switches have worked out there is a loop it is usually too late and your switches have ground to a halt.

Basically portfast cannot create a loop on it's own, but if a loop is created then portfast can create a real problem.


John Blakley Thu, 06/25/2009 - 13:33


So there is NO way (other than someone having more than one connection from their personal switch) to create a loop. In effect, the switch that's connected to the portfast port will be seen really as a host on that port until you connect another link from that personal switch into another port that leads back to another switch. That's where the loop would form. I just tested this on my desk, and I don't receive any bpdus from an unmanaged switch until I loop the switch to another one, or connect a cable back to itself. Then I receive a ton of bpdus.



Jon Marshall Thu, 06/25/2009 - 13:39


If you don't have a loop then if yes if you introduce a new switch it would need at least 2 connections to form a L2 loop. Note the 2 connections could go to different switches.

"In effect, the switch that's connected to the portfast port will be seen really as a host on that port until you connect another link from that personal switch"

Not exactly although to all intents and purposes...

The main difference is that if there is only a host on the port then the switch should only see one mac-address on that port (or 2 if IP phone/pc). With a switch it can see multiple mac-addresses. Indeed using port security with a maximum of 1 mac-address on the port is a way of stopping users connecting switches and then having multiple pc's on that switch.



This Discussion