portfast and loop risk

Answered Question
Jul 19th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!


A switch first decides the role( such as root port, designated port etc) before deciding whether to put a port in blocking or forwarding state. until such port role is decided, the port remains in blocking state.

Let say we have a switch,sw1 which has portfast enabled on f0/1. This port was formally connected to windows xp host.

Let say we have a another switch, sw2 which is also connected to same switched network like sw1.

sw2 has few ports available( not in use).

we take sw2's f0/2 port and connect it to f0/1 of sw1 which has portfast enabled.

According to my book loop could form, but here is my reasoning why loop can not form in the above case.

sw2:

As soon as sw2 finds its f0/2 is up and up, it starts sending bpdu on that port while keeping that port blocked.

Sw1:

sw1 has already determined its f0/1 port being designated port when f0/1 was connected to host. When sw1 receives the bpdu on f0/1 from sw2, it will have decide again that port role.

Two things could happen:

1) port f0/1 could become a blocked port if the received bpdu from sw2 is superior.

2) port f0/1 could remain designated port if the received bpdu is not superior.


While this role is being decided, sw2's f0/2 remains blocked, so how could loop form?

Even if consider the fact that the portfast-enabled port f0/1 on sw1 was in forwarding state, when sw1 received the bpdu from sw2'f0/2, the loop should not form as sw2's f0/2 is in blocking state while sw1 is reconsidering the role for f0/1 and sw2 is considering the role for its f0/2 port.



thanks a lot and have a nice weekend!

Correct Answer by Edison Ortiz about 7 years 8 months ago

As Nate stated, the portfast implementation is done on access ports so you only have one Vlan assigned to that port.


There is another implementation which is spanning-tree portfast trunk


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/command/reference/cli3.html#wp1946989


With that said, this feature affects all Vlans in the trunk and you can't selectively block one Vlan while allowing other Vlan.


If you intend to block a Vlan in a port, you may as well do a manual pruning with the command 'switchport trunk allow vlan x,x,x'


HTH,


__


Edison.

Correct Answer by nate-miller about 7 years 8 months ago

A switching port won't have more than one VLAN- unless it's a trunk.


When you put portfast on, it'll say something like "%Portfast has been configured on X/Y but will only

have effect when the interface is in a non-trunking mode."


If you've got two VLANs configured on that port, you're trunking- so portfast won't do anything. You'll come up with a standard portfast calculation. (So to answer your question: no, neither VLAN in your example would go straight to forwarding mode.)



However, you CAN enable spanning=tree portfast trunk- and then the link will come up, and all VLANs on the trunk will go straight to forwarding.

Correct Answer by Edison Ortiz about 7 years 8 months ago

If you enable portfast on a switchport, you will bypass the listening and learning states so in your case SW1's F0/1 will place the port in FWD right away.



Correct Answer by Edison Ortiz about 7 years 8 months ago

If you configure portfast while the port was up/up, nothing will happen. The port won't change from blocked to fwd state due to portfast. Portfast is only utilized during the opening of the port not during normal port operations. Spanning-Tree has blocked that port and it will remain as such until a Spanning-Tree change is received.



Correct Answer by Edison Ortiz about 7 years 8 months ago

You won't create a loop on a single inter-switch link. A loop may be created when connecting multiple inter-switch links to the same neighbor or different neighbors.


PortFast delays the opening of the port while Spanning-Tree calculates the best path throughout the switch domain.


In your case, if SW02 is the root of all Vlans and you interconnect 2 links between these switches with SW01 having PortFast enabled on all ports, SW01 may loop as it will have both ports in FWD mode while one should be BLK.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Correct Answer
Edison Ortiz Sun, 07/19/2009 - 12:27
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You won't create a loop on a single inter-switch link. A loop may be created when connecting multiple inter-switch links to the same neighbor or different neighbors.


PortFast delays the opening of the port while Spanning-Tree calculates the best path throughout the switch domain.


In your case, if SW02 is the root of all Vlans and you interconnect 2 links between these switches with SW01 having PortFast enabled on all ports, SW01 may loop as it will have both ports in FWD mode while one should be BLK.

sarahr202 Sun, 07/19/2009 - 13:23
User Badges:
  • Bronze, 100 points or more

Thanks Edison.


i come back in few hours if i have any question

sarahr202 Sun, 07/19/2009 - 23:48
User Badges:
  • Bronze, 100 points or more

Hi Edison


I have few questions:


Let say sw1 has a bolocked port f0/1, if i configure portfast on it( sheer stupidity),what would happen? will the blocked port transition into forwarding state?


If i configure portfast on all ports on a switch, will all ports end up in forwarding state?


The feature" portfast " simply puts the port in forwarding state directly( without interim states listening,learning) regardless of port role, i.e it could be blocked port,designated port. Is it correct?


thanks and have a good night!



Correct Answer
Edison Ortiz Mon, 07/20/2009 - 05:23
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If you configure portfast while the port was up/up, nothing will happen. The port won't change from blocked to fwd state due to portfast. Portfast is only utilized during the opening of the port not during normal port operations. Spanning-Tree has blocked that port and it will remain as such until a Spanning-Tree change is received.



sarahr202 Tue, 07/21/2009 - 10:07
User Badges:
  • Bronze, 100 points or more

Hi Edison,

I have one more question

Let say we have a switched network.

sw1 is root switch in the network.

let focus on sw2 in switched network.

sw2 is directly connected to sw1 via f0/1

sw1 f0/1--------f0/1 sw2


f0/1 of sw2 is root port.

f0/1 on sw1( root switch) is designated port.


let say we configured portfast on sw1's f0/1.


Now if i remove the cable connecting sw1's f0/1 to sw2's f0/1, and put it back, will sw1's f0/1 be put in forwarding state right away( without interim states listening and learning states) ?



Thanks a lot and have a nice day !

Correct Answer
Edison Ortiz Tue, 07/21/2009 - 10:12
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If you enable portfast on a switchport, you will bypass the listening and learning states so in your case SW1's F0/1 will place the port in FWD right away.



sarahr202 Tue, 07/21/2009 - 19:27
User Badges:
  • Bronze, 100 points or more

Hi Edison.

This is the last question .


The port feature if enabled, it is enabled for the port as the command" spanning-tree portfast does not have any field for vlan.

So let say a switch has a port which is in forwarding state for vlan 1 but in blocking state for vlan 2. if i enable portfast on the port, will it work i.e the port will transition into forwarding state right away ( for vlan 1)?


thanks a lot!

Correct Answer
nate-miller Tue, 07/21/2009 - 20:50
User Badges:
  • Bronze, 100 points or more

A switching port won't have more than one VLAN- unless it's a trunk.


When you put portfast on, it'll say something like "%Portfast has been configured on X/Y but will only

have effect when the interface is in a non-trunking mode."


If you've got two VLANs configured on that port, you're trunking- so portfast won't do anything. You'll come up with a standard portfast calculation. (So to answer your question: no, neither VLAN in your example would go straight to forwarding mode.)



However, you CAN enable spanning=tree portfast trunk- and then the link will come up, and all VLANs on the trunk will go straight to forwarding.

Correct Answer
Edison Ortiz Wed, 07/22/2009 - 06:30
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

As Nate stated, the portfast implementation is done on access ports so you only have one Vlan assigned to that port.


There is another implementation which is spanning-tree portfast trunk


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/command/reference/cli3.html#wp1946989


With that said, this feature affects all Vlans in the trunk and you can't selectively block one Vlan while allowing other Vlan.


If you intend to block a Vlan in a port, you may as well do a manual pruning with the command 'switchport trunk allow vlan x,x,x'


HTH,


__


Edison.

Actions

This Discussion