spanning-tree portfast enable on interface when it's connect with DSLAM

Answered Question
Jan 31st, 2010
User Badges:

Dear Experts,


I have cisco 3550  48P switch , in this switch interface port 6 to 48 are connetcted with 48P DSLAM each.


all 48p DSLAM are connected with ADSL modem at  CPE each,  and then customers pcs.


So , should i configure all interface port from 6 to 48 Spanning-tree portfast ?? or not.


and one more think , in this switch interface port 3 to 5 are connected with anather cisco 2950 switch each.


So, should i configure these all interface from port 3 to 5  in cisco 3550 spanning-tree guard root which is connected with cisco 2950 and also in

cisco 2950 uplink ports which is connected with cisco 3550 port to configure spanning-tree guard root ??? for loop prevent.



Please suggest me.


Thanks in ADV,


Vaib...

Correct Answer by Mohamed Sobair about 7 years 5 months ago

Hi,


On ports 6 to 48, configure (Spanning-tree bpdu filter ) feature. with this feature if your customers connects a switch your ports wont forward and recieve BPDUs and participate in Spanning-tree calculation



If you configure (BPDU Guard enable with Port-fast ) feature here, If customers for any reasons connected a switch , ports will be disabled, and you dont want that to happen.



On ports  3 - 5  , configure (spanning-tree root guard) feature.


As a side note, Set your primary root and secondary root bridges.




HTH

Mohamed

Correct Answer by Ganesh Hariharan about 7 years 5 months ago

Dear Experts,


I have cisco 3550  48P switch , in this switch interface port 6 to 48 are connetcted with 48P DSLAM each.


all 48p DSLAM are connected with ADSL modem at  CPE each,  and then customers pcs.


So , should i configure all interface port from 6 to 48 Spanning-tree portfast ?? or not.


and one more think , in this switch interface port 3 to 5 are connected with anather cisco 2950 switch each.


So, should i configure these all interface from port 3 to 5  in cisco 3550 spanning-tree guard root which is connected with cisco 2950 and also in

cisco 2950 uplink ports which is connected with cisco 3550 port to configure spanning-tree guard root ??? for loop prevent.



Please suggest me.


Thanks in ADV,


Vaib...


Hi Vaibhav,


If you see the defination for portfast and root gaurd. The PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.


The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.


On the other hand for root gaurd ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.


So i would suggest ports that are connected with end pc can be used as portfast with BPDU gaurd and root gaurd wher you have threat that other switch can send superior BPDU.


Hope to help


Ganesh.H

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Ganesh Hariharan Sun, 01/31/2010 - 06:41
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Dear Experts,


I have cisco 3550  48P switch , in this switch interface port 6 to 48 are connetcted with 48P DSLAM each.


all 48p DSLAM are connected with ADSL modem at  CPE each,  and then customers pcs.


So , should i configure all interface port from 6 to 48 Spanning-tree portfast ?? or not.


and one more think , in this switch interface port 3 to 5 are connected with anather cisco 2950 switch each.


So, should i configure these all interface from port 3 to 5  in cisco 3550 spanning-tree guard root which is connected with cisco 2950 and also in

cisco 2950 uplink ports which is connected with cisco 3550 port to configure spanning-tree guard root ??? for loop prevent.



Please suggest me.


Thanks in ADV,


Vaib...


Hi Vaibhav,


If you see the defination for portfast and root gaurd. The PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.


The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.


On the other hand for root gaurd ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.


So i would suggest ports that are connected with end pc can be used as portfast with BPDU gaurd and root gaurd wher you have threat that other switch can send superior BPDU.


Hope to help


Ganesh.H

Correct Answer
Mohamed Sobair Sun, 01/31/2010 - 07:48
User Badges:
  • Gold, 750 points or more

Hi,


On ports 6 to 48, configure (Spanning-tree bpdu filter ) feature. with this feature if your customers connects a switch your ports wont forward and recieve BPDUs and participate in Spanning-tree calculation



If you configure (BPDU Guard enable with Port-fast ) feature here, If customers for any reasons connected a switch , ports will be disabled, and you dont want that to happen.



On ports  3 - 5  , configure (spanning-tree root guard) feature.


As a side note, Set your primary root and secondary root bridges.




HTH

Mohamed

csawest.dc Sun, 01/31/2010 - 21:58
User Badges:

Dear Ganesh  &  Sobair,


Thanks to both of you are G-gentleman,


I will try to do  from interface 6 to 48 Spanning-tree portfast and Spanning-tree bpdu filter , which is connected with IP DSLAM ,not to directly customers pcs.


and interface port 3 to 5 Spanning-tree guard root , which is connected to cisco 2950 switch.


Vaib...

Actions

This Discussion