Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
3
Replies

spanning-tree portfast enable on interface when it's connect with DSLAM

Go to solution
csawest.dc
Level 3
Level 3

‎01-31-2010 04:38 AM - edited ‎03-06-2019 09:31 AM

Dear Experts,

I have cisco 3550  48P switch , in this switch interface port 6 to 48 are connetcted with 48P DSLAM each.

all 48p DSLAM are connected with ADSL modem at  CPE each,  and then customers pcs.

So , should i configure all interface port from 6 to 48 Spanning-tree portfast ?? or not.

and one more think , in this switch interface port 3 to 5 are connected with anather cisco 2950 switch each.

So, should i configure these all interface from port 3 to 5  in cisco 3550 spanning-tree guard root which is connected with cisco 2950 and also in

cisco 2950 uplink ports which is connected with cisco 3550 port to configure spanning-tree guard root ??? for loop prevent.

Please suggest me.

Thanks in ADV,

Vaib...

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-31-2010 06:41 AM 

Dear Experts,
I have cisco 3550  48P switch , in this switch interface port 6 to 48 are connetcted with 48P DSLAM each.
all 48p DSLAM are connected with ADSL modem at  CPE each,  and then customers pcs.
So , should i configure all interface port from 6 to 48 Spanning-tree portfast ?? or not.
and one more think , in this switch interface port 3 to 5 are connected with anather cisco 2950 switch each.
So,
should i configure these all interface from port 3 to 5  in cisco 3550
spanning-tree guard root which is connected with cisco 2950 and also in
cisco 2950 uplink ports which is connected with cisco 3550 port to configure spanning-tree guard root ??? for loop prevent.
 Please suggest me.
Thanks in ADV,
Vaib...

Hi Vaibhav,

If you see the defination for portfast and root gaurd. The PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.

The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.

On the other hand for root gaurd ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

So i would suggest ports that are connected with end pc can be used as portfast with BPDU gaurd and root gaurd wher you have threat that other switch can send superior BPDU.

Hope to help

Ganesh.H

View solution in original post

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎01-31-2010 07:48 AM

Hi,

On ports 6 to 48, configure (Spanning-tree bpdu filter ) feature. with this feature if your customers connects a switch your ports wont forward and recieve BPDUs and participate in Spanning-tree calculation

If you configure (BPDU Guard enable with Port-fast ) feature here, If customers for any reasons connected a switch , ports will be disabled, and you dont want that to happen.

On ports  3 - 5  , configure (spanning-tree root guard) feature.

As a side note, Set your primary root and secondary root bridges.

HTH

Mohamed

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-31-2010 06:41 AM 

Dear Experts,
I have cisco 3550  48P switch , in this switch interface port 6 to 48 are connetcted with 48P DSLAM each.
all 48p DSLAM are connected with ADSL modem at  CPE each,  and then customers pcs.
So , should i configure all interface port from 6 to 48 Spanning-tree portfast ?? or not.
and one more think , in this switch interface port 3 to 5 are connected with anather cisco 2950 switch each.
So,
should i configure these all interface from port 3 to 5  in cisco 3550
spanning-tree guard root which is connected with cisco 2950 and also in
cisco 2950 uplink ports which is connected with cisco 3550 port to configure spanning-tree guard root ??? for loop prevent.
 Please suggest me.
Thanks in ADV,
Vaib...

Hi Vaibhav,

If you see the defination for portfast and root gaurd. The PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.

The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.

On the other hand for root gaurd ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

So i would suggest ports that are connected with end pc can be used as portfast with BPDU gaurd and root gaurd wher you have threat that other switch can send superior BPDU.

Hope to help

Ganesh.H

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎01-31-2010 07:48 AM

Hi,

On ports 6 to 48, configure (Spanning-tree bpdu filter ) feature. with this feature if your customers connects a switch your ports wont forward and recieve BPDUs and participate in Spanning-tree calculation

If you configure (BPDU Guard enable with Port-fast ) feature here, If customers for any reasons connected a switch , ports will be disabled, and you dont want that to happen.

On ports  3 - 5  , configure (spanning-tree root guard) feature.

As a side note, Set your primary root and secondary root bridges.

HTH

Mohamed

0 Helpful

Go to solution
csawest.dc
Level 3
Level 3
In response to Mohamed Sobair

‎01-31-2010 09:58 PM

Dear Ganesh  &  Sobair,

Thanks to both of you are G-gentleman,

I will try to do  from interface 6 to 48 Spanning-tree portfast and Spanning-tree bpdu filter , which is connected with IP DSLAM ,not to directly customers pcs.

and interface port 3 to 5 Spanning-tree guard root , which is connected to cisco 2950 switch.

Vaib...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card