Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2472
Views
15
Helpful
6
Replies

Portfast and network loops

CrackedJack1
Level 1
Level 1

‎02-10-2016 04:13 AM - edited ‎03-08-2019 04:32 AM

What happens if there's a loop created between two ports that are set to portfast? I was under the impression that the switch will still detect the loop and shut the ports but it may take 2-3 seconds. Is this correct or does it take longer/not detect the loop at all?

Would all switches, regardless of whether they were Cisco or not, behave the same way as long as STP and portfast/edge port are set?

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Mark Malone
VIP Alumni
VIP Alumni

‎02-10-2016 04:33 AM

Hey

You should run bpduguard with portfast that will put it into errdisable if someone plugs something in they shouldn't , portfast sets the fwd straight away the guard bit prevents the loop , bpdus are seen coming in the port will go errdisable with guard enabled

These 2 commands are recommended to be ran together for that purpose

Elliott Willink
Level 1
Level 1
In response to Mark Malone

‎02-10-2016 06:02 AM

double post

0 Helpful

Elliott Willink
Level 1
Level 1
In response to Mark Malone

‎02-10-2016 06:02 AM

Ok so to answer the question: yes, two portfast ports connected together will still detect the loop after spanning tree does its thing... Assuming the broadcast storm doesn't kill the switches first:

The problem you have, is that you could potentially overwhelm the switch with a broadcast storm in the few seconds before spanning tree blocks the port (so in the few seconds between you looping the port-fast ports and spanning tree blocking the link, the broadcast storm overwhelms the switch).

This is why bpduguard is good, as it will *immediately* block the port before a broadcast storm occurs.

99% of network loops we see are between access ports (users plugging wall socket 1 into wall socket 2 by accident)...  just always run bpduguard on portfast ports :)

CrackedJack1
Level 1
Level 1
In response to Elliott Willink

‎02-10-2016 06:48 AM

Thanks. So I'll be ok with portfast and loops provided the switch doesn't die from the traffic within 2-3 seconds.

With the bpduguard guard in place, along with portfast, intentionally connecting two switches together (not in a loop) would set the port to disabled though, correct?

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to CrackedJack1

‎02-10-2016 07:04 AM

If you connect a switch to a port with bpduguard the port will go errdisable as soon as it receives the bpdu

portfast is just to expedite it to fwd mode in stp , guard protects the port from becoming an issue

0 Helpful

Elliott Willink
Level 1
Level 1
In response to CrackedJack1

‎02-10-2016 02:23 PM

bpduguard puts the port into error-disabled state. If you are worried about extra administrative work having to no-shut a port, you can have the switch automatically recover from error disabled after a time period:

errdisable recovery cause bpduguard

errdisable recovery time 120

^ This will auto-recover the port after 2 minutes. It will instantly re-disable if the loop is still there, but assuming the user removes the loop after he/she realises he has broken things, they will automatically start working again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card