03-31-2008 02:23 PM - edited 03-05-2019 10:05 PM
Can anyone tell me what the advantages or disadvantages are of enabling BPDU guard while having portfast enabled also?
Thanks!
03-31-2008 02:31 PM
Advantage: Workstations behind edge ports need portfast enabled to make sure they connect to the network without typical spanning tree delays.
Advantage: Bpduguard ensures that if somebody tries to put a L2 device on the network. it is clipped before possible interruption of spanning tree.
Disadvantage: portfast - no disadvantages I know of for access level switch edge ports.
Disadvantage: bpduguard - If you ever need to just plug a switch into an acces switch port for whatever reason, you'll have to get to the CLI of the access switch and disable bpduguard on the subject port.
The golden rule is that if specific ports on a switch are never expected to have anything but end user devices connected, then active portfast and bpduguard on those ports. It's safe, helps keep the user experience positive, and keeps detrimental spanning-tree surprises from jumping up and biting you when you least expect it.
Hope this helps.
03-31-2008 04:26 PM
I agree with Bill's comments about the advantages of BPDU guard. However, I would say there's no disadvantage in using portfast and bpdu guard configuration on access ports to connected to end hosts. Actually, many companies have strict security policies that warrants use of many commands on ports connected to end hosts and bpdu guard is one of them.
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide