Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Advantage/Disadvantages of BPDU guard with portfast enabled?

Can anyone tell me what the advantages or disadvantages are of enabling BPDU guard while having portfast enabled also?


bjw Silver

Re: Advantage/Disadvantages of BPDU guard with portfast enabled?

Advantage: Workstations behind edge ports need portfast enabled to make sure they connect to the network without typical spanning tree delays.

Advantage: Bpduguard ensures that if somebody tries to put a L2 device on the network. it is clipped before possible interruption of spanning tree.

Disadvantage: portfast - no disadvantages I know of for access level switch edge ports.

Disadvantage: bpduguard - If you ever need to just plug a switch into an acces switch port for whatever reason, you'll have to get to the CLI of the access switch and disable bpduguard on the subject port.

The golden rule is that if specific ports on a switch are never expected to have anything but end user devices connected, then active portfast and bpduguard on those ports. It's safe, helps keep the user experience positive, and keeps detrimental spanning-tree surprises from jumping up and biting you when you least expect it.

Hope this helps.

Re: Advantage/Disadvantages of BPDU guard with portfast enabled?

I agree with Bill's comments about the advantages of BPDU guard. However, I would say there's no disadvantage in using portfast and bpdu guard configuration on access ports to connected to end hosts. Actually, many companies have strict security policies that warrants use of many commands on ports connected to end hosts and bpdu guard is one of them.



CreatePlease to create content