Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

BPDUguard -- is it built in to Portfast?

Can't see any documentation that says BPDUguard is built in to Portfast, but also don't find Cisco documentation showing BPDUguard always being turned on along with Portfast. (3750 documentation states that per-interface BPDUguard commad can be used to turn on BPDUguard without Portfast, for instance).

Using web-based ocnfigs turn both pon, so I assume both need to be enabled separately, but it's just fuzzy enough in documentaton that I can't tell for sure if Portfast has built-in BPDUguard support.

Any gurus out there?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: BPDUguard -- is it built in to Portfast?

Hi Joseph,

Both needs to be configured separately, lets discuss them briefly:

When PortFast is enabled (alone on an interface without BPDUGuard) the interface is running STP but it won't transit through listening and learning while coming up and it'll go directly to forwarding - and this would be a source of bridging loops if connected to another switch via this port, STP will eventually solve this loop but not immediately as the port has skipped the listen and learn when coming-up.

As for BPDU Guard, you must consider that BPDU Guard operation depends upon where it is configured. When enabled globally via "spanning-tree portfast bpduguard default" it affects only the ports configured with PortFast, simply if the interface receives a BPDU it err-disable the interface. While if configured on the interface level via " spanning-tree bpduguard enable" it doesn't depend on PortFast being enabled, it can be enabled without PortFast on the interface.

BR,

Mohammed Mahmoud.

4 REPLIES

Re: BPDUguard -- is it built in to Portfast?

Hi,

The Portfast and the BPDU guard must be configured separately.

The commands are:

- spanning-tree portfast default (enable portfast on all non-trunk interfaces).

- spanning-tree portfast bpduguard deafult (enable BPDU guard on all portfast enabled interfaces).

I hope this helps.

Best regards.

Massimiliano.

Re: BPDUguard -- is it built in to Portfast?

Hi Joseph,

Both needs to be configured separately, lets discuss them briefly:

When PortFast is enabled (alone on an interface without BPDUGuard) the interface is running STP but it won't transit through listening and learning while coming up and it'll go directly to forwarding - and this would be a source of bridging loops if connected to another switch via this port, STP will eventually solve this loop but not immediately as the port has skipped the listen and learn when coming-up.

As for BPDU Guard, you must consider that BPDU Guard operation depends upon where it is configured. When enabled globally via "spanning-tree portfast bpduguard default" it affects only the ports configured with PortFast, simply if the interface receives a BPDU it err-disable the interface. While if configured on the interface level via " spanning-tree bpduguard enable" it doesn't depend on PortFast being enabled, it can be enabled without PortFast on the interface.

BR,

Mohammed Mahmoud.

New Member

Re: BPDUguard -- is it built in to Portfast?

Thanks very much. Even Cisco's own BCMSN materials tell bpduguard is needed with portfast, but then leave it off on the examples. I saw the same issues on the config guides. Because automated setups add both, I was pretty sure they needed separate configuration, but your explanation clarifies the issue.

Joe

Re: BPDUguard -- is it built in to Portfast?

Hi Joe,

You are very welcomed, you can always comeback if you have any confusion from books, we are all here to share our experience, and i agree with you about the fuzzy covering of these features, my advice to you is the Cisco documentation plus labing every confusing topic and as i've said you can always come here with your query.

BR,

Mohammed Mahmoud.

583
Views
0
Helpful
4
Replies
CreatePlease to create content