I read port fast should be enabled on switch ports that coonect to single hosts.
here in this network
switch config is
idltvs1#sh spanning-tree int fa0/2
Interface Fa0/2 (port 14) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0005.3296.7680
Designated bridge has priority 32768, address 0005.3296.7680
Designated port is 14, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 3049, received 2
The port is in the portfast mode
This port da0/2 goes to router
sh cdp nei fa0/2 detail
Device ID: idltvr1.williams.com
IP address: 22.214.171.124
Platform: Cisco 2811, Capabilities: Router Switch IGMP
Interface: FastEthernet0/2, Port ID (outgoing port): FastEthernet0/1
Holdtime : 178 sec
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3e), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Tue 13-Jun-06 23:24 by alnguyen
advertisement version: 2
VTP Management Domain: ''
router config is
Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID FTX1028A28P
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
My question is why we enable port fast on port going to router also second question is why switchport fa0/2 has sent so many bpdu to router .as i know bpdu is exchanged between switches only.
router has sent only 2 bpdu back to switch
If the connection is not a trunk connection to the router then yes you should enable portfast. To all intents and purposes the router is simply an end device in this setup.
"If the connection is not a trunk connection to the router then yes you should enable portfast."
If a wireless access point is configured for VLANs, the port that it connects to would need to be trunked. Would that cause a loop, or would you just configure "spanning-tree portfast trunk"
Shouldn't cause a loop in that scenario. Must admit the only thing i tend to use "portfast trunk" for are servers that are doing 802.1q. Suppose you could use it on an AP connection.
With STP though i tend to err on the safe side. Unless not having portfast broke something i can't see a problem with just allowing the AP port to go through the STP listening/learning/forwarding stages to be honest.
thanks for reply
but why switch port keeps on sending BPDU to router port and to user pc port?
>> but why switch port keeps on sending BPDU to router port and to user pc port?
in order to be quickly detected by another switch should it be connected to the port.
Timing to prevent a bridging loop is very important : the switch cannot wait to hear a bpdu on port to start to send out its own BPDUs.
STP BPDUs are simply ignored by end user devices and routers.
There is only one case where portfast shouldn't be used at all towards a router :
it is when the router is configured for bridging or IRB in this case it is also a switch and interact with STP.
As a note: a router interface is supposed to be always on, so the portfast feature is not going to be used so often just in case the router reloads or it is powered off/on.
Hope to help
What if the ESW module is used within a router, are you saying that the BPDU's are ignored also.
If so, then I am slightly concered as I have labs setup using ESW module's and spanning-tree is operating as expected.
you are right an etherswitch port is clearly another very good reason to avoid to enable stp portfast on the lan switch side.
Hope to help
If it's a layer 3 link to the router then it's OK to enable portfast.
If the router port is acting as a switch port (ie it has a switching module) then you shouldn't enable portfast.
Remember spanning tree is to prevent layer 2 loops so for a standard layer 3 link upto a router it isn't required.
how can we check if router is acting as switch port
here is router port config
idltvr1#sh int fa0/1 switchport
% Fa0/1 is not a switchable port
is this way to confirm if router is not acting as switchport?
What about gaurding against root on this port as it looks like vlan 1 has a default priority. If it is actively participating in spanning-tree, then caution is needed.
I would recommend using the root guard feature in case a the 2811 advertises A BPDU lower enough to become the root of the VLAN.
If you do want the router to still pass BPDU's then I would put the guard root command on the interface facing the 2800 and make sure the priority of the 2800 is very high.
Makes sense to use root guard although i'm not entirely sure why the switch is receiving BPDU's on the router port. If it is a normal L3 interface on the router seems a bit strange to me.
Any thoughts ?
Oh yes and by the way i think they have fixed the URL issue where it kept repeating itself.
Not sure but would be intresting to see who the switch thinks is root as the 2800 thinks he is looking at the output.