Is it ok to enable port fast on port connected to router

mahesh18 · ‎03-10-2009

Hi ,

I read port fast should be enabled on switch ports that coonect to single hosts.

here in this network

switch config is

idltvs1#sh spanning-tree int fa0/2

Interface Fa0/2 (port 14) in Spanning tree 1 is FORWARDING

Port path cost 19, Port priority 128

Designated root has priority 32768, address 0005.3296.7680

Designated bridge has priority 32768, address 0005.3296.7680

Designated port is 14, path cost 0

Timers: message age 0, forward delay 0, hold 0

BPDU: sent 3049, received 2

The port is in the portfast mode

This port da0/2 goes to router

sh cdp nei fa0/2 detail

-------------------------

Device ID: idltvr1.williams.com

Entry address(es):

IP address: 161.245.144.220

Platform: Cisco 2811, Capabilities: Router Switch IGMP

Interface: FastEthernet0/2, Port ID (outgoing port): FastEthernet0/1

Holdtime : 178 sec

Version :

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3e), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Compiled Tue 13-Jun-06 23:24 by alnguyen

advertisement version: 2

VTP Management Domain: ''

Duplex: full

router config is

Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.

Processor board ID FTX1028A28P

2 FastEthernet interfaces

2 Serial(sync/async) interfaces

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

62720K bytes of ATA CompactFlash (Read/Write)

My question is why we enable port fast on port going to router also second question is why switchport fa0/2 has sent so many bpdu to router .as i know bpdu is exchanged between switches only.

router has sent only 2 bpdu back to switch

may thanks

mahesh

Jon Marshall · ‎03-10-2009

Mahesh

If the connection is not a trunk connection to the router then yes you should enable portfast. To all intents and purposes the router is simply an end device in this setup.

Jon

John Blakley · ‎03-10-2009

Jon,

"If the connection is not a trunk connection to the router then yes you should enable portfast."

If a wireless access point is configured for VLANs, the port that it connects to would need to be trunked. Would that cause a loop, or would you just configure "spanning-tree portfast trunk"

Just curious,

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎03-10-2009

John

Shouldn't cause a loop in that scenario. Must admit the only thing i tend to use "portfast trunk" for are servers that are doing 802.1q. Suppose you could use it on an AP connection.

With STP though i tend to err on the safe side. Unless not having portfast broke something i can't see a problem with just allowing the AP port to go through the STP listening/learning/forwarding stages to be honest.

Jon

mahesh18 · ‎03-10-2009

Hi Jon,

thanks for reply

but why switch port keeps on sending BPDU to router port and to user pc port?

many thanks

mahesh

Giuseppe Larosa · ‎03-10-2009

Hello Mahesh,

>> but why switch port keeps on sending BPDU to router port and to user pc port?

in order to be quickly detected by another switch should it be connected to the port.

Timing to prevent a bridging loop is very important : the switch cannot wait to hear a bpdu on port to start to send out its own BPDUs.

STP BPDUs are simply ignored by end user devices and routers.

There is only one case where portfast shouldn't be used at all towards a router :

it is when the router is configured for bridging or IRB in this case it is also a switch and interact with STP.

As a note: a router interface is supposed to be always on, so the portfast feature is not going to be used so often just in case the router reloads or it is powered off/on.

Hope to help

Giuseppe

adamclarkuk_2 · ‎03-10-2009

Hi guiseppe

What if the ESW module is used within a router, are you saying that the BPDU's are ignored also.

If so, then I am slightly concered as I have labs setup using ESW module's and spanning-tree is operating as expected.

Giuseppe Larosa · ‎03-10-2009

Hello Adam,

you are right an etherswitch port is clearly another very good reason to avoid to enable stp portfast on the lan switch side.

Hope to help

Giuseppe

JamesLuther · ‎03-10-2009

Hi,

If it's a layer 3 link to the router then it's OK to enable portfast.

If the router port is acting as a switch port (ie it has a switching module) then you shouldn't enable portfast.

Remember spanning tree is to prevent layer 2 loops so for a standard layer 3 link upto a router it isn't required.

Regards

mahesh18 · ‎03-10-2009

Hi james

how can we check if router is acting as switch port

here is router port config

idltvr1#sh int fa0/1 switchport

% Fa0/1 is not a switchable port

idltvr1#

is this way to confirm if router is not acting as switchport?

thanks mahesh

adamclarkuk_2 · ‎03-10-2009

Jon

What about gaurding against root on this port as it looks like vlan 1 has a default priority. If it is actively participating in spanning-tree, then caution is needed.

I would recommend using the root guard feature in case a the 2811 advertises A BPDU lower enough to become the root of the VLAN.

If you do want the router to still pass BPDU's then I would put the guard root command on the interface facing the 2800 and make sure the priority of the 2800 is very high.

hxxp://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

Jon Marshall · ‎03-10-2009

Adam

Makes sense to use root guard although i'm not entirely sure why the switch is receiving BPDU's on the router port. If it is a normal L3 interface on the router seems a bit strange to me.

Any thoughts ?

Oh yes and by the way i think they have fixed the URL issue where it kept repeating itself.

Jon

adamclarkuk_2 · ‎03-10-2009

Not sure but would be intresting to see who the switch thinks is root as the 2800 thinks he is looking at the output.