Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
Bronze

Portfast and BPDUGuard with RPVST?

We'll be retiring the last of our 3500XLs next month and replacing them with 3560 and 3570s. Once complete, I would like to migrate from PVST and RPVST across the board in order to speed up convergence times.

The implementation seems pretty straight forward, but one thing I'm confused about is Portfast and BPDUGuard. Can I still use these features with RPVST? The documention says that backbonefast and uplinkfast are obsolete in RPVST, but is iffy when it comes to portfast. We rely on them heavily for protection against and user dropping an unauthorized bridge in to the network, and without them I'd have to look in to doing port-security.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Portfast and BPDUGuard with RPVST?

If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.

If configured in the global config, make sure to disable it on ports where you have authorized switches.

As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.

You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....

3 REPLIES
Hall of Fame Super Bronze

Re: Portfast and BPDUGuard with RPVST?

If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.

If configured in the global config, make sure to disable it on ports where you have authorized switches.

As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.

You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....

Bronze

Re: Portfast and BPDUGuard with RPVST?

Thanks for the post. So I'm taking it that Portfast & BPDUGuard will continue to be supported with RPVST? The document says the following:

The Cisco implementation maintains that the PortFast keyword be used for edge port configuration. This makes the transition to RSTP simpler

But I was just wondering if this is accurate.

We plan to continue to use BPDUGuard, since all switches are managed by IT and are only plugged in to pre-defined ports.

You make a good point about using Port-security for hubs and other devices that don't transmit BPDUs. Thanks!

Hall of Fame Super Bronze

Re: Portfast and BPDUGuard with RPVST?

Yes, RPVST will support Portfast and BPDUGuard.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swstpopt.htm#wp1031116

"Optional Spanning-Tree Configuration Guidelines

You can configure PortFast, BPDU guard, BPDU filtering, EtherChannel guard, root guard, or loop guard if your switch is running PVST+, rapid PVST+, or MSTP.

You can configure the UplinkFast or the BackboneFast feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. "

403
Views
0
Helpful
3
Replies
CreatePlease to create content