Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

portfast enabled port

hi every body!

I was reading ccnp bcmsn guide by David Hucaby.

According to David Hucaby " Catalyst switches offer the PortFast feature ,which shortens the listening and learningstates to a negligible amount of time. When work station link comes up, the switch immediately moves the portfast port into forwarding state. Spanning-tree loop detection is still in operatio,however, and the port moves into the blocking state if a loop is ever detected on the port"

question#1) That means we should not be concerned about the loop formation if we by mistake connect a switch to portfast enabled port as spanning-tree will put that port in blocking state.But in next paragraph i find " Obviously , you should not enable portfast on a switch port that is connected to a hub or another swith because bridging loops could form"

Well, i get that part portfast should be enabled on access port connected to single host, but how could bridging loop form even if a switch is connected to portfast enabled port by mistake, as stp would block the port.

Am i right?

thanks a lot!

3 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: portfast enabled port

Hello Sarah,

the question is that with portfast enabled there isn't a 100% probability to avoid bridging loops in traditional STP like in a normal port:

the initial listening and learning states that are 15 seconds each (with default values) are there in order to let the STP topology to synchronize and only at the end of both a single port in the segment will be the designated port ando so in forwarding state.

With portfast as soon as the line protocol is up the port is directly put in forwarding.

So there are some possible scenarios where a loop can form.

Hope to help

Giuseppe

Re: portfast enabled port

Speed is the issue. Set a port as non-portfast and it will wait till it is darn sure there is no loop before putting the port into forwarding.

Use portfast and create a loop, and you will have a period before BPDUs are detected where the network will have a loop. Even a short period can be an issue on a modern network carrying many business critical services.

OK it will probably sort itself out in the end, but better to be tidy about it!

Re: portfast enabled port

Ooh, Interesting! The answer is it depends!

I will assume you are not also using BPDU-Guard!

If you have a spanning tree network, and you simply add a switch, with no alternate paths to a port with portfast enabled, you won't have a loop, but the moment the network sees a BPDU from the switch, it will block the port for user trafficuntil spanning tree is certain there are no loops. How long that is will depend upon the version of spanning tree - traditional or rapid implemented on the network and the new switch.

If traditional I would expect forwarding to resume in around 30 secs, and rapid around 2.

If there is a loop spanning tree will have to determine form each switch the best path to thr root bridge, and which ports should be designated or root ports on each segment. Once that has been determined, your port *may* be in blocking permanently (where permanently means to the next real topology change).

Back to BPDU Guard. It is good practise to enable BPDU-Guard on all portfast ports. A good way to think of a port with portfast is that it is an edge port as far as your L2 network is concerned. There should be no L2 forwarding devices beyond an edge port. What BPDU Guard does (as default) is put the port into err-disabled - effectively shutting it down until someone removes the source of BPDUs and re-enables the port. Basically if a user wants to add a PC and adds a switch to your network, they then have to ask to have the port re-enabled, and you get the opportunity to explain to them why adding devices to the network without permission is not a good idea...

7 REPLIES
Hall of Fame Super Silver

Re: portfast enabled port

Hello Sarah,

the question is that with portfast enabled there isn't a 100% probability to avoid bridging loops in traditional STP like in a normal port:

the initial listening and learning states that are 15 seconds each (with default values) are there in order to let the STP topology to synchronize and only at the end of both a single port in the segment will be the designated port ando so in forwarding state.

With portfast as soon as the line protocol is up the port is directly put in forwarding.

So there are some possible scenarios where a loop can form.

Hope to help

Giuseppe

Bronze

Re: portfast enabled port

Thanks again Giuseppe!

Re: portfast enabled port

Speed is the issue. Set a port as non-portfast and it will wait till it is darn sure there is no loop before putting the port into forwarding.

Use portfast and create a loop, and you will have a period before BPDUs are detected where the network will have a loop. Even a short period can be an issue on a modern network carrying many business critical services.

OK it will probably sort itself out in the end, but better to be tidy about it!

Bronze

Re: portfast enabled port

thanks for your reply!

Let say switch discovers the loop and put portfast enabled port in blocking state.

How long that blocking state will last?

say we connect host back to portfast enabled port of the switch which the switch having discovered loop, put it in blocking port.

how can we restore the connectivity ?

thanks a lot!

Hall of Fame Super Bronze

Re: portfast enabled port

It depends the state of the switchport.

If the switchport became err-disabled due to the loop-detection, you have to shut and no shut the switchport for it to become operational again.

If it's blocked by STP, simply swapping the connection from a switch to a host should restore the switchport to forwarding state.

HTH,

__

Edison.

Re: portfast enabled port

Ooh, Interesting! The answer is it depends!

I will assume you are not also using BPDU-Guard!

If you have a spanning tree network, and you simply add a switch, with no alternate paths to a port with portfast enabled, you won't have a loop, but the moment the network sees a BPDU from the switch, it will block the port for user trafficuntil spanning tree is certain there are no loops. How long that is will depend upon the version of spanning tree - traditional or rapid implemented on the network and the new switch.

If traditional I would expect forwarding to resume in around 30 secs, and rapid around 2.

If there is a loop spanning tree will have to determine form each switch the best path to thr root bridge, and which ports should be designated or root ports on each segment. Once that has been determined, your port *may* be in blocking permanently (where permanently means to the next real topology change).

Back to BPDU Guard. It is good practise to enable BPDU-Guard on all portfast ports. A good way to think of a port with portfast is that it is an edge port as far as your L2 network is concerned. There should be no L2 forwarding devices beyond an edge port. What BPDU Guard does (as default) is put the port into err-disabled - effectively shutting it down until someone removes the source of BPDUs and re-enables the port. Basically if a user wants to add a PC and adds a switch to your network, they then have to ask to have the port re-enabled, and you get the opportunity to explain to them why adding devices to the network without permission is not a good idea...

Re: portfast enabled port

to add to the great info from Giuseppe and Paul

practicly only consider portfast on access ports with clients need to get IP address from a DHCP server like PC or IP phone

because portfast taks the port directly to forwarding state the client can get ip address fron the DHCP server without problem becase in normal cases without portfast the port will take longer time to get in forwarding state as it should go in listning, learing .. so on so might make problem with geting IP from DHCP server this is the main idea behind it

good luck

hope this helpful

324
Views
0
Helpful
7
Replies
CreatePlease to create content