Solved: I just ran across this and I

Ed Willson · ‎03-10-2012

I tried enabling portfast globally, rather than on a per interface basis. After enabling the message from the CLI said that I should immediately disable portfast on all trunking ports.

Then I went to the trunking ports and issued a "no spanning-tree portfast". When looked at the config after that command wasn't listed in the interface configurations.

Is there a way I can determine which ports do in fact have portfast enabled? And how to disable the globally issued portfast command on trunks?

Thanks,

Ed

Reza Sharifi · ‎03-10-2012

Try this command:

sh spanning-tree detail

Port 1 (GigabitEthernet1/0/1) of VLAN0001 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1.

Designated root has priority 32769, address 001b.5400.3380

Designated bridge has priority 32769, address 001b.5400.3380

Designated port id is 128.1, designated path cost 0

Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 1

The port is in the portfast mode

Link type is point-to-point by default

BPDU: sent 1882446, received 243

HTH

View solution in original post

Reza Sharifi · ‎03-10-2012

Try this command:

sh spanning-tree detail

Port 1 (GigabitEthernet1/0/1) of VLAN0001 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1.

Designated root has priority 32769, address 001b.5400.3380

Designated bridge has priority 32769, address 001b.5400.3380

Designated port id is 128.1, designated path cost 0

Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 1

The port is in the portfast mode

Link type is point-to-point by default

BPDU: sent 1882446, received 243

HTH

Ed Willson · ‎03-10-2012

That verified it. Thanks for the help!

Kevin Dorrell · ‎03-11-2012

I am a bit surprised at the message you got when you enabled portfast globally. Normally when you do spanning-tree portfast default, it enables portfast only on the access ports. Maybe this is what the message was telling you: that the global portfast is not effective on trunk ports.

It can be quite dangerous to enable portfast on a trunk because often trunks are switch-to-switch. That is why enabling portfast globallly usually goes hand-in-hand with spanning-tree portfast bpduguard default, which restores some level of protection against loops.

If you reaaly want portfast on a trunk, which you might do if the trunk is connected to a server, then you have to put spanning-tree portfast trunk on the interface itself. There is no way to enable portfast on trunks globally, precisely because of the safety concerns against loops.

Kevin Dorrell

Luxembourg

Peter Paluch · ‎03-11-2012

Hi Kevin,

I am a bit surprised at the message you got when you enabled portfast globally.

The message usuallys says:

%Warning: this command enables portfast by default on all interfaces. You

should now disable portfast explicitly on switched ports leading to hubs,

switches and bridges as they may create temporary bridging loops.

It is slightly misleading - as other friends including you stressed in this thread, the spanning-tree portfast default activates PortFast only on ports in the access operational mode. If the port is operating as a trunk, this command does not apply to it. While the message says "on all interfaces", it is simply being too general Some should really review these system messages in IOS once in a while and correct inaccuracies, like this one.

Best regards,

Peter

Kevin Dorrell · ‎03-11-2012

Peter,

Now you point it out, I can see how the message is misleading. I think the OP interpreted it as an instruction to disable portfast on all trunk links, which is actually unnecessary. It should say to disable portfast on all access-mode links to switches etc.

Thanks for posting the full message.

visitor68 · ‎03-11-2012

I wonder if there is a qualitative or better said a behavioral difference between the two portfast commands? spanning-tree portfast trunk and spanning-tree portfast....I know the former is added to a trunk port, but why the different syntax? Either there is a difference or Cisco just wants the administrator to be aware that they are indeed turning portfast up on a trunk port.....

Kevin Dorrell · ‎03-11-2012

I think spanning-tree portfast will still only activate portfast if the port is in access mode. The command spanning-tree portfast trunk says "Yes, activate portfast even if the port is trunking".

Kevin Dorrell

Luxembourg

Peter Paluch · ‎03-11-2012

Kevin,

You're spot on. The interface-level command spanning-tree portfast will be effective only if the port is operating as an access port. The spanning-tree portfast trunk activates PortFast on the port regardless of its operating mode (access or trunk).

Best regards,

Peter

Ed Willson · ‎03-11-2012

Kevin,

That's exactly what I interpreted!

Kevin Dorrell wrote:

Peter,

Now you point it out, I can see how the message is misleading. I think the OP interpreted it as an instruction to disable portfast on all trunk links, which is actually unnecessary. It should say to disable portfast on all access-mode links to switches etc.

Thanks for posting the full message.

shawnhill · ‎07-25-2016

I just ran across this and I know its old. But a quicker way possibly to see if port fast is enabled on an interface can be accomplished by this command.

SW1#sh spanning-tree int g1/0/1 portfast
VLAN0010 enabled
SW1#

If it is done on a non portfast port such as a trunk or an interface without the portfast command you will see this instead:

SW1#sh spanning-tree int g1/0/47 portfast
VLAN0010 disabled
SW1#

Spanning-Tree Portfast Default