Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

spanning-tree portfast default

Just a quick question to clarify my mind. If you enable portfast globally, bpdu filtering and bpdu guard is disabled, if i'm correct. So portfast basically will turn the port into normal stp port if it receives a bdpu on a port; it will also send bpdus. Am I correct on these?

If you configure bpdu filtering globally, then the only behavior that will change is that bpdu will not be send from the portfast configured port. Am I correct here also?

I've read few sources that seem to be contradicting each other and wanted to make sure by asking someone.

Thank you in advance.

TK

2 REPLIES
Cisco Employee

Re: spanning-tree portfast default

With portfast, the port still run spanning-tree, so indeed may send, receiver or process BPDU. But the only difference with a normal is that in the spanning-tree state machine you bypass the transition listening/learning/forwarding to go directly to forwarding without any further check or waiting time.

with BPDU filtering you drop any receive bpdu on port where it runs and you do not send any. this is not recommended except on some port where there is a clear design goal for it. You typically do not want to run bpdu filtering on a port where an end hosts runs as it may very easily introduced loop.

Roland

Hall of Fame Super Silver

Re: spanning-tree portfast default

Hello Tomasz,

the right companion tool for STP portfast is BPDU guard.

bpdu filtering should be seen as a tool useful to L2 providers to avoid to join two STP domains.

On user ports we use STP portfast+BPDU guard+ storm control.

you can find several threads about people that had troubles with bpdu filtering.

just to make an example try to imagine what happens if someone connects two switch ports with a cable (this can happen users can play with cables in this and other ways..)

with STP bpdu filter the switch cannot detect that two ports are connected together and a loop can form.

With STP bpdu guard without bpdu filter as soon as one port sees the other one's BPDUs the loop is broken by tearing down the port.

bpdu guard is useful also to detect switches carried by users (bought in a supermarket and placed in a room to be able to connect also a laptop for example).

Luckily most consumer switches speak some form of STP and this allows for detection.

Hope to help

Giuseppe

440
Views
4
Helpful
2
Replies
CreatePlease to create content