Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

When to enable Portfast?

Switch to switch?

Switch to server?

Switch to desktop?

Switch to router?

Switch to firewall?

By the way, I've decided to disable auto-negotiation and set speeds for 100/full or 1000/full for ports and connecting hosts.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: When to enable Portfast?

Chris

Portfast is appropriate when you are sure that you are connecting to a single device that will not potentially bridge you to other ports. So portfast is fine switch to server, desktop, router, and firewall.

What you do about auto-negotiation does not have any impact on portfast or not. I will just observe that when you configure speed and duplex on one device it will not negotiate with the other device. That means if the device connected to the switch is auto for speed or duplex it will fail negotiation and the assumption then is to do half-duplex. So you need to be careful to configure every device that connects to the switch.

HTH

Rick

6 REPLIES
bjw Silver
Silver

Re: When to enable Portfast?

Portfast is designed for access ports where you never expect to see BPDU packets. Portfast shortens/bypasses normal STP timers to get ports up and forwarding as quickly as practical. This typically is a host PC/Workstation.

It's used to minimimize the impact of STP TCN BPDU traffic when a simple host is being rebooted or connected to a switch.

It's a Layer 2 function so routers/firewalls are out.

Switch-to-switch connections are STP environments and need to talk BPDU with each-other, so Portfast shouldn't be enabled on these connections.

Servers and workstations should be portfast enabled.

New Member

Re: When to enable Portfast?

Not for sure what you mean when you say "route/firewalls are out"?

Re: When to enable Portfast?

Chris,

You don't want to enable porfast in situations that could cause spanning tree loops. With that said, in your scenario, you can enable portfast in all except between the 'switch to switch' connection under normal circumstances.

One other situation you don't want to enable portfast is if your router has multiple interfaces and they are part of the same bridge group then you don't want to enable portfast on the switchport(s). Although, you mayn't be having this setup it's a good to know that.

HTH

Sundar

Hall of Fame Super Silver

Re: When to enable Portfast?

Chris

Portfast is appropriate when you are sure that you are connecting to a single device that will not potentially bridge you to other ports. So portfast is fine switch to server, desktop, router, and firewall.

What you do about auto-negotiation does not have any impact on portfast or not. I will just observe that when you configure speed and duplex on one device it will not negotiate with the other device. That means if the device connected to the switch is auto for speed or duplex it will fail negotiation and the assumption then is to do half-duplex. So you need to be careful to configure every device that connects to the switch.

HTH

Rick

New Member

Re: When to enable Portfast?

Another good way to do it is to enable the following commands globally:

spanning-tree portfast default

spanning-tree portfast bpduguard default

spanning-tree portfast bpdufilter default

Any switchport that is configured as an access port will then inherit the default commands--trunk ports do not.

New Member

It is not wise to use both

It is not wise to use both bpduguard AND bpdufilter because bpdufilter kicks first and kills ANY BPDU which makes bpduguard useless. Using bpduguard only will allow you to shut down the port which is IMHO better.

499
Views
5
Helpful
6
Replies