Table of Contents
Advertisement
Understanding How PortFast Works
Understanding How PortFast Works
STP PortFast causes a Layer 2 LAN port configured as an access port to enter the forwarding state
immediately, bypassing the listening and learning states. You can use PortFast on Layer 2 access ports
connected to a single workstation or server to allow those devices to connect to the network immediately,
instead of waiting for STP to converge. Interfaces connected to a single workstation or server should not
receive bridge protocol data units (BPDUs). When configured for PortFast, a port is still running the
spanning tree protocol. A PortFast enabled port can immediately transition to the blocking state if
necessary (this could happen on receipt of a superior BPDU). PortFast can be enabled on trunk ports.
PortFast can have an operational value that is different from the configured value.
Because the purpose of PortFast is to minimize the time that access ports must wait for STP to converge,
Caution
it should only be used on access ports. If you enable PortFast on a port connected to a switch, you might
create a temporary bridging loop.
Understanding How BPDU Guard Works
When enabled on a port, BPDU Guard shuts down a port that receives a BPDU. When configured
globally, BPDU Guard is only effective on ports in the operational PortFast state. In a valid
configuration, PortFast Layer 2 LAN interfaces do not receive BPDUs. Reception of a BPDU by a
PortFast Layer 2 LAN interface signals an invalid configuration, such as connection of an unauthorized
device. BPDU Guard provides a secure response to invalid configurations, because the administrator
must manually put the Layer 2 LAN interface back in service. BPDU Guard can be configured at the
interface level. When configured at the interface level, BPDU Guard shuts the port down as soon as the
port receives a BPDU, regardless of the PortFast configuration.
When enabled globally, BPDU Guard applies to all interfaces that are in an operational PortFast state.
Note
Understanding How PortFast BPDU Filtering Works
PortFast BPDU filtering allows the administrator to prevent the system from sending or even receiving
BPDUs on specified ports.
When configured globally, PortFast BPDU filtering applies to all operational PortFast ports. Ports in an
operational PortFast state are supposed to be connected to hosts, that typically drop BPDUs. If an
operational PortFast port receives a BPDU, it immediately loses its operational PortFast status. In that
case, PortFast BPDU filtering is disabled on this port and STP resumes sending BPDUs on this port.
PortFast BPDU filtering can also be configured on a per-port basis. When PortFast BPDU filtering is
explicitly configured on a port, it does not send any BPDUs and drops all BPDUs it receives.
Explicate configuring PortFast BPDU filtering on a port that is not connected to a host can result in
Caution
bridging loops as the port will ignore any BPDU it receives and go to forwarding.
When you enable PortFast BPDU filtering globally and set the port configuration as the default for
PortFast BPDU filtering (see the
PortFast enables or disables PortFast BPDU filtering.
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
18-2
"Enabling PortFast BPDU Filtering" section on page
Chapter 18
Configuring Optional STP Features
18-10), then
OL-11439-03
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
