Spanning Tree Portfast Simplified: The Key to Faster Connections!

ByImran Ullah Khan

Introduction

Spanning Tree Portfast is a feature in STP that allows an end device to connect to the switch immediately, bypassing the listening and learning states. It reduces the time taken by the STP and connects the end device to the Switch immediately. The portfast-enabled port is considered to be a designated port. It works on layer 2 access ports to which we connect our end devices such as PC, laptop,s or workstations. These ports are also known as edge ports. The advantage of using portfast is that, if it receives any BTPD, then it puts the port into the blocking state by using a feature called BPDU Gaurd.

Spanning Tree Portfast Lab

In the below lab diagram, we are going to set up a topology where we will configure portfast on the access ports.

Spanning tree portfast lab
  • Configure the VTP mode as Server on all three switches
  • Set the domain name as marwat
  • Configure the trunk link on interfaces 0/0 and 0/1
  • create vlan 10
  • At last, configure the port ethernet 0/2 as the access port and add to the vlan 10
spanning tree portfast configurationof switch1

Similarly confirm the Swtich2 as below;

switch2 configuration

While the switch3 has the following configuration;

spanning tree portfast on switch3

Check the trunk interface through the command “show interface trunk” on switch1, switch2, and switch;

show interface trunk

Run the command “show spanning-tree” on switch1 as below, and in the same way, run the same command on switch2 as well as on switch3;

show spaning tree at switch1

Configuring portfast

Portfast command can be configured either in interface mode or in global mode. Run the following command in interface mode as given in the screenshot. The interface is ethernet 0/2 of switch1.

spanning tree portfast configuration

But if we want to configure the spanning tree port in global mode, then it will convert all the access ports or non-trunking ports into forwarding states immediately.

Switch1(config)#spanning-tree portfast default

After configuring the port on switch1, configure the same command on switch2, and switch3 ports to which end devices (PCs) are connected.

To check the result of the portfast command, run the show spanning tree command on switch1 for portfast result.

show spanning tree portfast

The port Ethernet 0/2 has been converted into an edge port. After configuration portfast on this port, any end will not wait for the listening or learning state, but it will immediately connect to the switch.

What Happens When a BPDU is Received on a PortFast-Enabled Port?

If a switch receives BPDU on portfast enable ports, it will receive that BPDU, which is not a good practice. Our switch should not receive BPDU on such ports, because we configure portfast for end devices like PC, Laptop or workstations. Another feature in Cisco switches that prevents BPDU from such ports is BPDUGuard.

BPDUGuard is a feature in Cisco switches that monitors incoming BPDUs on a port. We configure it on access ports through which we connect end devices. If a BPDU is received on a port with BPDUGuard enabled, then the port will immediately shut down. The port that is shut down by BPDUGuard is known as an error-disabled port. It prevents or misconfiguration caused by connecting unauthorized or unintended devices like another switch.

We can configure BPDUGuard globally as well as on a per-interface basis. If we apply it globally, then it will apply to all the ports with portfast enabled.

Let’s make another topology and examine the BPDUGuard functionality.

spanning tree bpduguard lab

Configure portfast on interface Fa 0/1 on switch1. If we plug/unplug PC on interface Fa 0/1 on switch, then PC will not wait for listening and learning state. But, it will up immediately.

Moreover, configure interface fastethernet 0/1 of switch1 as access port and assign it vlan 1.

If we connect another switch on the same interface Fa 0/1 of switch1, then the switch will wait for listening and learning states.

attach another switch4 to switch1

The switch4 is waiting for listening and learning states, and at the last it will make the trunk link switch1. But we don’t want to connect the switch on Fa 0/1 of switch1. If someone attaches a switch on this interface, then it should automatically shut down. We can achieve this functionality through the use of “BPDUGuard” command as below:

bpduguard lab

You can configure bpduguard in the global configuration mode as below;

bpduguard in global mode

Now detach and attach the same switch4 again to the switch1 and check the result;

error-disabled interface

Check the interface status through the following command;

show interface status

To recover the interface, first of all, remove the attached switch4 from switch1 and connect switch1 back to the PC with the same interface fa 0/1. And, then run the commands “shutdown” and “no shutdown” on interface fa 0/1 in switch1.

up the interface

The interface is recovered from the error-disabled state, and now it’s fully functional.

show interface status of switch1

It was a manual process, but if you want to recover the interface automatically after some interval of time, then run the below command.

bpdugaurd interval

Th switch will wait for 300 seconds, and after this interval, it will automatically recover from error-disabled state.

Imran Ullah Khan

Hey, I'm Imran Ullah Khan, an IT enthusiast from Lakki Marwat, Pakistan. I hold a BSCS degree and wear a tech-belt with certifications like CCNA, CCNP, MCSE, RHCSA, RHCE, FIREWALL, and VMWARE.

With 8 years of tech exploration, I'm currently an I.T instructor and the force behind CCNA Practical Labs. My blog is your gateway to practical CCNA insights. Let's simplify networking! WhatsApp at 00923439271114. Let's connect and tech-chat!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *