07-31-2017 07:50 AM - edited 03-08-2019 11:32 AM
Hello,
When i put this commond
Sw1# show spanning-tree interface fa0/1 portfast
and result shows
VLAN0001 Disable
what is mean by disable. if there is showing enable then what is meaning? thanks
Solved! Go to Solution.
07-31-2017 01:03 PM
yes exactly if you turn it off on a port and someone makes a mistake by looping that port back through a patch panel to a switch instead of an end device traffic at layer 2 will start to go around and around through these interfaces until the CPU keeps getting higher and higher , eventually most switches crash after a while network or become just un-useable unless maybe some form of storm control is in place to mitigate it , the filter command in my opinion is a last resort command connecting to switches that don't understand bpdu traffic but you want to make sure its single homed and not dual linked
07-31-2017 08:18 AM
Means that portfast is not enabled on interface fa0/1.
interface fa0/1
spanning-tree portfast
need to be issued if you want to enable portfast on that interface.
Enable would mean that interface is skipping listening (15 sec) and learning (15 sec) STP states, so port will be moved directly to forwarding state .
07-31-2017 08:42 AM
its good practice to run bpduguard with portfast globally per switch
the guard will only function when the portfast is enabled as a form of protection with it , the portfast will only apply itself to edge ports by default when applied globally that are already set as access not to effect the trunks
spanning-tree portfast bpduguard default
07-31-2017 09:16 AM
For example if i will set bpdu filter on fa0/1 then when this port will detect BPDU then it will goes to Disable state?
07-31-2017 09:19 AM
No because bpdufilter turns off STP , its dangerous and should only be used connecting to non cisco vendor switches that don't support STP , be very careful using the filter command
what you need there is bpduguard , then if a bpdu is seen it will disable the port
07-31-2017 10:55 AM
its mean through enable bpdu filter command loop can created. right? thats why this is dangrous command.
07-31-2017 01:03 PM
yes exactly if you turn it off on a port and someone makes a mistake by looping that port back through a patch panel to a switch instead of an end device traffic at layer 2 will start to go around and around through these interfaces until the CPU keeps getting higher and higher , eventually most switches crash after a while network or become just un-useable unless maybe some form of storm control is in place to mitigate it , the filter command in my opinion is a last resort command connecting to switches that don't understand bpdu traffic but you want to make sure its single homed and not dual linked
07-31-2017 01:54 PM
Hello Mark
its good practice to run bpduguard with portfast globally per switch
Thats interesting, I tend it say interface mode would be more beneficial than global
If bpdus are then received this feature will still initiate even without PF as it isnt reliant on it being applied.
res
Paul
08-01-2017 02:39 AM
Hey Paul
I suppose one of the reasons we enable it globally on our access switches we had multiple discussions on it with TAC and our acc managers and they at the time said it was best to run it globally , im still on the fence about it but I think it should be enabled on every access switch whether global or interface as it does help but ive read so many different opinions on it and even at the time 2 TAC teams gave us different answers too :) but that's what we deicided on in the end and it has worked well for us
If bpdus are then received this feature will still initiate even without PF as it isnt reliant on it being applied
My understanding was guard only came into effect when the pf was in place but ive re-read the doc this morning and that's not correct , as you said it works even without pf which to me is good to as you would still want some form of protection in place as pf just speeds up convergence
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide