11-05-2008 07:06 PM - edited 03-06-2019 02:20 AM
Is this true?
If you do not have BPDu Guard configured on a PortFast-enabled port that is receiving configuration BPDUs. the configuration
BPOUs are processed by the switch and eventually the port might be shut down to prevent a loop However, because during this
time the switch is forwarding traffic (because PortFast is enabled), a brdging loop might be formed that could bring dowm the
network before the port is blocked.
InformIT: CCNP Practical Studies: Switching > Scenario 4-5: Configuring PortFast BPDU Guard
http://www.informit.com/library/content.aspx?b=CCNP_Studies_Switching&seqNum=37
Screen clipping taken: 11/4/2008, 6:39 PM
11-05-2008 07:56 PM
That is true. Having spanning tree portfast enabled puts the port directly in the forwarding state. Having the port configured with portfast prevents the switch from participating in spanning tree which could prevent a layer two loop if enabled. BPDU guard is designed to shut a port down if a BPDU is received on the port. Portfast is designed to have an end user such as a PC, IP phone...etc not a network device. Bpduguard will put the port immediately into errdisable when it receives a BPDU.
HTH,
Mark
11-05-2008 08:25 PM
My understanding is that when you enable PortFast, BPDU Guard is also enabled by default. If this is true, then the above cannot be true...unless you specifically executed a no bpdu guard on the port.
I am looking to clarify my understanding. Additional comments would be appreciated.
11-05-2008 11:37 PM
BPDU guard is not on by default on a portfast port, unless bpduguard has been enabled globally on the switch.
These are two ways to enable BPDU guard:
1. Globally for all portfast enabled ports switch(config)#spanning-tree portfast bpduguard default
2. On the individual ports
switch(config-if)#spanning-tree bpduguard enable
So if you have it turned on globally, all ports that are portfast will have bpduguard aswell. You can use the interface configuration command to override the global setting if you wish to disable bpduguard on individual portfast switchports.
11-06-2008 03:55 PM
This is text out of the Cisco Press BCMSN book:
"By default, BPDU guard is disabled on all switch ports. You can configure BPDU guard as a global default. affecting all switch ports with a single command. All ports that have PortFast enabled also have BPDU guard automatically enabled."
I am not disputing that is not on by default.
Even if I do not have bpdu guard enabled globally, this last statement tells me that when i issue the portfast command, bpdu guard is automatically enabled on that specific port.
My two sources do not align, so I am trying to figure out which one is correct. My understanding is that I can have bpdu guard on a port without putting portfast on, but I can't have portfast on a port without bpdu guard, if it is automatically enabled on the port by issuing the portfast command.
Further clarification appreciated!
01-05-2009 06:50 AM
I think what you are seeing is mediocre technical writing. I'm almost certain the last sentence should have read "Once global BPDU guard is enabled, then all ports that have PortFast enabled also have BPDU guard automatically enabled".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide