BPDU Guard and Portfast

Senbonzakura · ‎09-21-2022

BPDU Guard and Portfast.

When should you configure both of these settings?
I know you're not supposed to do it on a trunk port that feeds another switch but what about access ports, firewalls, servers, and access points?

Correctly if I'm wrong, but because STP is enabled you don't want BPDU guard on the access ports but want port fast to help with faster uplink?

Should BPDU guard and Portfast be configured on a trunk feeding a firewall?
What is good practice for every environment?

balaji.bandi · ‎09-21-2022

portfast enable to eliminat negotiation steps (not speed) : this will be used where the end device connected.

port-fast not suggested any trunk port or other switches connected ports.

some of the good explanation of each scenarios from cisco point of view to go deep dive.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎09-21-2022

Should BPDU guard and Portfast be configured on a trunk feeding a firewall?
that exactly why cisco add portfast and BPDUguard to trunk, to fast connect SW to L3SW/R/FW and protect SW with BPDUguard from Loop.

https://cciepursuit.wordpress.com/2009/01/20/enabling-portfast-on-trunks/

check this link, he run portfast in trunk port connect to Router.

David Ruess · ‎09-21-2022

Hello,

Portfast allows a port to bypass the spanning tree states and move it directly to forwarding. However if a portfast enabled state received a BPDU on its port it will remove portfast and transition through the STP states accordingly.

BPDUGuard - Guards against BPDUs - so if it does receive a BPDU on the port set for BPDUGuard then it err-disables the port.

Portfast and BPDUGuard work together to help the port work more efficiently and not cause loops.

Hope that helps

-David