03-04-2008 05:45 AM - edited 03-05-2019 09:32 PM
Can't see any documentation that says BPDUguard is built in to Portfast, but also don't find Cisco documentation showing BPDUguard always being turned on along with Portfast. (3750 documentation states that per-interface BPDUguard commad can be used to turn on BPDUguard without Portfast, for instance).
Using web-based ocnfigs turn both pon, so I assume both need to be enabled separately, but it's just fuzzy enough in documentaton that I can't tell for sure if Portfast has built-in BPDUguard support.
Any gurus out there?
Solved! Go to Solution.
03-04-2008 06:14 AM
Hi Joseph,
Both needs to be configured separately, lets discuss them briefly:
When PortFast is enabled (alone on an interface without BPDUGuard) the interface is running STP but it won't transit through listening and learning while coming up and it'll go directly to forwarding - and this would be a source of bridging loops if connected to another switch via this port, STP will eventually solve this loop but not immediately as the port has skipped the listen and learn when coming-up.
As for BPDU Guard, you must consider that BPDU Guard operation depends upon where it is configured. When enabled globally via "spanning-tree portfast bpduguard default" it affects only the ports configured with PortFast, simply if the interface receives a BPDU it err-disable the interface. While if configured on the interface level via " spanning-tree bpduguard enable" it doesn't depend on PortFast being enabled, it can be enabled without PortFast on the interface.
BR,
Mohammed Mahmoud.
03-04-2008 05:56 AM
Hi,
The Portfast and the BPDU guard must be configured separately.
The commands are:
- spanning-tree portfast default (enable portfast on all non-trunk interfaces).
- spanning-tree portfast bpduguard deafult (enable BPDU guard on all portfast enabled interfaces).
I hope this helps.
Best regards.
Massimiliano.
03-04-2008 06:14 AM
Hi Joseph,
Both needs to be configured separately, lets discuss them briefly:
When PortFast is enabled (alone on an interface without BPDUGuard) the interface is running STP but it won't transit through listening and learning while coming up and it'll go directly to forwarding - and this would be a source of bridging loops if connected to another switch via this port, STP will eventually solve this loop but not immediately as the port has skipped the listen and learn when coming-up.
As for BPDU Guard, you must consider that BPDU Guard operation depends upon where it is configured. When enabled globally via "spanning-tree portfast bpduguard default" it affects only the ports configured with PortFast, simply if the interface receives a BPDU it err-disable the interface. While if configured on the interface level via " spanning-tree bpduguard enable" it doesn't depend on PortFast being enabled, it can be enabled without PortFast on the interface.
BR,
Mohammed Mahmoud.
03-04-2008 06:45 AM
Thanks very much. Even Cisco's own BCMSN materials tell bpduguard is needed with portfast, but then leave it off on the examples. I saw the same issues on the config guides. Because automated setups add both, I was pretty sure they needed separate configuration, but your explanation clarifies the issue.
Joe
03-04-2008 06:53 AM
Hi Joe,
You are very welcomed, you can always comeback if you have any confusion from books, we are all here to share our experience, and i agree with you about the fuzzy covering of these features, my advice to you is the Cisco documentation plus labing every confusing topic and as i've said you can always come here with your query.
BR,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide