Hi,

I've been playing around with spanning-tree BPDUguard for a topology that has 3 switches connected on both GNS3 and PacketTracer, and both depicts the same:

Topology:
SW1---SW2---SW3

Config:
The switchport status for the SW2's interface connected to SW3 is:
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access


On SW2 I have enabled portfast globally, which (As for my knowledge) enables porfast on all access ports.
spanning-tree portfast default

In my mind, SW2's port connecting to SW3 is acting as an access port, hence portfast should be enabled.

On SW2 I have also enabled bpduguard globally, which applies to all portfast enabled interfaces:
spanning-tree portfast bpduguard default



Issue:
When I connect SW3, nothing happens.. no blocking ports due to BPDUguard or anything like that, however when I enable on SW2's interface the command spanning-tree bpduguard enable then all the sudden it works fine if I reconnect SW3... 

Why is SW2 not blocking any ports to errdisable state when both global commands for portfast and bpduguard are enabled? I thought that I did not have to configure those per-interface basis.

Is there something I am missing from the picture?