06-17-2007 10:06 AM - edited 03-05-2019 04:46 PM
We'll be retiring the last of our 3500XLs next month and replacing them with 3560 and 3570s. Once complete, I would like to migrate from PVST and RPVST across the board in order to speed up convergence times.
The implementation seems pretty straight forward, but one thing I'm confused about is Portfast and BPDUGuard. Can I still use these features with RPVST? The documention says that backbonefast and uplinkfast are obsolete in RPVST, but is iffy when it comes to portfast. We rely on them heavily for protection against and user dropping an unauthorized bridge in to the network, and without them I'd have to look in to doing port-security.
Solved! Go to Solution.
06-17-2007 10:27 AM
If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.
If configured in the global config, make sure to disable it on ports where you have authorized switches.
As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.
You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....
06-17-2007 10:27 AM
If you want to shutdown ports when a switch receives BPDU, then you need to implement bpduguard in the global config or per port basis.
If configured in the global config, make sure to disable it on ports where you have authorized switches.
As for portfast, I recommend enabling it on all ports along with bpdufilter. Bpdufilter will disable portfast when a bpdu is received on that port.
You can also throw port-security into the mix. Hubs and some low-end switches do not transmit bpdus....
06-18-2007 07:45 AM
Thanks for the post. So I'm taking it that Portfast & BPDUGuard will continue to be supported with RPVST? The document says the following:
The Cisco implementation maintains that the PortFast keyword be used for edge port configuration. This makes the transition to RSTP simpler
But I was just wondering if this is accurate.
We plan to continue to use BPDUGuard, since all switches are managed by IT and are only plugged in to pre-defined ports.
You make a good point about using Port-security for hubs and other devices that don't transmit BPDUs. Thanks!
06-18-2007 07:54 AM
Yes, RPVST will support Portfast and BPDUGuard.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swstpopt.htm#wp1031116
"Optional Spanning-Tree Configuration Guidelines
You can configure PortFast, BPDU guard, BPDU filtering, EtherChannel guard, root guard, or loop guard if your switch is running PVST+, rapid PVST+, or MSTP.
You can configure the UplinkFast or the BackboneFast feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. "
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide