Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
3
Replies

Spanning Tree global commands

Go to solution
lcaruso
Level 6
Level 6

‎04-25-2013 07:19 PM - edited ‎03-07-2019 01:02 PM

Hi,

If portfast and loopguard have to be enabled on a per interface basis, what is the purpose of the global commands?

For example,

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
udld aggressive
interface GigabitEthernet1/0/1
switchport access vlan 70
switchport mode access
spanning-tree portfast
spanning-tree guard loop
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎04-25-2013 07:59 PM

Hi,

You can enable or disable STP PortFast BPDU guard on a global basis, which affects all ports that have PortFast configured.

If you dont want the BPdU guard to be enabled automatically on all the portfast interface then dont enable it globally just enter per interface basis.

More info:-At the global level, you enable BPDU guard on Port Fast-enabled interfaces by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down interfaces that are in a Port Fast-operational state. In a valid configuration, Port Fast-enabled interfaces do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled interface signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.

http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00801e85e3.html

HTH

Regards

Inayath

*Plz rate all usefull post.

View solution in original post

0 Helpful

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni
In response to lcaruso

‎04-25-2013 10:07 PM

Hello, Because enabling it globally could cause a loop, say you had three switches connected in a triangle kind of topology, if all of them went to forwarding straight away then this would cause a spanning-tree loop.

It's best to manually configure on access ports just to be on the safe side and avoid anything like this.

You can use 'spanning-tree portfast trunk' for trunk interfaces I believe, but still you must have your layer 2 topology solid foundation.

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎04-25-2013 07:59 PM

Hi,

You can enable or disable STP PortFast BPDU guard on a global basis, which affects all ports that have PortFast configured.

If you dont want the BPdU guard to be enabled automatically on all the portfast interface then dont enable it globally just enter per interface basis.

More info:-At the global level, you enable BPDU guard on Port Fast-enabled interfaces by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down interfaces that are in a Port Fast-operational state. In a valid configuration, Port Fast-enabled interfaces do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled interface signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.

http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00801e85e3.html

HTH

Regards

Inayath

*Plz rate all usefull post.

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to InayathUlla Sharieff

‎04-25-2013 09:31 PM

Why is it a best practice to not enable it globally but on a per interface basis?

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/best/practices/recommendations.html#wp1040726

0 Helpful

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni
In response to lcaruso

‎04-25-2013 10:07 PM

Hello, Because enabling it globally could cause a loop, say you had three switches connected in a triangle kind of topology, if all of them went to forwarding straight away then this would cause a spanning-tree loop.

It's best to manually configure on access ports just to be on the safe side and avoid anything like this.

You can use 'spanning-tree portfast trunk' for trunk interfaces I believe, but still you must have your layer 2 topology solid foundation.

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card