Submit Your Site For Free!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

SysAdminNews
SecurityProNews
ITmanagement










Configuring PortFast And BPDU Guard

By Chris Bryant
Expert Author
Article Date: 2006-04-13

In your CCNA studies, you learned about PortFast and the trouble it can cause if configured on the wrong port!

Suitable only for switch ports connected directly to a single host, PortFast allows a port running STP to go directly from blocking to forwarding mode.

A Cisco router will give you a warning when you configure PortFast:

SW1(config)#int fast 0/5

SW1(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a
single host. Connecting hubs, concentrators, switches, bridges, etc...
to this interface when portfast is enabled, can cause temporary
bridging loops. Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

SW1(config-if)#

Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.

Now, you´d think that would be enough of a warning, right? But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn´t even in your network!

BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that´s running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.

BPDU Guard is off on all ports by default, and is enabled as shown here:

SW1(config)#int fast 0/5

SW1(config-if)#spanning-tree bpduguard enable

It´s a good idea to enable BPDU Guard on any port you´re running PortFast on. There´s no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!

Add to | Digg | Yahoo! My Web

Technorati: ,
About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (www.thebryantadvantage.com), home of FREE CCNA and CCNP tutorials and daily exam questions, as well as The Ultimate CCNA and CCNP Study Packages.

For a FREE copy of his latest e-books, "How To Pass The CCNA" or "How To Pass The CCNP", and for free daily exam question, visit the website and download your copies!

Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact

SysAdminNews is an iEntry, Inc. ® publication © 1998-2008 All Rights Reserved Privacy Policy and Legal