?
Solved

Cisco Switch Portfast

Posted on 2011-02-27
14
Medium Priority
?
988 Views
Last Modified: 2012-06-21
Cisco is saying that portfast can be used on the port that s connected to a single host. it also says that portfast will have effect only when it is used in a Non-Trunking port, which means access port.

So why would we worry about the usage of Portfast since it will have effect only on the access port.?
Why it is not enabled by default on access ports.?
why it can be configured on some access ports only, and not on the other access ports?
And if you enable portfast : spanning-tree portfast default.

it will tell you to explicitly disable it  on the ports leading to switches,etc....

I thought it previously said , it will have effect only when applied to non-trunkin ports, why should it ask about explicitly disabling it on ports leading to switches?


any expert to clear it up, please.
Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3
14 Comments
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 200 total points
ID: 34991363
HI,

Please refer this page:

http://www.freeccnaworkbook.com/labs/section-4-configuring-cisco-catalyst-series-switches/lab-4-16-configuring-switchport-spanning-tree-portfast/

Portfast need for PCs which gets IP address from dhcp server, all switches blocking 30 sec the traffic, so the PC-s not get address, if it disabled!
But if you enabled portfast and loop occured the switch CPU goes to overload....

Best regards,
Istvan
0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 600 total points
ID: 34991365
Well, it can be configured on all access ports.  Portfast allows the port to skip the Spanning-Tree states and go right to forwarding.  On ports that you use portfast, you want to make sure that you are using bpdugaurd to prevent another switch from being used on that port.  So, the question as to why portfast isn't enabled by default and bpduguard is disabled by default is kinda a means for non-technically savvy people to use cisco switches in a L2 manner (while being able to connect other switches) without shooting themselves in the foot to bad while giving them plugnplay capabilities.
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 400 total points
ID: 34991376
To understand this you need to have some background on trunking.  Trunking is used to transport more than one vlan.  If you connect two switches together and place those two ports into vlan 5 then traffic for vlan 5 will flow over that link.

Now if you add a switch into your network and connect the switches together with the ports that have portfast enabled, Spanning tree will not have enough time to elect root paths and a loop will occur, as ikalmar mentioned. This will slow down your network tremendously and if not corrected will bring down your network.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:jskfan
ID: 34991401

-- The one thing that I don't understand is when configuring a port as an access port, the STP doesn't or shouldn't have any effect.
the Loops occur only when switches are connected to each other, and when a port is configured as an access port, there should be no worry about loops.

So, the access ports should have the capabilities of portfast enabled by default. Why would an access port go through learning.listening,forwarding at the first place?


0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 600 total points
ID: 34991466
>The one thing that I don't understand is when configuring a port as an access port, the STP doesn't or shouldn't have any effect.

By default, all ports start out as access ports. Since it's possible to create a loop with just access ports, STP goes through it's normal procedure to discover loops.

>So, the access ports should have the capabilities of portfast enabled by default.

I would agree that if a port is manually configured as an access port that it would make sense for portfast to be automatically enabled.

>Why would an access port go through learning.listening,forwarding at the first place?

Because by default, portfast is disabled. :-)

I think what's happening here is that you're overthinking the situation. Normally, an access port will have portfast on. But because any port could be an access port and any port could be part of a loop, spanning-tree needs to discover the loop before any traffic can pass.
0
 

Author Comment

by:jskfan
ID: 34992968
If I understand your statement is an access port can be part of a loop? but if you enable portfast it will not because it will not receive BPDUs.

if so I can enable all access ports where the PCs are plugged as Portfast, this way at least the PC will boot faster.

 





0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 600 total points
ID: 34993170
>If I understand your statement is an access port can be part of a loop?

Correct.

>but if you enable portfast it will not because it will not receive BPDUs.

No. A (physical) loop can exist regardless of whether spanning-tree is running or not.  The purpose of spanning-tree is to detect the presence of loops and disable ports to eliminate it.

>if so I can enable all access ports where the PCs are plugged as Portfast, this way at least the PC will boot faster.

Portfast won't make a PC boot faster. It just makes the port on the switch move to a forwarding state faster. Now for a PC that gets it's IP address from a DHCP server, this will allow obtaining an address faster which could be interpreted as allowing the PC to "boot faster".
0
 
LVL 7

Assisted Solution

by:diepes
diepes earned 200 total points
ID: 34996162
I agree with SeeMeShakinMyHead:  above.

Default prevents you from shooting yourself in the foot.

If you connect 2 ports to a external non cisco switch it would be a loop, and you need the spanning tree.

The solution for you is.
1. Portfast on all access ports of on by default.
2. BPDU guard on all access ports, this will disable the port if it ever sees a spanningtree bpdu.
0
 

Author Comment

by:jskfan
ID: 35080876
in most of environment , I have not seen them using PORTFAST at all, except for very few cases where one PC or two are acting very weird, and couldn't pick an IP from DHCP.

Other than that, PORTFAST is a forgotten command, in most of the environment
0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 600 total points
ID: 35081716
I do see where a lot of people forget to use the spanning-tree portfast command on access ports.  Before, it didn't matter back when computers were much slower.  Now that computers boot faster, there is a need to have the port brought from blocking to forwarding much faster, but at the same time, still look for BPDU's to prevent unauthorized switches from entering the network.  Example:  UserA brings in a 4 port switch and plugs it into his cat6 port under his desk.  He could do this for several reasons (needs more ports, etc...), but regardless of the situation, he's a user so he does this.  Two possible outcomes:  This switch becomes a root bridge or he loops back one of cables my mistake and possibly brings down your VLAN that the access port on the switch is setup for.  Either way, you don't want this to happen.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 600 total points
ID: 35082137
>Other than that, PORTFAST is a forgotten command, in most of the environment

I would disagree with that. I see portfast used all the time in many different networks.
0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 600 total points
ID: 35083098
Agreed donjohnston, it is widely used.  I do, however, see where people leave it off and wonder why logon scripts are running on desktops.  Should just be a default on newer Cisco IOS's; but it is what it is...
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 400 total points
ID: 35083930
cisco is just having a hard time letting go of their original defaults... old habits die hard
0
 

Author Closing Comment

by:jskfan
ID: 35106421
thanks guys
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question