Solved

Cisco Switch Portfast

Posted on 2011-02-27
14
978 Views
Last Modified: 2012-06-21
Cisco is saying that portfast can be used on the port that s connected to a single host. it also says that portfast will have effect only when it is used in a Non-Trunking port, which means access port.

So why would we worry about the usage of Portfast since it will have effect only on the access port.?
Why it is not enabled by default on access ports.?
why it can be configured on some access ports only, and not on the other access ports?
And if you enable portfast : spanning-tree portfast default.

it will tell you to explicitly disable it  on the ports leading to switches,etc....

I thought it previously said , it will have effect only when applied to non-trunkin ports, why should it ask about explicitly disabling it on ports leading to switches?


any expert to clear it up, please.
Thanks
0
Comment
Question by:jskfan
  • 4
  • 3
  • 3
  • +3
14 Comments
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 50 total points
ID: 34991363
HI,

Please refer this page:

http://www.freeccnaworkbook.com/labs/section-4-configuring-cisco-catalyst-series-switches/lab-4-16-configuring-switchport-spanning-tree-portfast/

Portfast need for PCs which gets IP address from dhcp server, all switches blocking 30 sec the traffic, so the PC-s not get address, if it disabled!
But if you enabled portfast and loop occured the switch CPU goes to overload....

Best regards,
Istvan
0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 150 total points
ID: 34991365
Well, it can be configured on all access ports.  Portfast allows the port to skip the Spanning-Tree states and go right to forwarding.  On ports that you use portfast, you want to make sure that you are using bpdugaurd to prevent another switch from being used on that port.  So, the question as to why portfast isn't enabled by default and bpduguard is disabled by default is kinda a means for non-technically savvy people to use cisco switches in a L2 manner (while being able to connect other switches) without shooting themselves in the foot to bad while giving them plugnplay capabilities.
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 100 total points
ID: 34991376
To understand this you need to have some background on trunking.  Trunking is used to transport more than one vlan.  If you connect two switches together and place those two ports into vlan 5 then traffic for vlan 5 will flow over that link.

Now if you add a switch into your network and connect the switches together with the ports that have portfast enabled, Spanning tree will not have enough time to elect root paths and a loop will occur, as ikalmar mentioned. This will slow down your network tremendously and if not corrected will bring down your network.
0
 

Author Comment

by:jskfan
ID: 34991401

-- The one thing that I don't understand is when configuring a port as an access port, the STP doesn't or shouldn't have any effect.
the Loops occur only when switches are connected to each other, and when a port is configured as an access port, there should be no worry about loops.

So, the access ports should have the capabilities of portfast enabled by default. Why would an access port go through learning.listening,forwarding at the first place?


0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
ID: 34991466
>The one thing that I don't understand is when configuring a port as an access port, the STP doesn't or shouldn't have any effect.

By default, all ports start out as access ports. Since it's possible to create a loop with just access ports, STP goes through it's normal procedure to discover loops.

>So, the access ports should have the capabilities of portfast enabled by default.

I would agree that if a port is manually configured as an access port that it would make sense for portfast to be automatically enabled.

>Why would an access port go through learning.listening,forwarding at the first place?

Because by default, portfast is disabled. :-)

I think what's happening here is that you're overthinking the situation. Normally, an access port will have portfast on. But because any port could be an access port and any port could be part of a loop, spanning-tree needs to discover the loop before any traffic can pass.
0
 

Author Comment

by:jskfan
ID: 34992968
If I understand your statement is an access port can be part of a loop? but if you enable portfast it will not because it will not receive BPDUs.

if so I can enable all access ports where the PCs are plugged as Portfast, this way at least the PC will boot faster.

 





0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
ID: 34993170
>If I understand your statement is an access port can be part of a loop?

Correct.

>but if you enable portfast it will not because it will not receive BPDUs.

No. A (physical) loop can exist regardless of whether spanning-tree is running or not.  The purpose of spanning-tree is to detect the presence of loops and disable ports to eliminate it.

>if so I can enable all access ports where the PCs are plugged as Portfast, this way at least the PC will boot faster.

Portfast won't make a PC boot faster. It just makes the port on the switch move to a forwarding state faster. Now for a PC that gets it's IP address from a DHCP server, this will allow obtaining an address faster which could be interpreted as allowing the PC to "boot faster".
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 7

Assisted Solution

by:diepes
diepes earned 50 total points
ID: 34996162
I agree with SeeMeShakinMyHead:  above.

Default prevents you from shooting yourself in the foot.

If you connect 2 ports to a external non cisco switch it would be a loop, and you need the spanning tree.

The solution for you is.
1. Portfast on all access ports of on by default.
2. BPDU guard on all access ports, this will disable the port if it ever sees a spanningtree bpdu.
0
 

Author Comment

by:jskfan
ID: 35080876
in most of environment , I have not seen them using PORTFAST at all, except for very few cases where one PC or two are acting very weird, and couldn't pick an IP from DHCP.

Other than that, PORTFAST is a forgotten command, in most of the environment
0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 150 total points
ID: 35081716
I do see where a lot of people forget to use the spanning-tree portfast command on access ports.  Before, it didn't matter back when computers were much slower.  Now that computers boot faster, there is a need to have the port brought from blocking to forwarding much faster, but at the same time, still look for BPDU's to prevent unauthorized switches from entering the network.  Example:  UserA brings in a 4 port switch and plugs it into his cat6 port under his desk.  He could do this for several reasons (needs more ports, etc...), but regardless of the situation, he's a user so he does this.  Two possible outcomes:  This switch becomes a root bridge or he loops back one of cables my mistake and possibly brings down your VLAN that the access port on the switch is setup for.  Either way, you don't want this to happen.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
ID: 35082137
>Other than that, PORTFAST is a forgotten command, in most of the environment

I would disagree with that. I see portfast used all the time in many different networks.
0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 150 total points
ID: 35083098
Agreed donjohnston, it is widely used.  I do, however, see where people leave it off and wonder why logon scripts are running on desktops.  Should just be a default on newer Cisco IOS's; but it is what it is...
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 100 total points
ID: 35083930
cisco is just having a hard time letting go of their original defaults... old habits die hard
0
 

Author Closing Comment

by:jskfan
ID: 35106421
thanks guys
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Setup ADSL modem with Router 7 48
NSD FAIL 2 25
Cisco VSS or VCP on GNS3 or IOU 3 41
How to setup PLEX PLUS on 2 computers 2 15
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now