Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 104
  • Last Modified:

Spanning-tree port fast

Is it a good idea to have this enabled on the interface between a L3 switch and router?
0
PeraHoman
Asked:
PeraHoman
6 Solutions
 
SIM50Commented:
Yes if a router is not configured for bridging. Just to be safe, put the following command:
spanning-tree portfast bpduguard enable
0
 
Jan SpringerCommented:
If it's a layer 3 interface, it should not have spanning tree configured anyway -- at all.
1
 
PeraHomanAuthor Commented:
True, I'm looking through old configs and saw it and wanted some opinions.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SIM50Commented:
If it's a layer 3 interface, it should not have spanning tree configured anyway -- at all.

STP is automatically disabled once you change port from L2 to L3 on a switch.
0
 
Michael OrtegaSales & Systems EngineerCommented:
You should never have STP portfast enabled on ports between switches or routers, whether they are operating as an L3 device (switches) or not. Portfast is intended for network endpoints, e.g. computers, servers, printers, etc.

MO
1
 
SIM50Commented:
You should never have STP portfast enabled on ports between switches or routers, whether they are operating as an L3 device (switches) or not. Portfast is intended for network endpoints, e.g. computers, servers, printers, etc.

I don't completely agree with this statement, specifically the bolded part.
According to Cisco best practices:

Configure STP PortFast only on ports that are connected to end host devices that terminate VLANs and from which the port should never receive STP BPDUs, such as:
–Workstations
–Servers
–Ports on routers that are not configured to support bridging

Link: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/best/practices/recommendations.html#wp1061957

Also, when you change a port on a switch from L2 to L3, portfast is enabled automatically and the only option you have is to disable it. You are welcome to test all of this btw.
0
 
Michael OrtegaSales & Systems EngineerCommented:
@SIM50

I misspoke. Bridging is the key. I guess I didn't quite think of it in the way of a true router where you're essentially L3 on each interface. I was thinking more in the application where you're connecting your environment to a firewall, where in many cases SMB sized firewalls have all the inside interfaces bound together as a bridge/switch.

Good point, and thanks for clearing that up. Where you employ bridge/switch to bridge/switch communication you want portfast off.

MO
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now