Solved

Configuring switch:  PortFast Edge vs PortFast

Posted on 2016-10-13
4
163 Views
Last Modified: 2016-10-14
I am replacing a Catalyst 3560X with stacked 2960X's, I am not a Cisco/Network guy - I am trying to replicate the existing config as much as possible.
On the existing switch a typical interface looks like this:

interface GigabitEthernet0/6
 switchport access vlan 6
 spanning-tree portfast edge
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 spanning-tree link-type point-to-point

Whenever I try and replicate this config my port looks like:
interface GigabitEthernet1/0/6
 switchport access vlan 6
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 spanning-tree link-type point-to-point

Could somebody please explain the difference between PortFast Edge and PortFast?
0
Comment
Question by:IDMA
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
Steven Roman earned 250 total points
ID: 41842367
Spanning tree pordtfast is now edge, which is for access ports(computers)

You may need to upgrade the code on the new switches.

Otherwise if it only has pordtfast you are fine.  Just do not use it on TRUNK ports.

Hope this helps

Thanks
0
 

Author Comment

by:IDMA
ID: 41842378
Thanks - I will try and update, I see this difference between a similarly configured 2960X stack:

"portfast edge": Version 15.2(4)E1, RELEASE SOFTWARE (fc2)

"portfast": Version 15.2(2)E3, RELEASE SOFTWARE (fc3)
0
 
LVL 13

Assisted Solution

by:SIM50
SIM50 earned 250 total points
ID: 41842386
"Portfast" is the same as "portfast edge" - it bypasses listening and learning states going straight to forwarding.
Otherwise if it only has pordtfast you are fine.  Just do not use it on TRUNK ports.
For trunks you can use "portfast network" to enable bridge assurance.

You don't need to use these two commands below together. One is enough. The recommended command to use is bpduguard because if a loop will happen, the port will go into err-disabled state indicating there is a problem. While bpdufilter will just silently drop bpdu packets.
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
0
 

Author Comment

by:IDMA
ID: 41844191
Thank you - changing the IOS image did indeed change the syntax for portfast.

As for the other spanning-tree options, I came across this when looking for why our departed Network Engineer may have used the loaded config:
============I'd be happy to share link to other site if permitted===========================

BPDUs are still transmitted on Portfast enabled ports. This is a common misconception. The BPDU Guard default feature will work on all ports in Portfast operational state, including trunks. However, any Portfast enabled interface that receives BPDUs will lose its Portfast operational state.

If you have an interface configured like this:
interface x/x
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
BPDU guard will never kick in because BPDU filter is filtering both the outgoing and incoming BPDUs. This also means that the port can never lose its Portfast status which it would normally do if BPDUs were received inbound. If you remove the filter then BPDU guard will kick in and shutdown the port if a BPDU is received. This is done before the port can lose its Portfast operational state so basically the port will always operate in Porfast operational mode.

If you apply the commands globally instead:
spanning-tree portfast default
spanning-tree portfast bpdufilter default
spanning-tree portfast bpduguard default
The first command enables Portfast on all access ports.
When BPDU filter is applied globally, the difference is that it sends out 11 BPDUs before going silent. Because normally one BPDU is sent out every 2 seconds and the default MaxAge is 20 seconds that means that if there is a device at the other end that can process BPDUs, at least one BPDU would be received when the old BPDU (if there was one) has expired.

If a BPDU is received inbound when BPDU filter is applied globally then the port stops filtering and it will lose its Portfast status.
The BPDU guard default command will only apply to ports that are in a Portfast operational state.
If you combine these three commands together then what will happen is that when a BPDU is received the port loses its BPDU filter, BPDU guard can then kick in. The port will never lose its Portfast operational state because the port is shutdown before.
So you see when applied to the interface BPDU guard can never kick in but if you apply it globally it can.
If you run just Portfast globally and BPDU filter globally then if a BPDU comes in, the port loses the filter and loses the Portfast operational state and will operate as a normal port.
===================================================================

I will let the next person to fill our network seat make any changes needed to the config.

Thanks for your help!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now