Configuring switch:  PortFast Edge vs PortFast

Posted on 2016-10-13
Last Modified: 2016-10-14
I am replacing a Catalyst 3560X with stacked 2960X's, I am not a Cisco/Network guy - I am trying to replicate the existing config as much as possible.
On the existing switch a typical interface looks like this:

interface GigabitEthernet0/6
 switchport access vlan 6
 spanning-tree portfast edge
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 spanning-tree link-type point-to-point

Whenever I try and replicate this config my port looks like:
interface GigabitEthernet1/0/6
 switchport access vlan 6
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 spanning-tree link-type point-to-point

Could somebody please explain the difference between PortFast Edge and PortFast?
Question by:IDMA
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

Steven Roman earned 250 total points
ID: 41842367
Spanning tree pordtfast is now edge, which is for access ports(computers)

You may need to upgrade the code on the new switches.

Otherwise if it only has pordtfast you are fine.  Just do not use it on TRUNK ports.

Hope this helps


Author Comment

ID: 41842378
Thanks - I will try and update, I see this difference between a similarly configured 2960X stack:

"portfast edge": Version 15.2(4)E1, RELEASE SOFTWARE (fc2)

"portfast": Version 15.2(2)E3, RELEASE SOFTWARE (fc3)
LVL 14

Assisted Solution

SIM50 earned 250 total points
ID: 41842386
"Portfast" is the same as "portfast edge" - it bypasses listening and learning states going straight to forwarding.
Otherwise if it only has pordtfast you are fine.  Just do not use it on TRUNK ports.
For trunks you can use "portfast network" to enable bridge assurance.

You don't need to use these two commands below together. One is enough. The recommended command to use is bpduguard because if a loop will happen, the port will go into err-disabled state indicating there is a problem. While bpdufilter will just silently drop bpdu packets.
spanning-tree bpdufilter enable
spanning-tree bpduguard enable

Author Comment

ID: 41844191
Thank you - changing the IOS image did indeed change the syntax for portfast.

As for the other spanning-tree options, I came across this when looking for why our departed Network Engineer may have used the loaded config:
============I'd be happy to share link to other site if permitted===========================

BPDUs are still transmitted on Portfast enabled ports. This is a common misconception. The BPDU Guard default feature will work on all ports in Portfast operational state, including trunks. However, any Portfast enabled interface that receives BPDUs will lose its Portfast operational state.

If you have an interface configured like this:
interface x/x
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
BPDU guard will never kick in because BPDU filter is filtering both the outgoing and incoming BPDUs. This also means that the port can never lose its Portfast status which it would normally do if BPDUs were received inbound. If you remove the filter then BPDU guard will kick in and shutdown the port if a BPDU is received. This is done before the port can lose its Portfast operational state so basically the port will always operate in Porfast operational mode.

If you apply the commands globally instead:
spanning-tree portfast default
spanning-tree portfast bpdufilter default
spanning-tree portfast bpduguard default
The first command enables Portfast on all access ports.
When BPDU filter is applied globally, the difference is that it sends out 11 BPDUs before going silent. Because normally one BPDU is sent out every 2 seconds and the default MaxAge is 20 seconds that means that if there is a device at the other end that can process BPDUs, at least one BPDU would be received when the old BPDU (if there was one) has expired.

If a BPDU is received inbound when BPDU filter is applied globally then the port stops filtering and it will lose its Portfast status.
The BPDU guard default command will only apply to ports that are in a Portfast operational state.
If you combine these three commands together then what will happen is that when a BPDU is received the port loses its BPDU filter, BPDU guard can then kick in. The port will never lose its Portfast operational state because the port is shutdown before.
So you see when applied to the interface BPDU guard can never kick in but if you apply it globally it can.
If you run just Portfast globally and BPDU filter globally then if a BPDU comes in, the port loses the filter and loses the Portfast operational state and will operate as a normal port.

I will let the next person to fill our network seat make any changes needed to the config.

Thanks for your help!

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
No RSTP between switches 3 71
Need to separate small office by VLAN... 3 82
Receiving wifi on an underground station 22 127
Advice on router and switch 25 42
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question